virus name does not appear in maillog
Mark Martinec
Mark.Martinec+amavis at ijs.si
Fri Aug 26 19:04:00 CEST 2011
Tomas,
> I'm using Scientific Linux 6.1, Postfix 2.8.4 and Amavisd-new 2.6.4 with
> ClamAV 0.97.
> Everything works with one exception: I can't see the name of the virus in
> the maillog. This is an example when I'm sending empty mail with eicar
> virus as an attachment:
>
> Aug 22 14:46:46 zet amavis[26543]: (26543-01) ask_av (Clam
> Antivirus-clamd) result:
> /var/spool/amavisd/tmp/amavis-20110822T144646-26543/parts/p004:
> Eicar-Test-Signature
> FOUND\n/var/spool/amavisd/tmp/amavis-20110822T144646-26543/parts/p002:
> Eicar-Test-Signature FOUND\n
> Aug 22 14:46:46 zet postfix/smtp[26567]: 0315953: to=<mailbox at domain.cz>,
> relay=127.0.0.1[127.0.0.1]:10024, delay=0.14, delays=0.03/0.01/0.01/0.09,
> dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26543-01 - INFECTED: )
>
> I was trying to look into the code of /usr/sbin/amavisd, but with no
> result, because I don't understand the code well (I'm not the Perl guru)
> and I was also unable to find anyone with the same issues.
How does your clamd entry in the @av_scanners list look like?
Apparently the regexp in the last field is not capturing
the virus name.
Should be something like:
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
Perhaps the /m regexp flag is missing in your case?
Mark
More information about the amavis-users
mailing list