virus name does not appear in maillog

Tomas Macek macek at fortech.cz
Thu Aug 25 14:04:53 CEST 2011


I'm really sorry for my inconvenience!

So now I have "$log_level = 1" and output from my email like this (copied 
with only changed my mail address):

Aug 25 13:52:28 zet amavis[12273]: (12273-01) Checking: H4aulZyV9kz5 
MYNETS [10.0.1.174] <mybox at mydomain.cz> -> <mybox at mydomain.cz>
Aug 25 13:52:28 zet amavis[12273]: (12273-01) Blocked INFECTED (), MYNETS 
LOCAL [10.0.1.174] [10.0.1.174] <mybox at mydomain.cz> -> 
<mybox at mydomain.cz>, Message-ID: 
<alpine.LFD.2.02.1108251353470.14107 at maca.fortech.cz>, mail_id: 
H4aulZyV9kz5, Hits: -, size: 1193, 85 ms
Aug 25 13:52:28 zet postfix/smtp[12307]: B2FAA54: to=<mybox at mydomain.cz>, 
relay=127.0.0.1[127.0.0.1]:10024, delay=0.14, delays=0.05/0.01/0.01/0.08, 
dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=12273-01 - INFECTED: )
Aug 25 13:52:28 zet postfix/qmgr[24966]: B2FAA54: removed


You really believe, that in "... Blocked INFECTED (), ..." inside the 
brackets is 
not missing the virus name? I believe it should be there.
The same in "...id=12273-01 - INFECTED: )..." - after INFECTED: in 
the space before bracket there really should not be the virus name?

Also according to the hardcoded $log_templ template (see 
/usr/sbin/amavisd) something should be there. But setting up $log_templ in 
amavisd.conf did not helped.

Best regards
Tomas



On Thu, 25 Aug 2011, Michael Scheidell wrote:

> On 8/25/11 1:37 AM, macek at fortech.cz wrote:
>> I believe, that you did not notice one thing - the output was under debug = 
>> 5
> that was not mentioned, or I didn't see that.
>
> amavisd doesn't include virus name in the mail log then.  you would need to 
> get it from headers in email, or in clamd.log.
>
> is there a reason you want the virus name in the mail log? and that the 
> clamd.log isn't good enough?
>
> no need to see who virus went TO, its quarantined. no need to know who virus 
> came FROM, since its almost always forged.
>
>
> -- 
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
>> *| *SECNAP Network Security Corporation
>
>   * Best Mobile Solutions Product of 2011
>   * Best Intrusion Prevention Product
>   * Hot Company Finalist 2011
>   * Best Email Security Product
>   * Certified SNORT Integrator
>
>
> ______________________________________________________________________
> This email has been scanned and certified safe by SpammerTrap(r). For 
> Information please see http://www.secnap.com/products/spammertrap/
> ______________________________________________________________________


More information about the amavis-users mailing list