I use a very simple logging setup (not syslog):

  LogFile /var/log/clamav/clamd.log
  LogFileMaxSize 0

You didn't say how your MTA is passing the emails to be scanned to
ClamAV.  Perhaps that interface program, such as Amavis, a Milter,
etc., is logging something useful. Or it may even not be set up to use
ClamAV at all.


P.S. Remember that ClamAV does not automatically scan emails merely
because it is running in the same machine as the MTA. You need to send
it the email contents (and header). This should be done by having clamd
listening on a TCP port or Unix socket and sending it the email via
clamdscan. (It's far too slow to run clamscan for each email, since it
loads the entire virus database each time it starts).

On Thu, 10 Aug 2017 16:38:48 -0400
"sysad...@chemcut.net" <sysad...@chemcut.net> wrote:

> Unfortunately Google didn't turn up any useful information. 
> "... the list archives are available to be downloaded as mbox
> format,..." I didn't see how (or why) to  download the list archives
> as a mailbox file  - perhaps the website documentation could be
> improved.
> "...you'd consult the logs..."
> That's what I thought.
> But the directive default settings in the  clamd.conf   file are
>   #Logfile  <disabled>
>   #LogSyslog no
> so there is no logging to look at;  nor is there any readily
> available samples or explanations of what should be in the logs.
> Thanks for answering the question.
> At least now i know that is worthwhile to pursue that line of
> inquiry.
> .
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Chuck Swiger
> Sent: Thursday, August 10, 2017 4:02 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] ClamAV documentation help needed
> On Aug 10, 2017, at 10:52 AM, sysad...@chemcut.net
> <sysad...@chemcut.net> wrote:
> > If it isn't a current issue, how do you search them?
> The majority of people use a search engine like Google.
> However, the list archives are available to be downloaded as mbox
> format, which can be imported into a MUA of your choice, or fed into
> Lucene, OpenGrok, Apple Spotlight, etc.
> > For example,
> > We have installed ClamAV on our Linux mail-server.
> > [ ... ]
> > How do I know that the user's mail is being scanned *AND* what is 
> > being detected?
> You'd consult the logs for your MTA or whatever is calling ClamAV,
> perhaps amavisd-new, postfix-milter, etc...?
> Regards,
> --
> -Chuck
clamav-users mailing list

Help us build a comprehensive ClamAV guide:


Reply via email to