Eddie,
You do not need to run clamav twice to detect both phish and viruses. If
you put the phish.ndb into the same directory as the clam db it will also
use that.
Also, for me to get the virus name I had to use the wrapper.
This snippett below is from Scott Fisher who helped me get mine going.
I use this version of the cygwin clam
http://www.sosdg.org/clamav-win32/index.php
I use Terri Fitts's runclamscan wrapper and runclamd service:
http://www.smartbusiness.com/imail/declude/
Here is my virus.cfg entry
#
# Clam A/V
#
# Runclamscan log levels
# log=0 (no logging)
# log=1 (minimal logging only date, time, elapsed times, viruses)
# log=2 (log all messages same as 1)
# log=3 (debug log - whole bunch of stuff - multiple lines)
#
SCANFILE2 d:\imail\declude\runclamscan.exe log=1
C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space
1M -l report.txt
VIRUSCODE2 1
REPORT2 FOUND
Hope this helps,
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message -
From: Eddie Pang [EMAIL PROTECTED]
To: declude.virus@declude.com
Sent: Thursday, October 26, 2006 2:43 AM
Subject: [Declude.Virus] RE: Differences in reporting of ClamAV And ClamWin.
Hi All,
I am stumpted.
I am trying to run ClamAV to take advantage of clamdscan.exe for speed and
performance, but I am unable to gather statistics for use with DLAnalyzer.
Looking closer at the logs, I find a slight variation between the 2
products. ClamWin reports the phish/virus on the same line as virus=.
However with ClamAV, the Virus= is blank, and the phish/virus is on the next
line.
ClamAV is from www.sosdg.org version 0.88.4-1, and ClamWin is from
www.clamwin.net version 0.88.5.
Any suggestions to ClamAV (Scanner3) would be greatly appreciated.
Sincerely,
Eddie.
=
SCANFILE2 C:\imail\declude\runclamscan.exe log=2
c:\Progra~1\clamwin\bin\clamscan.exe --verbose
--database=C:\Docume~1\Alluse~1\.clamwin\db --tempdir=c:\temp
--no-summary --max-ratio 0 -l report.txt
VIRUSCODE2 1
REPORT2 FOUND
#
SCANFILE3 C:\imail\declude\runclamscan.exe log=2
C:\clamav-devel\bin\clamdscan.exe --quiet --log-verbose --no-summary
--max-ratio 0 -l report.txt
VIRUSCODE3 1
REPORT3 FOUND
==
10/25/2006 19:07:52.875 q4148041a01064bf4.smd Virus scanner 2 reports exit
code of 1
10/25/2006 19:07:52.875 q4148041a01064bf4.smd Scanner 2: Virus=
Html.Phishing.Rock.Sanesecurity.06050500 Attachment= [14] O
10/25/2006 19:07:59.578 q4148041a01064bf4.smd Virus scanner 3 reports exit
code of 1
10/25/2006 19:07:59.578 q4148041a01064bf4.smd Scanner 3: Virus= Attachment=
[14] O
10/25/2006 19:07:59.578 q4148041a01064bf4.smd File(s) are INFECTED [
Html.Phishing.Rock.Sanesecurity.06050500: 1]
==
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
