Hello, I would like to keep emails detected as virus by ClamAV on the filesystem, in order to be able to retrieve false-positive when users asks for them. After a few days, a simple cronjob would remove them.
So I though that "VirusEvent" could be an appropriate way to do it. (Is there any better way?) I set the "VirusEvent" in the configuration file to : VirusEvent /bin/run-parts --lsbsysinit /etc/clamav/virusevent.d/ While I am only debugging for the moment, the script `/etc/clamav/ virusevent.d/test.sh` (chmod'ed +s) contains this: #!/bin/bash echo "$(date) ClamAV found $CLAM_VIRUSEVENT_VIRUSNAME into $CLAM_VIRUSEVENT_FILENAME" >> /tmp/clamav-found_virus.log I also tried directly with this: VirusEvent echo "%v" >> /tmp/clamav-found_virus.log But all my tests fails. The /tmp.clamav-found_virus.log doesn't get anything, while the logs only tells: ``` /var/spool/exim4/scan/1cO7Nt-0005Y4-A5/1cO7Nt-0005Y4-A5.eml: Heuristics.Phishing.Email.SSL-Spoof(6ed8d5db7b0e9651be9a6d42befc69cb:46580) FOUND ERROR: VirusEvent: fork failed. ``` Do you have any idea why it doesn't work? Best regards, -- Mathieu _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
