Virus Filter - Verification

Hi guys,

I have been monitoring the statistics for viruses the pass three days and am a little worried that nothing has been caught. I have looked through /var/log/mail.log syslog procmail.log etc.. for any mention of the process of procmail sending mail to clamd for virus scans and the detection info and coming up short. Please point me where I can see the virus info logged to verify that emails are trully being scanned.

I have verified that clamd is running and enabled in the System Settings->Mail

Thank you,

~Jeremy

Status: 
Active

Comments

Howdy -- your email settings look good!

If you're interested in testing it though, you could always try emailing yourself the eicar test virus. You can find information on that here:

http://eicar.org/85-0-Download.html

Thank you Eric.

The eicar virus did the trick. I had forgotten about that. The logged information is stored in /var/log/procmail.log .

Side note: Is it possible to have the procmail information sent to syslog as mail so it is re-routed to mail.log as well as procmail.log? The reason I ask is that mailgraph apparently can only look at a single log. I am hoping to get the spam and virus info to appear back in mail.log since moving to Procmail filtering with Virtualmin. If I can do this then my mailgraph totals should start updating again!! : )

Thx,

~Jeremy

By default, ClamAV doesn't do any logging.

If you're interested in configuring logging for it, you can do so by manually editing your /etc/clamav/clamav.conf file.

You can see a list of available options in the manpage:

http://linux.die.net/man/5/clamd.conf

You may want to explore the LogSyslog and LogFile options, both of which are disabled by default.

Thank you Eric,

I ended up using these settings successfully to get detected viruses logged in mail.log on my Ubuntu 10.04 system.

/etc/clamav/clamd.conf

LogSyslog true LogFacility LOG_MAIL

Thanks again!

~Jeremy