Re: [clamav-users] ClamAV documentation help needed

[Bill Shirley]

On 8/10/2017 1:52 PM, sysad...@chemcut.net wrote:

Forgive me for asking simplistic questions.

I've read the "User Manual".
I've searched the https://www.clamav.net/documents/ webpage.
I signed up for the mailing list and the first thing I did was look for an
index or Table of contents.
There must be thousands of postings going back years.

If it isn't a current issue, how do you search them?

For example,
  We have installed ClamAV on our Linux mail-server.
(The ClamScan database scan works.
We know that because the Crontab that runs "clamscan" sends me an email and
occasionally there is some malware listed.
That's nice, but 99% of the user's email passes thru and is sent out to their
devices between ClamScans.)

How do I know that the user's mail is being scanned *AND* what is being
detected?

Thanks!

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Look at the headers of an email you received.  It should have added lines like:

X-Virus-Scanned: clamav-milter 0.98.7 at myhost.example.com
X-Virus-Status: Clean


Bill

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV documentation help needed

[Paul Kosinski]

I use a very simple logging setup (not syslog):

  LogFile /var/log/clamav/clamd.log
  LogFileMaxSize 0

You didn't say how your MTA is passing the emails to be scanned to
ClamAV.  Perhaps that interface program, such as Amavis, a Milter,
etc., is logging something useful. Or it may even not be set up to use
ClamAV at all.

Paul

P.S. Remember that ClamAV does not automatically scan emails merely
because it is running in the same machine as the MTA. You need to send
it the email contents (and header). This should be done by having clamd
listening on a TCP port or Unix socket and sending it the email via
clamdscan. (It's far too slow to run clamscan for each email, since it
loads the entire virus database each time it starts).



On Thu, 10 Aug 2017 16:38:48 -0400
"sysad...@chemcut.net"  wrote:

> Unfortunately Google didn't turn up any useful information. 
> 
> "... the list archives are available to be downloaded as mbox
> format,..." I didn't see how (or why) to  download the list archives
> as a mailbox file  - perhaps the website documentation could be
> improved.
> 
> "...you'd consult the logs..."
> That's what I thought.
> But the directive default settings in the  clamd.conf   file are
>   #Logfile  
>   #LogSyslog no
> so there is no logging to look at;  nor is there any readily
> available samples or explanations of what should be in the logs.
> 
> Thanks for answering the question.
> At least now i know that is worthwhile to pursue that line of
> inquiry.
> 
> DLS
> .
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Chuck Swiger
> Sent: Thursday, August 10, 2017 4:02 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] ClamAV documentation help needed
> 
> On Aug 10, 2017, at 10:52 AM, sysad...@chemcut.net
>  wrote:
> > If it isn't a current issue, how do you search them?
> 
> The majority of people use a search engine like Google.
> 
> However, the list archives are available to be downloaded as mbox
> format, which can be imported into a MUA of your choice, or fed into
> Lucene, OpenGrok, Apple Spotlight, etc.
> 
> > For example,
> > We have installed ClamAV on our Linux mail-server.
> > [ ... ]
> > How do I know that the user's mail is being scanned *AND* what is 
> > being detected?
> 
> You'd consult the logs for your MTA or whatever is calling ClamAV,
> perhaps amavisd-new, postfix-milter, etc...?
> 
> Regards,
> --
> -Chuck
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV documentation help needed

[Chuck Swiger]

On Aug 10, 2017, at 1:38 PM, sysad...@chemcut.net  wrote:
> Unfortunately Google didn't turn up any useful information. 

Really?

https://www.google.com/search?site=&source=hp&q=clamav+linux+logs 


...and try adding your specific flavor of Linux.

> "... the list archives are available to be downloaded as mbox format,..."
> I didn't see how (or why) to  download the list archives as a mailbox file  -
> perhaps the website documentation could be improved.

If you go here:

http://lists.clamav.net/pipermail/clamav-users/ 


...the "gzip'd Text" links are mbox files, aka text files containing messages
appended together.

> "...you'd consult the logs..."
> That's what I thought.
> But the directive default settings in the  clamd.conf   file are
>  #Logfile  
>  #LogSyslog no
> so there is no logging to look at;  nor is there any readily available samples
> or explanations of what should be in the logs.

You'd consult the logs for your MTA, like Postfix or sendmail, and/or the 
interface
between the MTA and ClamAV, like amavisd or a milter.

> Thanks for answering the question.

You're welcome.  You'd get better results if you mentioned which version of
Linux you were running and how your mail system connects with ClamAV.

(We can't guess what you're running)

Regards,
-- 
-Chuck

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV documentation help needed

[sysad...@chemcut.net]

Unfortunately Google didn't turn up any useful information. 

"... the list archives are available to be downloaded as mbox format,..."
I didn't see how (or why) to  download the list archives as a mailbox file  -
perhaps the website documentation could be improved.

"...you'd consult the logs..."
That's what I thought.
But the directive default settings in the  clamd.conf   file are
  #Logfile  
  #LogSyslog no
so there is no logging to look at;  nor is there any readily available samples
or explanations of what should be in the logs.

Thanks for answering the question.
At least now i know that is worthwhile to pursue that line of  inquiry.

DLS
.
-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of
Chuck Swiger
Sent: Thursday, August 10, 2017 4:02 PM
To: ClamAV users ML
Subject: Re: [clamav-users] ClamAV documentation help needed

On Aug 10, 2017, at 10:52 AM, sysad...@chemcut.net 
wrote:
> If it isn't a current issue, how do you search them?

The majority of people use a search engine like Google.

However, the list archives are available to be downloaded as mbox format,
which can be imported into a MUA of your choice, or fed into Lucene, OpenGrok,
Apple Spotlight, etc.

> For example,
> We have installed ClamAV on our Linux mail-server.
> [ ... ]
> How do I know that the user's mail is being scanned *AND* what is 
> being detected?

You'd consult the logs for your MTA or whatever is calling ClamAV, perhaps
amavisd-new, postfix-milter, etc...?

Regards,
--
-Chuck

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV documentation help needed

[Chuck Swiger]

On Aug 10, 2017, at 10:52 AM, sysad...@chemcut.net  wrote:
> If it isn't a current issue, how do you search them?

The majority of people use a search engine like Google.

However, the list archives are available to be downloaded as mbox format,
which can be imported into a MUA of your choice, or fed into Lucene,
OpenGrok, Apple Spotlight, etc.

> For example,
> We have installed ClamAV on our Linux mail-server.
> [ ... ]
> How do I know that the user's mail is being scanned *AND* what is being
> detected?

You'd consult the logs for your MTA or whatever is calling ClamAV, perhaps
amavisd-new, postfix-milter, etc...?

Regards,
-- 
-Chuck

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV documentation help needed

[sysad...@chemcut.net]

Forgive me for asking simplistic questions.

I've read the "User Manual".
I've searched the https://www.clamav.net/documents/ webpage.
I signed up for the mailing list and the first thing I did was look for an
index or Table of contents.
There must be thousands of postings going back years.

If it isn't a current issue, how do you search them?

For example,
 We have installed ClamAV on our Linux mail-server.
(The ClamScan database scan works. 
We know that because the Crontab that runs "clamscan" sends me an email and
occasionally there is some malware listed.
That's nice, but 99% of the user's email passes thru and is sent out to their
devices between ClamScans.)

How do I know that the user's mail is being scanned *AND* what is being
detected?

Thanks!

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml