Koozali.org formerly Contribs.org

Obsolete Releases => SME Server 7.x => Topic started by: TeNeCo on February 26, 2007, 10:38:45 AM

Title: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: TeNeCo on February 26, 2007, 10:38:45 AM
I've just installed SME7.1. Where can I check the results of the SPAM- and Virus Check?
In the CLAM report I found an entry:
/var/spool/qpsmtpd/1172480407:4389:1: Worm.SomeFool.P FOUND

But I would prefer to receive a mail to the admin-account saying: found a virus xxx in the mail FROM with the subject XXX.? The same with the mails that are suppressed by the SPAMcheck.
Title: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: imcintyre on February 26, 2007, 01:00:19 PM
I'm not going to be much of a help, because I'm not sure how this should work.

Do you get an emails telling you that virus scan worked? Something like this:
Quote
----------- SCAN SUMMARY -----------
Known viruses: 90422
Engine version: 0.88.7
Scanned directories: 14561
Scanned files: 30459
Infected files: 0
Data scanned: 8218.27 MB
Time: 7719.593 sec (128 m 39 s


As for spam, I found this:

Quote
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32.
Title: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: TeNeCo on February 26, 2007, 04:16:13 PM
<quote>Do you get an emails telling you that virus scan worked? Something like this:</quote>

No, I don't get emails from the system.
Title: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: imcintyre on February 26, 2007, 04:46:01 PM
I think that setting up to get the admin email forwarded to you would be easiest thing to do first. It was easy and I am not an expert but had some help here and look in manual.
Title: Re: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: PhoeniX on February 26, 2007, 07:52:48 PM
Quote from: "TeNeCo"
But I would prefer to receive a mail to the admin-account saying: found a virus xxx in the mail FROM with the subject XXX.? The same with the mails that are suppressed by the SPAMcheck.


I would like the same. Previous versions with the Knudsen-rpm did this and was helpfull. The only thing that is sending mail is the rootkit notice about the root login..
Title: Re: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: raem on February 26, 2007, 11:44:02 PM
PhoeniX & TeNeCo

> Previous versions with the Knudsen-rpm did this and was helpfull.

That was an add on contrib and it has not been updated for sme7. Comprehensive spam & virus filtering has been incuded in sme7.x by default, but the reporting functionality was not included in the base sme7.x

The answer was provided, but you seem to have skipped over it.
Follow this howto as it has a mailstats component as well as Bayesian learning.

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32.
Title: Re: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: TeNeCo on March 01, 2007, 08:00:23 PM
Quote from: "RayMitchell"
PhoeniX & TeNeCo
The answer was provided, but you seem to have skipped over it.

OK, yes, thats what I was looking for - but that's not that easy for a newbie but it seams to work, fine thanks.

During my search I found the following "system Monitor" - also very nice:

http://sme.swerts-knudsen.dk

and on the left side: system information
Title: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: TeNeCo on March 02, 2007, 07:50:09 AM
I've just received the overnight mails; there in "Spam Filter Statistics from gateway" I can see:

Virus Statistics by name:
---------------------------------------------
Rejected 2    HTML.Phishing.Bank-1109
Rejected 1    HTML.Phishing.Bank-1141
Rejected 1    Exploit.HTML.IFrame
Rejected 1    Worm.SomeFool.P
---------------------------------------------

But I can't retrieve where they are coming from, the subject and the local account receiving this mails.

This mail was received from admin, the one received this night from sme7admin-daemon contains no information.
Title: SME 7.1 where are the results of ClamAV and Spamcheck?
Post by: raem on March 02, 2007, 10:36:23 AM
TeNeCo

> Rejected 2    HTML.Phishing.Bank-1109
>... I can't retrieve where they are coming from, the subject and the local account receiving this mails.

That's because the messages have been rejected and therefore your server does not have that information ie the message was never accepted.