Kevin Clark wrote:
>>> What am I missing?
>>>
>> I believe Kevin is seeking an option similar to clamd's LogClean option
>> in clamav-milter.
>>
>> From clamd.conf:
>>
>> --------
>>
>> # Also log clean files. Useful in debugging but drastically increases
>> the
>> # log size.
>> # Default: no
>> LogClean yes
>
> Craig is correct - I would like clamav-milter to log clean files as well as
> infected ones much like it used to.
>
> Also, I like having the log entries in /var/log/maillog because then I have a
> single log file from which I can determine that a message was scanned by all
> (or maybe none because of whitelisting) of the Milters we have running on the
> system.
>
If you are using syslog-ng you can aggregate various facility:level selectors
at
the line item level with the match() operator. As a non-functional pseudo code
example:
filter f_virus { (filter (maillog) AND filter (clamlog)) AND NOT match
("regex"); };
This combines all output of the mail log and the milter-clamav log and excludes
what ever is matched by the regular expression.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
