I use a very simple logging setup (not syslog): LogFile /var/log/clamav/clamd.log LogFileMaxSize 0
You didn't say how your MTA is passing the emails to be scanned to ClamAV. Perhaps that interface program, such as Amavis, a Milter, etc., is logging something useful. Or it may even not be set up to use ClamAV at all. Paul P.S. Remember that ClamAV does not automatically scan emails merely because it is running in the same machine as the MTA. You need to send it the email contents (and header). This should be done by having clamd listening on a TCP port or Unix socket and sending it the email via clamdscan. (It's far too slow to run clamscan for each email, since it loads the entire virus database each time it starts). On Thu, 10 Aug 2017 16:38:48 -0400 "[email protected]" <[email protected]> wrote: > Unfortunately Google didn't turn up any useful information. > > "... the list archives are available to be downloaded as mbox > format,..." I didn't see how (or why) to download the list archives > as a mailbox file - perhaps the website documentation could be > improved. > > "...you'd consult the logs..." > That's what I thought. > But the directive default settings in the clamd.conf file are > #Logfile <disabled> > #LogSyslog no > so there is no logging to look at; nor is there any readily > available samples or explanations of what should be in the logs. > > Thanks for answering the question. > At least now i know that is worthwhile to pursue that line of > inquiry. > > DLS > . > -----Original Message----- > From: clamav-users [mailto:[email protected]] On > Behalf Of Chuck Swiger > Sent: Thursday, August 10, 2017 4:02 PM > To: ClamAV users ML > Subject: Re: [clamav-users] ClamAV documentation help needed > > On Aug 10, 2017, at 10:52 AM, [email protected] > <[email protected]> wrote: > > If it isn't a current issue, how do you search them? > > The majority of people use a search engine like Google. > > However, the list archives are available to be downloaded as mbox > format, which can be imported into a MUA of your choice, or fed into > Lucene, OpenGrok, Apple Spotlight, etc. > > > For example, > > We have installed ClamAV on our Linux mail-server. > > [ ... ] > > How do I know that the user's mail is being scanned *AND* what is > > being detected? > > You'd consult the logs for your MTA or whatever is calling ClamAV, > perhaps amavisd-new, postfix-milter, etc...? > > Regards, > -- > -Chuck _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
