The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logs for ClamAV plugin scans?

Discussion in 'General Discussion' started by iso99, Nov 7, 2016.

Tags:
  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    100
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Are there any log files of SpamAssassin and LMD when they scan using ClamAV?

    I am testing signatures for false positives.

    Thank you.
     
  2. danielpmc

    danielpmc Well-Known Member

    Joined:
    Nov 3, 2016
    Messages:
    59
    Likes Received:
    27
    Trophy Points:
    18
    Location:
    Gainesville, Florida
    cPanel Access Level:
    Root Administrator
    Hello iso99,

    Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept.

    WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)

    Code:
    2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)"
    
    2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 id=xxxxxxxxxxxxxxxxxx@xxxxx.cpanel.net T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
     
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
  4. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    100
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks! So far LMD hasn't returned false positives, that should be the same with SpamAssassin.
     
Loading...

Share This Page