virus name does not appear in maillog

Mark Martinec Mark.Martinec+amavis at ijs.si
Fri Aug 26 19:04:00 CEST 2011


Tomas,

> I'm using Scientific Linux 6.1, Postfix 2.8.4 and Amavisd-new 2.6.4 with 
> ClamAV 0.97.
> Everything works with one exception: I can't see the name of the virus in 
> the maillog. This is an example when I'm sending empty mail with eicar 
> virus as an attachment:
> 
> Aug 22 14:46:46 zet amavis[26543]: (26543-01) ask_av (Clam 
> Antivirus-clamd) result: 
> /var/spool/amavisd/tmp/amavis-20110822T144646-26543/parts/p004: 
> Eicar-Test-Signature 
> FOUND\n/var/spool/amavisd/tmp/amavis-20110822T144646-26543/parts/p002: 
> Eicar-Test-Signature FOUND\n

> Aug 22 14:46:46 zet postfix/smtp[26567]: 0315953: to=<mailbox at domain.cz>, 
> relay=127.0.0.1[127.0.0.1]:10024, delay=0.14, delays=0.03/0.01/0.01/0.09, 
> dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26543-01 - INFECTED: )
> 
> I was trying to look into the code of /usr/sbin/amavisd, but with no 
> result, because I don't understand the code well (I'm not the Perl guru) 
> and I was also unable to find anyone with the same issues.

How does your clamd entry in the @av_scanners list look like?
Apparently the regexp in the last field is not capturing
the virus name.

Should be something like:

 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Perhaps the /m regexp flag is missing in your case?


 Mark


More information about the amavis-users mailing list