Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logs for ClamAV plugin scans?

Discussion in 'General Discussion' started by iso99, Nov 7, 2016.

Tags:
  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    106
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Are there any log files of SpamAssassin and LMD when they scan using ClamAV?

    I am testing signatures for false positives.

    Thank you.
     
    #1 iso99, Nov 7, 2016
  2. danielpmc

    danielpmc Well-Known Member

    Joined:
    Nov 3, 2016
    Messages:
    64
    Likes Received:
    30
    Trophy Points:
    18
    Location:
    Gainesville, Florida
    cPanel Access Level:
    Reseller Owner
    Hello iso99,

    Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept.

    WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)

    Code:
    2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)"

2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 id=xxxxxxxxxxxxxxxxxx@xxxxx.cpanel.net T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
     
    #2 danielpmc, Nov 7, 2016
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,298
    Likes Received:
    1,765
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
    #3 cPanelMichael, Nov 7, 2016
  4. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    106
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks! So far LMD hasn't returned false positives, that should be the same with SpamAssassin.
     
    #4 iso99, Nov 8, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Logs ClamAV plugin
  1. natejasper

    DNSOnly Missing Logs

    natejasper, Mar 27, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    63
    cPanelMichael
    Mar 27, 2018
  2. HostMerit

    PHP error logs

    HostMerit, Mar 12, 2018, in forum: General Discussion
    Replies:
    6
    Views:
    418
    cPanelMichael
    Mar 12, 2018
  3. inspiredearth

    Per domain Apache Error Logs?

    inspiredearth, Mar 11, 2018, in forum: EasyApache
    Replies:
    6
    Views:
    220
    cPanelMichael
    Mar 14, 2018
  4. stavroch

    Export mail logs in txt

    stavroch, Mar 8, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    83
    cPanelMichael
    Mar 8, 2018
  5. vikelidiskostas

    Where are the FTP Logs?

    vikelidiskostas, Feb 18, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    424
    cPanelMichael
    Feb 22, 2018

Share This Page