virus name does not appear in maillog
Tomas Macek
macek at fortech.cz
Wed Aug 24 09:22:16 CEST 2011
On Wed, 24 Aug 2011, Tomas Macek wrote:
> On Wed, 24 Aug 2011, Tom Kinghorn wrote:
>
>> On 24/08/2011 08:26, Tomas Macek wrote:
>> I'm using Scientific Linux 6.1, Postfix 2.8.4 and Amavisd-new 2.6.4
>> with ClamAV 0.97.
>> Everything works with one exception: I can't see the name of the
>> virus in the maillog. This is an example when I'm
>> sending empty mail with eicar virus as an attachment:
>>
>> in amavisd.conf, what string do you have for $log_templ ?
>>
>
> I have none line '$log_templ' in amavisd.conf. I have there only this similar
> line: "$log_recip_templ = undef;"
>
> I was trying now to find such a line in original distribution amavisd.conf
> (for the case I could accidentaly delete it before), but found none.
>
I found this and I also added this into my amavisd.conf file, but did not
helped:
$log_templ = <<'EOD';
[?%#D|#|Passed #
[? [:ccat|major]
|OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)]#
, [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
, mail_id: %i#
, Hits: [:SCORE]#
, size: %z#
[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
[remote_mta_smtp_response|[~%x|["queued as
([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]#
[? [:header_field|Subject] ||, Subject:
[:dquote|[:header_field|Subject]]]#
[? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]#
[? [:useragent|name] ||, [:useragent|name]:
[:uquote|[:useragent|body]]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[:supplementary_info|SCTYPE|, shortcircuit=%%s]#
[:supplementary_info|AUTOLEARN|, autolearn=%%s]#
, %y ms#
]
[?%#O|#|Blocked #
[? [:ccat|major|blocking] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)]#
, [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
, mail_id: %i#
, Hits: [:SCORE]#
, size: %z#
#, smtp_resp: [:smtp_response]#
[? [:header_field|Subject] ||, Subject:
[:dquote|[:header_field|Subject]]]#
[? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]#
[? [:useragent|name] ||, [:useragent|name]:
[:uquote|[:useragent|body]]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[:supplementary_info|SCTYPE|, shortcircuit=%%s]#
[:supplementary_info|AUTOLEARN|, autolearn=%%s]#
, %y ms#
]
EOD
This is the maillog - it's the same:
...
Aug 24 09:08:05 zet amavis[13626]: (13626-01) ESMTP> 250 2.7.0 Ok,
discarded, id=13626-01 - INFECTED:
...
More information about the amavis-users
mailing list