Hi there, On Fri, 29 May 2020, John Robison wrote:
We use a client/server setup where clamd runs on one server and exposes a port, and other servers connect to it using TCPAddr in their configuration. I see that on the clamd server I can use something like `VirusEvent `echo "Virus detected: %v"` when a virus is detected, but this doesn't tell me which client node has the virus. Is there a way for the clamd server to report the hostname (or IP, or any kind of identifier) of the client when a virus is detected?
It already does that: # grep FOUND mail.info | tail -n 1 May 17 00:19:43 mailscanner clamd[1427]: instream(192.168.44.25@37210): Sanesecurity.Spam.12727.UNOFFICIAL FOUND Perhaps you can share your configuration? -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
