Logs for ClamAV plugin scans?

iso99

Well-Known Member
Jan 5, 2011
112
7
68
cPanel Access Level
Root Administrator
Are there any log files of SpamAssassin and LMD when they scan using ClamAV?

I am testing signatures for false positives.

Thank you.
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello iso99,

Below is a sanitized live log from my exim log. This was sent from cPanel forums today. I have my SpamAssasin set to 3 in all SpamAssasin related WHM/Tweak Settings. Also in my domains Spammassasin controls i set it to auto-delete anything scoring above 3. I do not know where ClamAv logs are kept. Also i do not want to imply that this is the only place SpamAssasin scan logs are kept.

WHM/Plugins/Configserver Explorer/var/log/exim_mainlog (also look at exim_paniclog and exim_rejectlog)

Code:
2016-11-07 13:10:04 1c3oMd-0004fE-Io H=xxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 Warning: "SpamAssassin as xxxx detected message as NOT spam (-101.5)"

2016-11-07 13:10:04 1c3oMd-0004fE-Io <= xxxx AT cpanel dot net H=xxxxx.cpanel.net [xxx.xxx.xxx.xxx]:45570 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11005 [email protected] T="Tips for .htaccess - New reply to watched thread" for xxxx AT xxxxxxxx dot com
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

The previous post is accurate. ClamAV activity is logged to /var/log/exim_mainlog and /var/log/exim_rejectlog. For instance, you can see messages flagged by ClamAV with a command such as:

Code:
zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
Thank you.