I enabled logging in /home/admispconfig/ispconfig/tools/clamav/etc/clamav.conf:
# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Log time with an each message.
# Use system logger (can work together with LogFile).
# Enable verbose logging.
clamd.log is writable (chmod 666 just to be nice):
root@m2a74am-vm1:/home/admispconfig/ispconfig/tools/clamav/etc# ls -la /var/log/clamd.log
-rw-rw-rw- 1 admispconfig admispconfig 0 2010-05-11 18:07 /var/log/clamd.log
Restarted /etc/init.d/ispconfig_server after changing clamav.conf; the restart of freshclam appears in syslog, but I'm not sure if this means that clamd also was restarted?
Clam works: if I send email through with eicar.com attached, the email is received (postfix logs it) but it never appears in the inbox. Sending a clean message, of course, is no problem.
The virus detections are not logged; clamd.log remains a zero-length file. BTW, are the detections quarantined or deleted? If quarantined, where? Is there any documentation on how ispconfig 2 sets up clam?