- `notifylevel` will change what gets sent as part of the antivirus
notification emails based on the scan type. For example if set on
SCAN_RESULT_FOUND, it will not notify for any detections, if set to
SCAN_RESULT_ERROR, it will notify for both detections and errors.
- `threshold` will determine how far the lookback is when displaying the
status of the /reports/status (System Status) page. It will display as
an ERROR state if there has been scanner issues within this certain
threshold period
- As part of the above, scanner errors will now trigger a new event
which will be logged as antivirus_scan_data_error or
antivirus_scan_file_error. Due to the nature of it reading from the
logs table, it only works currently for the "Standard logging"
logstore.
This patch moves existing scanning functionality to plugin level. It does
not add anything new, just refactors the existing functionality.
AMOS BEGIN
MOV [clamemailsubject,core],[emailsubject,antivirus]
MOV [clamfailed,core],[clamfailed,antivirus_clamav]
MOV [clamlost,core],[invalidpathtoclam,antivirus_clamav]
MOV [clamunknownerror,core],[unknownerror,antivirus_clamav]
MOV [virusfounduser,core],[virusfounduser,antivirus]
AMOS END
