Atomicorp

I just killed an older CentOS4 box with Gamera and installed CentOS5 as a virtual machine on a VMWARE ESXi Server and see that there are some new types of entrys in the maillog, like virus_found_in_sent_message that I havn't seen in the old version.

I put togheter a little PHP script that scans trough the maillog to get some stats on how many SPAM/HAM/VIRUS gamera has handled.

Question is, what entries should I look for and how to calculate them to got the right numbers. Would the following three cover all types of actions taken by qmail-scanner/spamssassin?

$string_spam = "SPAM-DELETED";
$string_ham = "Clear:RC";
$string_clamd_virus = "virus_found_in_sent_message";

Using only the first two would cover 100% of all emails beeing hadled? However, I've seen that Clear:RC is often followed by a "virus_found_in_sent_message"...

I should mention that all mails with a score over X is deleted, no subject rewrite in use.

Also, what does Gamera do with emails where a virus is found? Does it only delete the attahced file and send the email over for spamssassin for SPAM-check (or reverse order)? Latest log has ~44000 virus_found_in_sent_message of a total of ~200.000 mails triggering either SPAM-DELETED or Clear:RC...

This is what I look for in atomic scanner:

Thanks. I'll look into that next week.

What about viruses? Does clamd just clean out the infected file and sends the email itself onto spamd or to the email server, or does it delete the whole mail if an virus is found?

Just to know how I should calculate the stats found in maillog and know how many mails that enters the Gamera box and how many that leaves it and are beeing sent onto the PLESK boxes...

Thanks.

It quarantines virii. Its going to pass all the mail through it to the plesk server, regardless of if the mail is going to a valid destination or not.

There is a log-report.sh script available in the qmail-scanner package that you can run on qmail-queue logs: