The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logs for ClamAV plugin scans?

Discussion in 'General Discussion' started by iso99, Nov 7, 2016.

Tags:
  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    100
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Are there any log files of SpamAssassin and LMD when they scan using ClamAV?

    I am testing signatures for false positives.

    Thank you.
     
    #1 iso99, Nov 7, 2016
  2. danielpmc

    danielpmc Well-Known Member

    Joined:
    Nov 3, 2016
    Messages:
    59
    Likes Received:
    27
    Trophy Points:
    18
    Location:
    Gainesville, Florida
    cPanel Access Level:
    Root Administrator
    Hello iso99,

    Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept.

    WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)

    Code:
    2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)"

2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 id=xxxxxxxxxxxxxxxxxx@xxxxx.cpanel.net T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
     
    #2 danielpmc, Nov 7, 2016
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
    #3 cPanelMichael, Nov 7, 2016
  4. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    100
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks! So far LMD hasn't returned false positives, that should be the same with SpamAssassin.
     
    #4 iso99, Nov 8, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Logs ClamAV plugin
  1. schatzman

    PHP and PHP-FPM logs for domain

    schatzman, Aug 3, 2017, in forum: EasyApache
    Replies:
    1
    Views:
    98
    cPanelMichael
    Aug 3, 2017
  2. webmasteryoda

    Email Access Logs per domain on a shared VPS server

    webmasteryoda, Jul 7, 2017, in forum: E-mail Discussions
    Replies:
    15
    Views:
    179
    webmasteryoda
    Jul 7, 2017
  3. linux4me2

    ModSecurity Logs Are Getting Huge With Logging Off

    linux4me2, Jun 29, 2017, in forum: Security
    Replies:
    1
    Views:
    161
    cPanelMichael
    Jun 29, 2017
  4. Spencer Marsden

    SOLVED useraccount/logs/website.php.error.log ignoring php.ini settings

    Spencer Marsden, Apr 21, 2017, in forum: EasyApache
    Replies:
    4
    Views:
    271
    Spencer Marsden
    Apr 21, 2017
  5. fared

    After Change IP Address Server domlogs/IP Not found

    fared, Apr 17, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    211
    cPanelMichael
    Apr 18, 2017

Share This Page