On Sun, Nov 01, 2009 at 04:39:03PM -0500, Nathan Gibbs wrote: > AAAHHH! > > Every minute run clamd.monitor against our servers. > > Later that day... > A few hundred emails to our noc with the subject line > VIRUS ALERT: Eicar-Test-Signature ... > If' I'm going to use this code, emailing the noc every minute per server > running clamd won't work.
Indeed. It all depends on what you want to do - in my opinion, an incoming virus is hardly worth reporting if it's been identified and the email is being quarantined. I'd rather get email about the viruses that haven't been ID'd and that are about to start running on the network when someone clicks on them :-(. Since VirusEvent accepts a command line, you can replace the command you have there now with a script that filters out the Eicar-Test-Signature before sending any mail. You could also not bother with VirusEvent and look at the syslogs at the end of the day to see what clamd's been up to. _______________________________________________ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon
