Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Logs for ClamAV plugin scans?

Discussion in 'General Discussion' started by iso99, Nov 7, 2016.

Tags:
  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    112
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Are there any log files of SpamAssassin and LMD when they scan using ClamAV?

    I am testing signatures for false positives.

    Thank you.
     
    #1 iso99, Nov 7, 2016
  2. danielpmc

    danielpmc Well-Known Member

    Joined:
    Nov 3, 2016
    Messages:
    76
    Likes Received:
    32
    Trophy Points:
    18
    Location:
    Gainesville, Florida
    cPanel Access Level:
    Reseller Owner
    Hello iso99,

    Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept.

    WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)

    Code:
    2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)"

2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 id=xxxxxxxxxxxxxxxxxx@xxxxx.cpanel.net T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 danielpmc, Nov 7, 2016
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Nov 7, 2016
  4. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    112
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks! So far LMD hasn't returned false positives, that should be the same with SpamAssassin.
     
    #4 iso99, Nov 8, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Logs ClamAV plugin
  1. speckados

    Understanding the cPanel and Webmail access logs

    speckados, Sep 20, 2018 at 9:43 AM, in forum: E-mail Discussion
    Replies:
    2
    Views:
    60
    cPanelMichael
    Sep 21, 2018 at 9:50 AM
  2. abdelhost77

    dcpumon logs are empty

    abdelhost77, Sep 2, 2018, in forum: General Discussion
    Replies:
    8
    Views:
    85
    cPanelLauren
    Sep 7, 2018
  3. Bob1965

    SOLVED Domlogs Processing Buffer Location

    Bob1965, Aug 30, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    83
    cPanelLauren
    Aug 31, 2018
  4. ca2236

    SOLVED Timeout errors in logs

    ca2236, Aug 29, 2018, in forum: General Discussion
    Replies:
    9
    Views:
    121
    cPanelLauren
    Sep 7, 2018
  5. Vipin Haridas

    Private IPs in access logs?

    Vipin Haridas, Aug 23, 2018, in forum: Security
    Replies:
    1
    Views:
    112
    cPanelMichael
    Aug 24, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice