Description of problem: I recently upgraded a server from FC4 to F7 and now I'm getting tons of unrecognized clamav output lines in my daily log reports. In particular, I get lines like: **Unmatched Entries** /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.vNhKS6: Worm.Mydoom.M FOUND Version-Release number of selected component (if applicable): logwatch-7.3.4-6.fc7 clamav-milter-0.91.2-2.fc7 How reproducible: It happens every day. Steps to Reproduce: 1. Enable clamav-milter 2. Wait for some worm to hit you 3. Read the logwatch Actual results: Infected messages: W32.Cuter: 5 Message(s) W32.Sality.Q-1: 3 Message(s) Worm.Mydoom.M: 114 Message(s) **Unmatched Entries** /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.vNhKS6: Worm.Mydoom.M FOUND /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.auRBm7: Worm.Mydoom.M FOUND [snip] Expected results: no unmatched entries... Additional info: This patch (untested at this point; I'll know tomorrow) might fix it: --- /usr/share/logwatch/scripts/services/clamav-milter~ 2007-04-13 09:51:58.0000 00000 -0400 +++ /usr/share/logwatch/scripts/services/clamav-milter 2007-11-01 10:45:06.0000 00000 -0400 @@ -28,6 +28,8 @@ $DaemonStop++; } elsif (($ThisLine =~ /^Starting/)) { $DaemonStart++; + } elsif (($ThisLine =~ m#^/tmp/clamav-#)) { + # Do not care about this } else { push @OtherList,$ThisLine; }
Please could you send me a grep from your /var/log/maillog file which where will be these logs.
Does it come from maillog or /var/log/clamav-milter? Sure, I can give you a grep; what exactly do you want me to grep for?
My clamd.milter file has entries like: /tmp/clamav-b96e0a005b2be94e/msg.vMfLUI: Worm.Mytob.V FOUND /tmp/clamav-b96e0a005b2be94e/msg.zDn967: Worm.Mytob.V FOUND LibClamAV Warning: Not reloading database until idle - waiting for 1 children LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Waiting for 0 children until databae reload My /var/log/maillog has entries like: Nov 4 09:27:38 cvs clamav-milter[2865]: /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.NC9OnG: Worm.Mydoom.M FOUND Nov 4 09:27:38 cvs clamav-milter[2865]: lA4ERbF4012304: /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.NC9OnG: Worm.Mydoom.M Intercepted virus from <noreply> to gnucash-user Nov 4 09:27:41 cvs clamav-milter[2865]: /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.sHwz9v: Worm.Mydoom.M FOUND Nov 4 09:27:41 cvs clamav-milter[2865]: lA4EReWj012312: /tmp/clamav-9e1f83d4b9b64fbb175a994c03a1c3aa/msg.sHwz9v: Worm.Mydoom.M Intercepted virus from <MAILER-DAEMON.org> to gnucash-user Nov 4 09:31:47 cvs clamav-milter[2865]: Database has changed, loading updated database Nov 4 09:31:51 cvs clamav-milter[2865]: Loaded ClamAV 0.91.2/4672/Sun Nov 4 06:38:42 2007 Nov 4 09:31:51 cvs clamav-milter[2865]: ClamAV: Protecting against 164207 viruses
Thanks. Fixed in logwatch-7.3.6-11.fc9.