On Fri, Oct 29, 2010 at 1:12 PM, Dennis Peterson <denni...@inetnw.com> wrote: > On 10/29/10 6:22 AM, Carlos Mennens wrote: > >> >> My question is where or how can I see what the location of the two >> infected files are? I looked at /var/log/clamav/freshclam.log& didn't >> see anything there when grep'ing for the word "infected". > > In my logs I look for "FOUND".
I was told that 'clamscan' doesn't create logs since I run it manually. I was referenced to use "-l scan-results.txt" if I wanted some summery of the scan. Is this not correct? When I scan my 'clamd' files for "FOUND" I get: [r...@mail clamav]# cat clamd.log | grep -i "found" Mon Oct 25 15:04:07 2010 -> /var/amavis/tmp/amavis-20101025T135520-07414/parts/p004: Heuristics.Phishing.Email.SpoofedDomain FOUND Thu Oct 28 13:02:19 2010 -> /var/amavis/tmp/amavis-20101028T124816-21500/parts/p366: Heuristics.Broken.Executable FOUND Fri Oct 29 11:41:05 2010 -> /var/amavis/tmp/amavis-20101029T111831-12439/parts/p001: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 11:41:05 2010 -> /var/amavis/tmp/amavis-20101029T111831-12439/parts/p002: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 12:07:11 2010 -> /var/amavis/tmp/amavis-20101029T111831-12439/parts/p001: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 12:07:11 2010 -> /var/amavis/tmp/amavis-20101029T111831-12439/parts/p002: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 13:45:28 2010 -> /var/amavis/tmp/amavis-20101029T113827-14030/parts/p002: HTML.Phishing.Bank-89 FOUND Fri Oct 29 13:45:28 2010 -> /var/amavis/tmp/amavis-20101029T113827-14030/parts/p001: HTML.Phishing.Bank-89 FOUND _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
