On Friday 06 February 2004 15:40, Ola Thoresen wrote: >> Another thing I'd love to have in the logs (though the clamd-logs) is >> the host of the client.
> I run a network-config, and would love to have changed the (sys)logs from: > > Feb 6 11:37:54 server clamd[808]: stream: Worm.SCO.A FOUND > > Feb 6 11:38:09 server clamd[808]: stream host1: Worm.SCO.A FOUND It is not help for analyse delivery by cat /var/log/maillog |grep <sendmail message id>. For example: # cat info |grep i1605FRh026186 Feb 6 04:05:17 host sendmail[26186]: i1605FRh026186: from=<root>, size=648, class=0, nrcpts=1, msgid=<200402060002.i16021BK024792@>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Feb 6 04:05:17 host clamav-milter[26188]: i1605FRh026186: clean message from <root> Feb 6 04:05:17 host sendmail[26186]: i1605FRh026186: Milter add: header: X-Virus-Scanned: ClamAV version 'clamd / ClamAV version devel-20040205', clamav-milter version '0.66k' Feb 6 04:05:17 host sendmail[24792]: i16021BK024792: to=root, ctladdr=root (0/0), delay=00:03:16,xdelay=00:00:13, mailer=relay, pri=30384, relay=localhost.localdomain. [127.0.0.1], dsn=2.0.0, stat=Sent (i1605FRh026186 Message accepted for delivery) Feb 6 04:05:24 host sendmail[26191]: i1605FRh026186: to=root, ctladdr=<root> (0/0), delay=00:00:07, xdelay=00:00:05, mailer=esmtp, pri=30980, relay=mail [], dsn=2.0.0, stat=Sent (i1606lCR025057 Message accepted for delivery) The missed records: #cat info |grep '\[26188\]' Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_envfrom: <root> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_envrcpt: <root> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: Received: (from [EMAIL PROTECTED]) ^Iby (8.12.11/8.12.11/Submit) id i16021BK024792 ^Ifor root; Fri, 6 Feb 2004 04:02:01 +0400 Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: Date: Fri, 6 Feb 2004 04:02:01 +0400 Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: Message-Id: <200402060002.i16021BK024792@> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: From: root (Cron Daemon) Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: To: root Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: Subject: Cron <[EMAIL PROTECTED]> run-parts /etc/cron.daily Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: X-Cron-Env: <SHELL=/bin/bash> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: X-Cron-Env: <MAILTO=root> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: X-Cron-Env: <HOME=/> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: X-Cron-Env: <LOGNAME=root> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_header: X-Cron-Env: <USER=root> Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_eoh Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_envbody: 120 bytes Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_eom Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_eom: read stream: OK Feb 6 04:05:17 relay1 clamav-milter[26188]: clamfi_close -- Regards, Sergey ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
