[Clamav-users] Locating Infected Files in Logs
I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan: --- SCAN SUMMARY --- Known viruses: 847768 Engine version: 0.96.4 Scanned directories: 23114 Scanned files: 1066439 Infected files: 2 Data scanned: 178014.89 MB Data read: 66031.46 MB (ratio 2.70:1) Time: 36618.184 sec (610 m 18 s) My question is where or how can I see what the location of the two infected files are? I looked at /var/log/clamav/freshclam.log didn't see anything there when grep'ing for the word infected. Can anyone please help me understand how I can locate the directory / files that were infected? Thanks! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Locating Infected Files in Logs
On Fri, Oct 29, 2010 at 1:12 PM, Dennis Peterson denni...@inetnw.com wrote: On 10/29/10 6:22 AM, Carlos Mennens wrote: My question is where or how can I see what the location of the two infected files are? I looked at /var/log/clamav/freshclam.log didn't see anything there when grep'ing for the word infected. In my logs I look for FOUND. I was told that 'clamscan' doesn't create logs since I run it manually. I was referenced to use -l scan-results.txt if I wanted some summery of the scan. Is this not correct? When I scan my 'clamd' files for FOUND I get: [r...@mail clamav]# cat clamd.log | grep -i found Mon Oct 25 15:04:07 2010 - /var/amavis/tmp/amavis-20101025T135520-07414/parts/p004: Heuristics.Phishing.Email.SpoofedDomain FOUND Thu Oct 28 13:02:19 2010 - /var/amavis/tmp/amavis-20101028T124816-21500/parts/p366: Heuristics.Broken.Executable FOUND Fri Oct 29 11:41:05 2010 - /var/amavis/tmp/amavis-20101029T111831-12439/parts/p001: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 11:41:05 2010 - /var/amavis/tmp/amavis-20101029T111831-12439/parts/p002: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 12:07:11 2010 - /var/amavis/tmp/amavis-20101029T111831-12439/parts/p001: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 12:07:11 2010 - /var/amavis/tmp/amavis-20101029T111831-12439/parts/p002: Email.Phishing.Yaleedu-10 FOUND Fri Oct 29 13:45:28 2010 - /var/amavis/tmp/amavis-20101029T113827-14030/parts/p002: HTML.Phishing.Bank-89 FOUND Fri Oct 29 13:45:28 2010 - /var/amavis/tmp/amavis-20101029T113827-14030/parts/p001: HTML.Phishing.Bank-89 FOUND ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Duplicate Database
2010/10/7 Török Edwin edwinto...@gmail.com: Delete the .cvd then run freshclam. Thanks! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] How Do You Integrate ClamAV?
I was curious of what most of everyone on the list uses to integrate ClamAV into their MTA (specifically Postfix)? I was under the impression that I had to use Amavisd-new which allows me to integrate 'SpamAssassin' ' ClamAV'. Do you guys have any recommendations for a simple method of integrating virus scanning into Postfix? Thanks for any info! -Carlos ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml