I enabled logging in /home/admispconfig/ispconfig/tools/clamav/etc/clamav.conf: Code: # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. #LogFileMaxSize 2M # Log time with an each message. LogTime # Use system logger (can work together with LogFile). #LogSyslog # Enable verbose logging. LogVerbose clamd.log is writable (chmod 666 just to be nice): Code: [email protected] Restarted /etc/init.d/ispconfig_server after changing clamav.conf; the restart of freshclam appears in syslog, but I'm not sure if this means that clamd also was restarted? Clam works: if I send email through with eicar.com attached, the email is received (postfix logs it) but it never appears in the inbox. Sending a clean message, of course, is no problem. The virus detections are not logged; clamd.log remains a zero-length file. BTW, are the detections quarantined or deleted? If quarantined, where? Is there any documentation on how ispconfig 2 sets up clam? Thanks!