Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logs for ClamAV plugin scans?

Discussion in 'General Discussion' started by iso99, Nov 7, 2016.

Tags:
  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    104
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Are there any log files of SpamAssassin and LMD when they scan using ClamAV?

    I am testing signatures for false positives.

    Thank you.
     
    #1 iso99, Nov 7, 2016
  2. danielpmc

    danielpmc Well-Known Member

    Joined:
    Nov 3, 2016
    Messages:
    64
    Likes Received:
    28
    Trophy Points:
    18
    Location:
    Gainesville, Florida
    cPanel Access Level:
    Reseller Owner
    Hello iso99,

    Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept.

    WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)

    Code:
    2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)"

2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 id=xxxxxxxxxxxxxxxxxx@xxxxx.cpanel.net T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
     
    #2 danielpmc, Nov 7, 2016
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
    #3 cPanelMichael, Nov 7, 2016
  4. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    104
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks! So far LMD hasn't returned false positives, that should be the same with SpamAssassin.
     
    #4 iso99, Nov 8, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Logs ClamAV plugin
  1. Masimo

    In Progress Locating access logs for file on an account

    Masimo, Oct 14, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    67
    cPAusaf
    Oct 14, 2017
  2. AK97127

    Viewing logs question

    AK97127, Oct 8, 2017, in forum: E-mail Discussions
    Replies:
    4
    Views:
    80
    cPanelMichael
    Oct 10, 2017
  3. Nirjonadda

    AutoSSL Logs

    Nirjonadda, Sep 23, 2017, in forum: Security
    Replies:
    3
    Views:
    119
    cPanelMichael
    Sep 25, 2017
  4. nlaruelle

    Large SSL Logs Issue

    nlaruelle, Sep 4, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    95
    cPanelMichael
    Sep 6, 2017
  5. martin MHC

    Can WHM Update Logs actually show Files that have been updated

    martin MHC, Aug 31, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    111
    cPanelMichael
    Aug 31, 2017

Share This Page