virus name does not appear in maillog
Tomas Macek
macek at fortech.cz
Thu Aug 25 14:04:53 CEST 2011
I'm really sorry for my inconvenience!
So now I have "$log_level = 1" and output from my email like this (copied
with only changed my mail address):
Aug 25 13:52:28 zet amavis[12273]: (12273-01) Checking: H4aulZyV9kz5
MYNETS [10.0.1.174] <mybox at mydomain.cz> -> <mybox at mydomain.cz>
Aug 25 13:52:28 zet amavis[12273]: (12273-01) Blocked INFECTED (), MYNETS
LOCAL [10.0.1.174] [10.0.1.174] <mybox at mydomain.cz> ->
<mybox at mydomain.cz>, Message-ID:
<alpine.LFD.2.02.1108251353470.14107 at maca.fortech.cz>, mail_id:
H4aulZyV9kz5, Hits: -, size: 1193, 85 ms
Aug 25 13:52:28 zet postfix/smtp[12307]: B2FAA54: to=<mybox at mydomain.cz>,
relay=127.0.0.1[127.0.0.1]:10024, delay=0.14, delays=0.05/0.01/0.01/0.08,
dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=12273-01 - INFECTED: )
Aug 25 13:52:28 zet postfix/qmgr[24966]: B2FAA54: removed
You really believe, that in "... Blocked INFECTED (), ..." inside the
brackets is
not missing the virus name? I believe it should be there.
The same in "...id=12273-01 - INFECTED: )..." - after INFECTED: in
the space before bracket there really should not be the virus name?
Also according to the hardcoded $log_templ template (see
/usr/sbin/amavisd) something should be there. But setting up $log_templ in
amavisd.conf did not helped.
Best regards
Tomas
On Thu, 25 Aug 2011, Michael Scheidell wrote:
> On 8/25/11 1:37 AM, macek at fortech.cz wrote:
>> I believe, that you did not notice one thing - the output was under debug =
>> 5
> that was not mentioned, or I didn't see that.
>
> amavisd doesn't include virus name in the mail log then. you would need to
> get it from headers in email, or in clamd.log.
>
> is there a reason you want the virus name in the mail log? and that the
> clamd.log isn't good enough?
>
> no need to see who virus went TO, its quarantined. no need to know who virus
> came FROM, since its almost always forged.
>
>
> --
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
>> *| *SECNAP Network Security Corporation
>
> * Best Mobile Solutions Product of 2011
> * Best Intrusion Prevention Product
> * Hot Company Finalist 2011
> * Best Email Security Product
> * Certified SNORT Integrator
>
>
> ______________________________________________________________________
> This email has been scanned and certified safe by SpammerTrap(r). For
> Information please see http://www.secnap.com/products/spammertrap/
> ______________________________________________________________________
More information about the amavis-users
mailing list