Re: [Assp-test] Very minor request: ClamAV more verbose logging?
>ClamAV Temporary Off Great. Is that prefixed with WARNING or ERROR? My error notify regex looks for warning / error. Can certainly modify if necessary. On Tue, Oct 4, 2016 at 10:18 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > If a call to clamav failes and the content was not scanned by any > instance, assp will log if scanlog is ON > > ClamAV Temporary Off :. > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 04.10.2016 15:59 > Betreff: Re: [Assp-test] Very minor request: ClamAV more verbose > logging? > > > > I was thinking more about this morning. If ClamAV does go down, will > ClamAV standard logging from ASSP warning on this? I definitely don't > want > warnings when ClamAV is down for a second to reload, but if it stays down, > I'd hate to be unaware. > > If it doesn't already do this, might ASSP be able to keep track of how > long > ClamAV hasn't responded and after a threshold of say 2 minutes, then warn? > Just kind of thinking out loud here. > > On Mon, Oct 3, 2016 at 10:13 AM, K Post <nntp.p...@gmail.com> wrote: > > > Okay, I'm back to standard logging on ClamAV then > > Thanks > > > > On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt > <thomas.ecka...@thockar.com > > > wrote: > > > >> >1) Is verbose logging slowing things > >> > >> The MainThread goes slower than more is logged > >> > >> >1) and causing the daemon to be unreachable > >> > >> No. > >> > >> >1) is this happening with standard logging too and just not > >> >logged? > >> > >> Yes. > >> > >> >2) Is this normal? If not, what should I do to fix this? > >> > >> This is normal. Every time the clamd reloads signatures or does the > self > >> check (default 600 seconds) it becomes unavailable. > >> If you've configured to use more than one clamd, the next will be used. > >> If non of the configured clamd is available, you'll get the warning: > >> ClamAV Temporary Off : > >> > >> Thomas > >> > >> > >> > >> > >> Von:K Post <nntp.p...@gmail.com> > >> An: ASSP development mailing list <assp-test@lists.sourceforge.net> > >> Datum: 02.10.2016 20:44 > >> Betreff:Re: [Assp-test] Very minor request: ClamAV more verbose > >> logging? > >> > >> > >> > >> Thanks for the reply. > >> > >> Doesn't ASSP know what it's sending to the scanner though? And it's > ASSP > >> that writes to maillog, not ClamAV right? > >> > >> Separately, I turned ClamAV logging to verbose just to see the logs, > and > >> with this setting as such, I'm getting: > >> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down > >> a couple of times an hour. > >> > >> I see no issues with ClamAV, but always get worried about warnings. > With > >> ClamAV logging set to standard, I don't get these warnings. So the > >> questions for me become: > >> 1) Is verbose logging slowing things and causing the daemon to be > >> unreachable or is this happening with standard logging too and just not > >> logged? > >> 2) Is this normal? If not, what should I do to fix this? > >> > >> > >> > >> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt > >> <thomas.ecka...@thockar.com> > >> wrote: > >> > >> > The scanning engine does not know where the content comes from > >> > (attachment, decompressed attachment, body check, text parts, mail > >> > analyzer, archive post processor ... . ) > >> > > >> > So - no chance to have this information there. > >> > > >> > Thomas > >> > > >> > > >> > > >> > Von:K Post <nntp.p...@gmail.com> > >> > An: ASSP development mailing list > <assp-test@lists.sourceforge.net> > >> > Datum: 01.10.2016 22:02 > >> > Betreff:[Assp-test] Very minor request: ClamAV more verbose > >> > logging? > >> > > >> > > >> > > >> > With verbose logging for clamav on, we get lines like: > >> > ClamAV: scanned 1146936 bytes in whitelisted message - OK > >> > > >>
Re: [Assp-test] Very minor request: ClamAV more verbose logging?
If a call to clamav failes and the content was not scanned by any instance, assp will log if scanlog is ON ClamAV Temporary Off :. Thomas Von:K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 04.10.2016 15:59 Betreff: Re: [Assp-test] Very minor request: ClamAV more verbose logging? I was thinking more about this morning. If ClamAV does go down, will ClamAV standard logging from ASSP warning on this? I definitely don't want warnings when ClamAV is down for a second to reload, but if it stays down, I'd hate to be unaware. If it doesn't already do this, might ASSP be able to keep track of how long ClamAV hasn't responded and after a threshold of say 2 minutes, then warn? Just kind of thinking out loud here. On Mon, Oct 3, 2016 at 10:13 AM, K Post <nntp.p...@gmail.com> wrote: > Okay, I'm back to standard logging on ClamAV then > Thanks > > On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt <thomas.ecka...@thockar.com > > wrote: > >> >1) Is verbose logging slowing things >> >> The MainThread goes slower than more is logged >> >> >1) and causing the daemon to be unreachable >> >> No. >> >> >1) is this happening with standard logging too and just not >> >logged? >> >> Yes. >> >> >2) Is this normal? If not, what should I do to fix this? >> >> This is normal. Every time the clamd reloads signatures or does the self >> check (default 600 seconds) it becomes unavailable. >> If you've configured to use more than one clamd, the next will be used. >> If non of the configured clamd is available, you'll get the warning: >> ClamAV Temporary Off : >> >> Thomas >> >> >> >> >> Von: K Post <nntp.p...@gmail.com> >> An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> Datum: 02.10.2016 20:44 >> Betreff:Re: [Assp-test] Very minor request: ClamAV more verbose >> logging? >> >> >> >> Thanks for the reply. >> >> Doesn't ASSP know what it's sending to the scanner though? And it's ASSP >> that writes to maillog, not ClamAV right? >> >> Separately, I turned ClamAV logging to verbose just to see the logs, and >> with this setting as such, I'm getting: >> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down >> a couple of times an hour. >> >> I see no issues with ClamAV, but always get worried about warnings. With >> ClamAV logging set to standard, I don't get these warnings. So the >> questions for me become: >> 1) Is verbose logging slowing things and causing the daemon to be >> unreachable or is this happening with standard logging too and just not >> logged? >> 2) Is this normal? If not, what should I do to fix this? >> >> >> >> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt >> <thomas.ecka...@thockar.com> >> wrote: >> >> > The scanning engine does not know where the content comes from >> > (attachment, decompressed attachment, body check, text parts, mail >> > analyzer, archive post processor ... . ) >> > >> > So - no chance to have this information there. >> > >> > Thomas >> > >> > >> > >> > Von:K Post <nntp.p...@gmail.com> >> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> > Datum: 01.10.2016 22:02 >> > Betreff:[Assp-test] Very minor request: ClamAV more verbose >> > logging? >> > >> > >> > >> > With verbose logging for clamav on, we get lines like: >> > ClamAV: scanned 1146936 bytes in whitelisted message - OK >> > >> > Would it be possible to add the name of the file being scanned? >> > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK >> > >> > -- >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> > ___ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> > >> > >> > >> > DISCLAIMER: >> > *** >> > This email and any files transmitted with it may be confidential, >> legally >> > privileged and protec
Re: [Assp-test] Very minor request: ClamAV more verbose logging?
I was thinking more about this morning. If ClamAV does go down, will ClamAV standard logging from ASSP warning on this? I definitely don't want warnings when ClamAV is down for a second to reload, but if it stays down, I'd hate to be unaware. If it doesn't already do this, might ASSP be able to keep track of how long ClamAV hasn't responded and after a threshold of say 2 minutes, then warn? Just kind of thinking out loud here. On Mon, Oct 3, 2016 at 10:13 AM, K Post <nntp.p...@gmail.com> wrote: > Okay, I'm back to standard logging on ClamAV then > Thanks > > On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt <thomas.ecka...@thockar.com > > wrote: > >> >1) Is verbose logging slowing things >> >> The MainThread goes slower than more is logged >> >> >1) and causing the daemon to be unreachable >> >> No. >> >> >1) is this happening with standard logging too and just not >> >logged? >> >> Yes. >> >> >2) Is this normal? If not, what should I do to fix this? >> >> This is normal. Every time the clamd reloads signatures or does the self >> check (default 600 seconds) it becomes unavailable. >> If you've configured to use more than one clamd, the next will be used. >> If non of the configured clamd is available, you'll get the warning: >> ClamAV Temporary Off : >> >> Thomas >> >> >> >> >> Von: K Post <nntp.p...@gmail.com> >> An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> Datum: 02.10.2016 20:44 >> Betreff:Re: [Assp-test] Very minor request: ClamAV more verbose >> logging? >> >> >> >> Thanks for the reply. >> >> Doesn't ASSP know what it's sending to the scanner though? And it's ASSP >> that writes to maillog, not ClamAV right? >> >> Separately, I turned ClamAV logging to verbose just to see the logs, and >> with this setting as such, I'm getting: >> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down >> a couple of times an hour. >> >> I see no issues with ClamAV, but always get worried about warnings. With >> ClamAV logging set to standard, I don't get these warnings. So the >> questions for me become: >> 1) Is verbose logging slowing things and causing the daemon to be >> unreachable or is this happening with standard logging too and just not >> logged? >> 2) Is this normal? If not, what should I do to fix this? >> >> >> >> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt >> <thomas.ecka...@thockar.com> >> wrote: >> >> > The scanning engine does not know where the content comes from >> > (attachment, decompressed attachment, body check, text parts, mail >> > analyzer, archive post processor ... . ) >> > >> > So - no chance to have this information there. >> > >> > Thomas >> > >> > >> > >> > Von:K Post <nntp.p...@gmail.com> >> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> > Datum: 01.10.2016 22:02 >> > Betreff:[Assp-test] Very minor request: ClamAV more verbose >> > logging? >> > >> > >> > >> > With verbose logging for clamav on, we get lines like: >> > ClamAV: scanned 1146936 bytes in whitelisted message - OK >> > >> > Would it be possible to add the name of the file being scanned? >> > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK >> > >> > -- >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> > ___ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> > >> > >> > >> > DISCLAIMER: >> > *** >> > This email and any files transmitted with it may be confidential, >> legally >> > privileged and protected in law and are intended solely for the use of >> the >> > >> > individual to whom it is addressed. >> > This email was multiple times scanned for viruses. There should be no >> > known virus in this email! >> > *** >> > >> > >> > --
Re: [Assp-test] Very minor request: ClamAV more verbose logging?
Okay, I'm back to standard logging on ClamAV then Thanks On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > >1) Is verbose logging slowing things > > The MainThread goes slower than more is logged > > >1) and causing the daemon to be unreachable > > No. > > >1) is this happening with standard logging too and just not > >logged? > > Yes. > > >2) Is this normal? If not, what should I do to fix this? > > This is normal. Every time the clamd reloads signatures or does the self > check (default 600 seconds) it becomes unavailable. > If you've configured to use more than one clamd, the next will be used. > If non of the configured clamd is available, you'll get the warning: > ClamAV Temporary Off : > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 02.10.2016 20:44 > Betreff:Re: [Assp-test] Very minor request: ClamAV more verbose > logging? > > > > Thanks for the reply. > > Doesn't ASSP know what it's sending to the scanner though? And it's ASSP > that writes to maillog, not ClamAV right? > > Separately, I turned ClamAV logging to verbose just to see the logs, and > with this setting as such, I'm getting: > Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down > a couple of times an hour. > > I see no issues with ClamAV, but always get worried about warnings. With > ClamAV logging set to standard, I don't get these warnings. So the > questions for me become: > 1) Is verbose logging slowing things and causing the daemon to be > unreachable or is this happening with standard logging too and just not > logged? > 2) Is this normal? If not, what should I do to fix this? > > > > On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt > <thomas.ecka...@thockar.com> > wrote: > > > The scanning engine does not know where the content comes from > > (attachment, decompressed attachment, body check, text parts, mail > > analyzer, archive post processor ... . ) > > > > So - no chance to have this information there. > > > > Thomas > > > > > > > > Von:K Post <nntp.p...@gmail.com> > > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > > Datum: 01.10.2016 22:02 > > Betreff:[Assp-test] Very minor request: ClamAV more verbose > > logging? > > > > > > > > With verbose logging for clamav on, we get lines like: > > ClamAV: scanned 1146936 bytes in whitelisted message - OK > > > > Would it be possible to add the name of the file being scanned? > > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > ___ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > DISCLAIMER: > > *** > > This email and any files transmitted with it may be confidential, > legally > > privileged and protected in law and are intended solely for the use of > the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > *** > > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > ___ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > *** > This email and any files transmitted wit
Re: [Assp-test] Very minor request: ClamAV more verbose logging?
>1) Is verbose logging slowing things The MainThread goes slower than more is logged >1) and causing the daemon to be unreachable No. >1) is this happening with standard logging too and just not >logged? Yes. >2) Is this normal? If not, what should I do to fix this? This is normal. Every time the clamd reloads signatures or does the self check (default 600 seconds) it becomes unavailable. If you've configured to use more than one clamd, the next will be used. If non of the configured clamd is available, you'll get the warning: ClamAV Temporary Off : Thomas Von:K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 02.10.2016 20:44 Betreff: Re: [Assp-test] Very minor request: ClamAV more verbose logging? Thanks for the reply. Doesn't ASSP know what it's sending to the scanner though? And it's ASSP that writes to maillog, not ClamAV right? Separately, I turned ClamAV logging to verbose just to see the logs, and with this setting as such, I'm getting: Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down a couple of times an hour. I see no issues with ClamAV, but always get worried about warnings. With ClamAV logging set to standard, I don't get these warnings. So the questions for me become: 1) Is verbose logging slowing things and causing the daemon to be unreachable or is this happening with standard logging too and just not logged? 2) Is this normal? If not, what should I do to fix this? On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > The scanning engine does not know where the content comes from > (attachment, decompressed attachment, body check, text parts, mail > analyzer, archive post processor ... . ) > > So - no chance to have this information there. > > Thomas > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 01.10.2016 22:02 > Betreff:[Assp-test] Very minor request: ClamAV more verbose > logging? > > > > With verbose logging for clamav on, we get lines like: > ClamAV: scanned 1146936 bytes in whitelisted message - OK > > Would it be possible to add the name of the file being scanned? > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > *** > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > *** > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Very minor request: ClamAV more verbose logging?
Thanks for the reply. Doesn't ASSP know what it's sending to the scanner though? And it's ASSP that writes to maillog, not ClamAV right? Separately, I turned ClamAV logging to verbose just to see the logs, and with this setting as such, I'm getting: Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down a couple of times an hour. I see no issues with ClamAV, but always get worried about warnings.With ClamAV logging set to standard, I don't get these warnings. So the questions for me become: 1) Is verbose logging slowing things and causing the daemon to be unreachable or is this happening with standard logging too and just not logged? 2) Is this normal? If not, what should I do to fix this? On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > The scanning engine does not know where the content comes from > (attachment, decompressed attachment, body check, text parts, mail > analyzer, archive post processor ... . ) > > So - no chance to have this information there. > > Thomas > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 01.10.2016 22:02 > Betreff: [Assp-test] Very minor request: ClamAV more verbose > logging? > > > > With verbose logging for clamav on, we get lines like: > ClamAV: scanned 1146936 bytes in whitelisted message - OK > > Would it be possible to add the name of the file being scanned? > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > *** > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > *** > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Very minor request: ClamAV more verbose logging?
The scanning engine does not know where the content comes from (attachment, decompressed attachment, body check, text parts, mail analyzer, archive post processor ... . ) So - no chance to have this information there. Thomas Von:K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 01.10.2016 22:02 Betreff: [Assp-test] Very minor request: ClamAV more verbose logging? With verbose logging for clamav on, we get lines like: ClamAV: scanned 1146936 bytes in whitelisted message - OK Would it be possible to add the name of the file being scanned? ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Very minor request: ClamAV more verbose logging?
With verbose logging for clamav on, we get lines like: ClamAV: scanned 1146936 bytes in whitelisted message - OK Would it be possible to add the name of the file being scanned? ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test