Thanks, Jas Man. I pulled the zip file version and did what you suggested. The event was logged just fine. In the course of looking at, a thought occurred to me - I had to turn off the dual scan for a few weeks because the processor went thru the roof a little while ago for no good reason. When I dropped to single pass, the processor calmed down. The single scan was using the Sophos engine, meaning the second one was Avira and unused when the virus hit I'm trying to find had occurred. I've since turned the dual scan back up, assuming that there was some sort of messed up signature that was freaking out the non-Sophos engine (it's back to normal now). When I ran the test you suggested, the log line was added and the engine was "SAVI" (Avira). So maybe the problem is that the Sophos hits don't log correctly. Idk. I can grep for "virus detected" on the log I just created and the hit is found right away. If I do the same for the day where the Sophos-only detection occurred (hell, I can run it for the whole month and get the same result), I get nothing. I tried to enable single scan and select Sophos, re-downloaded the virus test file, and the engine reported in the log is still "SAVI." So I don't know if "SAVI" means some combo of the two engines (if so, then why enter the engine at all if it'll always be the same?!) - or if the attempt to force a Sophos-only operation didn't work (or I didn't wait long enough). Regardless, I think I can safely stop worrying about the logs not showing up . Thanks much.
↧