[Logwatch-Devel] Re: Remove time from logwatch reports

Nerijus Baliunas nerijus at users.sourceforge.net
Thu Feb 9 15:28:21 MST 2006

On Thu, 09 Feb 2006 14:08:02 -0800 Mike Tremaine <mgt at stellarcore.net> wrote:

> > And here is the output from kavdaemon:
> > 
> >     ./k187d4530186/21_price.zip/whtmlge.exe^Iinfected: Email-Worm.Win32.Bagle.fj^M : 1 Time(s)
> >     Found viruses: ./k18H8j501094/your_text.pif^Iinfected: Email-Worm.Win32.NetSky.d^M : 1 Time(s)
> > 
> > You can either make kavdaemon a section of its own or use the same Kaspersky Virus Report
> > section.
> These are in your maillogs but are from mailscanner that is do they show
> up as Unmatched entries? Otherwise it is probably just repeated
> information. One report from the daemon and one report for Mailscanner.

These are outputs from kavdaemon. MailScanner supports both Kaspersky (pre 4.5
and > 4.5 versions) and its daemon version (pre 4.5 version only). Output which I
sent earlier (/var/spool/MailScanner/incoming/1352/F3C4917D2E2.92A5A/21_price.zip/whtmlge.exe
	INFECTED	Email-Worm.Win32.Bagle.fj : 1 Time(s)) is from Kaspersky >= 4.5,
while this output is from pre 4.5 kavdaemon (and probably non daemon Kaspersky
too). I'd probably suggest adding this type of output to Kaspersky section and not
making separate pre 4.5 section.
Please note that pre 4.5 outputs DOS line endings (logwatch shows them as ^M),
you may want to strip them from virus names.


More information about the Logwatch-Devel mailing list