On Friday 12 February 2016 15:59:13 Dennis Peterson wrote: > The most useful information I get is from the milter (J-Chkmail) that > manages scanning via clamd. > > Sun Feb 7 05:57:59 2016 -> /var/spool/jchkmail/56B74D61.000.0000: > Sanesecurity.Foxhole.Zip_doc_js.UNOFFICIAL FOUND > > The serial number maps directly to the message id in sendmail's log > which has the transaction information. > > dp > That would simplify it somewhat. But I'm not using sendmail, I am using fetchmail, and fetchmails log entries don't show that by default, and I see no option to turn that on in the manpages. Wrapping that procmail recipe in a verbosity control might also yield some info into the log file. I'll start by doing that.
But, and I haven't started on it yet, I could have it save that message using a round robin nameing scheme, from the bash script that responds to the virii file being written to. I can steal the code from another utility I wrote that manages a printer queue for a legacy computer, and maintain a 25 file subdir. Some of that same code can then send me an email that a viri has been isolated, giving me the .XX enumeration of that saved file. That particular function I wrote as two files, so the work is handed off to a second one, in that case to feed it to the printer, and since bash can do text searches without a lot of help, it could easily include the subject line, all the From: lines, and any Reply-to: lines in the email it sends me. All I have to do is find my missing round tuit. And I am in the early stages of something else I need to get done while I still can get it done, the years (81) are catching up to my body and beginning to limit what I can do physically. > On 2/12/16 8:22 AM, Gene Heskett wrote: > > Greetings; > > > > Currently it spits out a one line message to the logfile when it has > > found something, and when procmail see's the NZ return, the incoming > > mail is placed in a holding file. But it contains zero information > > that would give a clue as to where the infected mail came from. > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
