Clam log?

Discussion in 'General' started by DrJohn, May 12, 2010.

  1. DrJohn

    DrJohn Member HowtoForge Supporter

    I enabled logging in /home/admispconfig/ispconfig/tools/clamav/etc/clamav.conf:
    Code:
    # Uncomment this option to enable logging.
    # LogFile must be writable for the user running the daemon.
    # Full path is required.
    LogFile /var/log/clamd.log
    
    # By default the log file is locked for writing - the lock protects against
    # running clamd multiple times (if want to run another clamd, please
    # copy the configuration file, change the LogFile variable, and run
    # the daemon with --config-file option). That's why you shouldn't uncomment
    # this option.
    #LogFileUnlock
    
    # Maximal size of the log file. Default is 1 Mb.
    # Value of 0 disables the limit.
    # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
    # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
    # in bytes just don't use modifiers.
    #LogFileMaxSize 2M
    
    # Log time with an each message.
    LogTime
    
    # Use system logger (can work together with LogFile).
    #LogSyslog
    
    # Enable verbose logging.
    LogVerbose
    
    clamd.log is writable (chmod 666 just to be nice):
    Code:
    [email protected]:/home/admispconfig/ispconfig/tools/clamav/etc# ls -la /var/log/clamd.log
    -rw-rw-rw- 1 admispconfig admispconfig 0 2010-05-11 18:07 /var/log/clamd.log
    
    Restarted /etc/init.d/ispconfig_server after changing clamav.conf; the restart of freshclam appears in syslog, but I'm not sure if this means that clamd also was restarted?

    Clam works: if I send email through with eicar.com attached, the email is received (postfix logs it) but it never appears in the inbox. Sending a clean message, of course, is no problem.

    The virus detections are not logged; clamd.log remains a zero-length file. BTW, are the detections quarantined or deleted? If quarantined, where? Is there any documentation on how ispconfig 2 sets up clam?

    Thanks!
     
  2. DrJohn

    DrJohn Member HowtoForge Supporter

    OK, I caught that I forgot to set values to true/yes/1 in clamav.conf. Now its:
    Code:
    # Comment or remove the line below.
    #Example
    
    # Uncomment this option to enable logging.
    # LogFile must be writable for the user running the daemon.
    # Full path is required.
    LogFile /var/log/clamd.log
    
    # By default the log file is locked for writing - the lock protects against
    # running clamd multiple times (if want to run another clamd, please
    # copy the configuration file, change the LogFile variable, and run
    # the daemon with --config-file option). That's why you shouldn't uncomment
    # this option.
    #LogFileUnlock
    
    # Maximal size of the log file. Default is 1 Mb.
    # Value of 0 disables the limit.
    # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
    # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
    # in bytes just don't use modifiers.
    #LogFileMaxSize 2M
    
    # Log time with an each message.
    LogTime 1
    
    # Use system logger (can work together with LogFile).
    LogSyslog 1
    
    # Enable verbose logging.
    LogVerbose 1
    
    but having done so still does not cause any log entries to appear either in the syslog or in clamd.log. When an email is received I can see 50 - 90 % activity on one cpu for clamscan for a few seconds so I know its active.

    Just to be sure I rebooted the server, but the story is the same.

    Anyone have an idea?
     

Share This Page