I'm following up on a previous post about logging to maillog: http://lurker.clamav.net/message/20090408.063308.16623e5a.en.html
I am using Sendmail 8.13 on CentOS-4 but whereas previously with 0.94.2 I would get a log entry in /var/log/maillog for every scanned message I now only get a log event for infected messages or those with an existing "X-Virus-Scanned" or "X-Virus-Status" header. I have configured clamd to log every scanning event to /var/log/clamav/clamd.log but whereas before it would log a message ID and status I can now only get entries like these: Wed Apr 15 11:01:53 2009 -> fd[11]: OK Wed Apr 15 11:04:36 2009 -> fd[11]: Eicar-Test-Signature FOUND Wed Apr 15 11:04:36 2009 -> fd[11]: OK I would appreciate some guidance on whether I am missing something obvious in the configuration that would allow me to: 1) log every scanning event in /var/log/maillog 2) get more detailed log entries in /var/log/clamav/clamd.log For reference, my configuration is: [r...@gateway mail]# clamconf ClamAV engine version: 0.95.1 Checking configuration files in /etc Config file: clamd.conf ----------------------- LogFile = "/var/log/clamav/clamd.log" LogFileUnlock disabled LogFileMaxSize = "2097152" LogTime = "yes" LogClean = "yes" LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose = "yes" PidFile = "/var/run/clamav/clamd.pid" TemporaryDirectory = "/tmp" DatabaseDirectory = "/var/lib/clamav" LocalSocket = "/var/run/clamav/clamd.sock" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "10" ReadTimeout = "120" CommandReadTimeout = "5" SendBufTimeout = "500" MaxQueue = "50" IdleTimeout = "30" ExcludePath = "^/proc/", "^/sys/" MaxDirectoryRecursion = "15" FollowDirectorySymlinks = "yes" FollowFileSymlinks disabled SelfCheck = "600" VirusEvent = "no" ExitOnOOM = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" MailFollowURLs disabled ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled HeuristicScanPrecedence = "yes" StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" ScanPDF = "yes" ScanArchive = "yes" ArchiveBlockEncrypted = "yes" MaxScanSize = "52428800" MaxFileSize = "26214400" MaxRecursion = "10" MaxFiles = "10000" ClamukoScanOnAccess disabled ClamukoScanOnOpen disabled ClamukoScanOnClose disabled ClamukoScanOnExec disabled ClamukoIncludePath disabled ClamukoExcludePath disabled ClamukoMaxFileSize = "5242880" DevACOnly disabled DevACDepth disabled Config file: clamav-milter.conf ------------------------------- LogFile = "/var/log/clamav/clamav-milter.log" LogFileUnlock disabled LogFileMaxSize = "2097152" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose = "yes" PidFile = "/var/run/clamav/clamav-milter.pid" TemporaryDirectory = "/tmp" FixStaleSocket = "yes" MaxThreads = "10" ReadTimeout = "120" Foreground disabled User = "clamav" AllowSupplementaryGroups disabled MaxFileSize = "26214400" ClamdSocket = "unix:/var/run/clamav/clamd.sock" MilterSocket = "local:/var/run/clamav/clamav-milter.sock" LocalNet disabled OnClean = "Accept" OnInfected = "Reject" OnFail = "Defer" RejectMsg = "%v detected" AddHeader = "yes" Chroot disabled Whitelist = "/etc/mail/clamav-whitelist" SkipAuthenticated disabled LogInfected = "Basic" _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
