Submitted by xtremeservices on Mon, 06/13/2011 - 17:29
Hi guys,
I have been monitoring the statistics for viruses the pass three days and am a little worried that nothing has been caught. I have looked through /var/log/mail.log syslog procmail.log etc.. for any mention of the process of procmail sending mail to clamd for virus scans and the detection info and coming up short. Please point me where I can see the virus info logged to verify that emails are trully being scanned.
I have verified that clamd is running and enabled in the System Settings->Mail
Thank you,
~Jeremy
Status:
Active
Comments
Submitted by andreychek on Mon, 06/13/2011 - 17:48 Comment #1
Howdy -- your email settings look good!
If you're interested in testing it though, you could always try emailing yourself the eicar test virus. You can find information on that here:
http://eicar.org/85-0-Download.html
Submitted by xtremeservices on Mon, 06/13/2011 - 18:16 Comment #2
Thank you Eric.
The eicar virus did the trick. I had forgotten about that. The logged information is stored in /var/log/procmail.log .
Side note: Is it possible to have the procmail information sent to syslog as mail so it is re-routed to mail.log as well as procmail.log? The reason I ask is that mailgraph apparently can only look at a single log. I am hoping to get the spam and virus info to appear back in mail.log since moving to Procmail filtering with Virtualmin. If I can do this then my mailgraph totals should start updating again!! : )
Thx,
~Jeremy
Submitted by andreychek on Mon, 06/13/2011 - 18:28 Comment #3
By default, ClamAV doesn't do any logging.
If you're interested in configuring logging for it, you can do so by manually editing your /etc/clamav/clamav.conf file.
You can see a list of available options in the manpage:
http://linux.die.net/man/5/clamd.conf
You may want to explore the LogSyslog and LogFile options, both of which are disabled by default.
Submitted by xtremeservices on Mon, 06/13/2011 - 19:14 Comment #4
Thank you Eric,
I ended up using these settings successfully to get detected viruses logged in mail.log on my Ubuntu 10.04 system.
/etc/clamav/clamd.conf
LogSyslog true LogFacility LOG_MAIL
Thanks again!
~Jeremy