Re: [Clamav-users] clamstats script

Wed, 24 May 2006 17:15:37 -0700 

On Wednesday 24 May 2006 7:05 pm, Rick Macdougall wrote:
> Chris wrote:
> > On Wednesday 24 May 2006 5:54 pm, Rick Macdougall wrote:
> >> I developed this http://newmail.axess.com/virus/
> >>
> >> But it's only currently for Qmail/simscan (until someone wants to
> >> write a backend for another scanner).
> >
> > Kmail, however, its called via a plug-in for Spamassassin.
>
> I believe kmail is an email client not an MTU, what is your MTU (ie
> sendmail, exim, qmail, postfix etc)
>
> As well, SpamAssassin finds spam, not viruses.
>
> Regards,

My mistake, mail is picked up via fetchmail, run through procmail where 
spamassasin is called.  There is a clamav plugin for SA:

loadplugin      ClamAV   clamav.pm
full            CLAMAV   eval:check_clamav()
describe        CLAMAV   Clam AntiVirus detected a virus
score           CLAMAV   10.00
 
Which I'm using. There is a clamd.log and a freshclam.log 
in /var/log/clamav.  Clamav is detecting virus's:

Wed May 24 18:33:49 2006 -> Accepted connection on port 1451, fd 8
Wed May 24 18:33:49 2006 -> stream: 
Html.Phishing.Bank.Gen503.Sanesecurity.06042004 FOUND
Wed May 24 18:33:52 2006 -> Accepted connection on port 1995, fd 8
Wed May 24 18:33:52 2006 -> stream: 
Html.Phishing.Bank.Gen503.Sanesecurity.06042004 FOUND
Wed May 24 18:50:26 2006 -> SelfCheck: Database status OK.
Wed May 24 18:50:26 2006 -> Accepted connection on port 1141, fd 8
Wed May 24 18:50:26 2006 -> stream: Html.Phishing.Bank.Sanesecurity.06032100 
FOUND

One thing that was pointed out to me by someone else who looked at the 
script, but doesn't run clamv is this:

I'm really not that familar with clamav log files, but the script is looking 
for
patterns in the log that it is not finding. This regular expression test on 
line 96
is never true:

if (/(\w+)\s(\w+)\s{1,2}(\d{1,2})\s(\d+:\d+:\d+)\s(\d+).
+mdefang-(\w+)\/Work\/msg-\d+-\d+\.(\w+):\s+(.+)\sFOUND/) {  

so it never picks up anything.

Why it's looking for these specific strings, I don't know. because I don't 
know clamav

Chris

-- 
Chris
Registered Linux User 283774 http://counter.li.org
19:09:36 up 10 days, 7:09, 1 user, load average: 0.33, 0.31, 0.23
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk

Attachment: pgpfpSxcXof53.pgp
Description: PGP signature

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to