The most useful information I get is from the milter (J-Chkmail) that manages
scanning via clamd.
Sun Feb 7 05:57:59 2016 -> /var/spool/jchkmail/56B74D61.000.0000:
Sanesecurity.Foxhole.Zip_doc_js.UNOFFICIAL FOUND
The serial number maps directly to the message id in sendmail's log which has
the transaction information.
dp
On 2/12/16 8:22 AM, Gene Heskett wrote:
Greetings;
Currently it spits out a one line message to the logfile when it has
found something, and when procmail see's the NZ return, the incoming
mail is placed in a holding file. But it contains zero information that
would give a clue as to where the infected mail came from.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
