[clamav-users] ClamAV documentation help needed
Paul Kosinski
clamav-users at iment.com
Thu Aug 10 21:33:34 UTC 2017
I use a very simple logging setup (not syslog):
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
You didn't say how your MTA is passing the emails to be scanned to
ClamAV. Perhaps that interface program, such as Amavis, a Milter,
etc., is logging something useful. Or it may even not be set up to use
ClamAV at all.
Paul
P.S. Remember that ClamAV does not automatically scan emails merely
because it is running in the same machine as the MTA. You need to send
it the email contents (and header). This should be done by having clamd
listening on a TCP port or Unix socket and sending it the email via
clamdscan. (It's far too slow to run clamscan for each email, since it
loads the entire virus database each time it starts).
On Thu, 10 Aug 2017 16:38:48 -0400
"SysAdmin at chemcut.net" <sysadmin at chemcut.net> wrote:
> Unfortunately Google didn't turn up any useful information.
>
> "... the list archives are available to be downloaded as mbox
> format,..." I didn't see how (or why) to download the list archives
> as a mailbox file - perhaps the website documentation could be
> improved.
>
> "...you'd consult the logs..."
> That's what I thought.
> But the directive default settings in the clamd.conf file are
> #Logfile <disabled>
> #LogSyslog no
> so there is no logging to look at; nor is there any readily
> available samples or explanations of what should be in the logs.
>
> Thanks for answering the question.
> At least now i know that is worthwhile to pursue that line of
> inquiry.
>
> DLS
> .
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
> Behalf Of Chuck Swiger
> Sent: Thursday, August 10, 2017 4:02 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] ClamAV documentation help needed
>
> On Aug 10, 2017, at 10:52 AM, SysAdmin at chemcut.net
> <sysadmin at chemcut.net> wrote:
> > If it isn't a current issue, how do you search them?
>
> The majority of people use a search engine like Google.
>
> However, the list archives are available to be downloaded as mbox
> format, which can be imported into a MUA of your choice, or fed into
> Lucene, OpenGrok, Apple Spotlight, etc.
>
> > For example,
> > We have installed ClamAV on our Linux mail-server.
> > [ ... ]
> > How do I know that the user's mail is being scanned *AND* what is
> > being detected?
>
> You'd consult the logs for your MTA or whatever is calling ClamAV,
> perhaps amavisd-new, postfix-milter, etc...?
>
> Regards,
> --
> -Chuck
More information about the clamav-users
mailing list