Logs for ClamAV plugin scans?

iso99

• November 07, 2016 01:55

Are there any log files of SpamAssassin and LMD when they scan using ClamAV? I am testing signatures for false positives. Thank you.

• 

  danielpmc

  • November 07, 2016 18:19

  Hello iso99, Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept. WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)
  2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)" 2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 id=xxxxxxxxxxxxxxxxxx@xxxxx.cpanel.net T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
  

  0
• 

  cPanelMichael

  • November 07, 2016 18:24

  Hello, The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:
  zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
  Thank you.

  0
• 

  iso99

  • November 08, 2016 08:53

  Thanks! So far LMD hasn't returned false positives, that should be the same with SpamAssassin.

  0

Please sign in to leave a comment.