Discussion:
[Clamav-users] clamav no timestamp in the logs
franckm
2012-12-06 11:05:39 UTC
Permalink
I am using clamav on linux in the command line

When I use clamscan from the command line the log file does not show
timestamps

I have seen no option to turn timestamps on in log files

I'd like to get a timestamp especially for the "scanning" and "OK" log
lines.

I have seen that /etc/clamd.conf includes an option to display log times:
# Log time with each message.
# Default: no
LogTime yes

But turning this on has no effect on clamscan when it is run from the
command line.
clamscan --verbose /tmp/clamscan-franck-test/spots2_32521.zip
Scanning /tmp/clamscan-franck-test/spots2_32521.zip
/tmp/clamscan-franck-test/spots2_32521.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 315745
Engine version: 0.93
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 25.25 MB
Time: 4.271 sec (0 m 4 s)


Any help much appreciated
--
View this message in context: http://old.nabble.com/clamav-no-timestamp-in-the-logs-tp34756576p34756576.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Al Varnell
2012-12-06 11:49:12 UTC
Permalink
Post by franckm
I am using clamav on linux in the command line
When I use clamscan from the command line the log file does not show
timestamps
I have seen no option to turn timestamps on in log files
I'd like to get a timestamp especially for the "scanning" and "OK" log
lines.
# Log time with each message.
# Default: no
LogTime yes
That is correct, so you should be using clamdscan instead of clamscan.



-Al-
--
Al Varnell
Mountain View, CA



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
franckm
2012-12-06 12:28:49 UTC
Permalink
Post by Al Varnell
Post by franckm
I am using clamav on linux in the command line
When I use clamscan from the command line the log file does not show
timestamps
I have seen no option to turn timestamps on in log files
I'd like to get a timestamp especially for the "scanning" and "OK" log
lines.
# Log time with each message.
# Default: no
LogTime yes
That is correct, so you should be using clamdscan instead of clamscan.
-Al-
--
Al Varnell
Mountain View, CA
With clamdscan, it still does not show timestamps (see below)

The default config (/etc/clamd.conf) is to no show LogTimes. I have changed
that (LogTime yes). Is there anything I need to do after having changed the
clamd config?

***@svr-stage1:/tmp/clamscan-franck-test> clamdscan
clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
--
View this message in context: http://old.nabble.com/clamav-no-timestamp-in-the-logs-tp34756576p34766121.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Bowie Bailey
2012-12-06 15:04:35 UTC
Permalink
Post by franckm
With clamdscan, it still does not show timestamps (see below)
The default config (/etc/clamd.conf) is to no show LogTimes. I have changed
that (LogTime yes). Is there anything I need to do after having changed the
clamd config?
Restart clamd.
Post by franckm
clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
That looks like stdout from clamdscan. What does the logfile look
like? Are you logging to a file or via syslog?
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
David Raynor
2012-12-06 15:25:55 UTC
Permalink
Post by Bowie Bailey
Post by franckm
With clamdscan, it still does not show timestamps (see below)
The default config (/etc/clamd.conf) is to no show LogTimes. I have changed
that (LogTime yes). Is there anything I need to do after having changed the
clamd config?
Restart clamd.
Post by franckm
clamscan-franck-testclamscan-**man.txt
/tmp/clamscan-franck-test/**clamscan-franck-testclamscan-**man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
That looks like stdout from clamdscan. What does the logfile look like?
Are you logging to a file or via syslog?
--
Bowie
______________________________**_________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
Bowie is right. The logfile contents and the output on stdout are treated
differently. Check your clamd.conf for the LogFile option (and make sure it
is not commented out).

Dave R.
--
---
Dave Raynor
Sourcefire Vulnerability Research Team
***@sourcefire.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
franckm
2012-12-06 15:43:26 UTC
Permalink
Post by David Raynor
Bowie is right. The logfile contents and the output on stdout are treated
differently. Check your clamd.conf for the LogFile option (and make sure it
is not commented out).
Dave R.
--
---
Dave Raynor
Sourcefire Vulnerability Research Team
Ok I've done that. LogTimes are shown (in a weird datetime format) but the
Post by David Raynor
clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
Post by David Raynor
sudo tail -500f /tmp/clamd.log
Thu Dec 6 15:32:39 2012 -> +++ Started at Thu Dec 6 15:32:39 2012
Thu Dec 6 15:32:39 2012 -> clamd daemon 0.93 (OS: linux-gnu, ARCH: x86_64,
CPU: x86_64)
Thu Dec 6 15:32:39 2012 -> Running as user vscan (UID 65, GID 108)
Thu Dec 6 15:32:39 2012 -> Log file size limited to 2097152 bytes.
Thu Dec 6 15:32:39 2012 -> Reading databases from /var/lib/clamav
Thu Dec 6 15:32:39 2012 -> Not loading PUA signatures.
Thu Dec 6 15:32:41 2012 -> Loaded 315745 signatures.
Thu Dec 6 15:32:41 2012 -> TCP: Bound to address 127.0.0.1 on port 3310
Thu Dec 6 15:32:41 2012 -> TCP: Setting connection queue length to 15
Thu Dec 6 15:32:41 2012 -> LOCAL: Unix socket file
/var/lib/clamav/clamd-socket
Thu Dec 6 15:32:41 2012 -> LOCAL: Setting connection queue length to 15
Thu Dec 6 15:32:41 2012 -> Listening daemon: PID: 17811
Thu Dec 6 15:32:41 2012 -> Limits: Global size limit set to 104857600
bytes.
Thu Dec 6 15:32:41 2012 -> Limits: File size limit set to 26214400 bytes.
Thu Dec 6 15:32:41 2012 -> Limits: Recursion level limit set to 16.
Thu Dec 6 15:32:41 2012 -> Limits: Files limit set to 10000.
Thu Dec 6 15:32:41 2012 -> Archive support enabled.
Thu Dec 6 15:32:41 2012 -> Algorithmic detection enabled.
Thu Dec 6 15:32:41 2012 -> Portable Executable support enabled.
Thu Dec 6 15:32:41 2012 -> ELF support enabled.
Thu Dec 6 15:32:41 2012 -> Mail files support enabled.
Thu Dec 6 15:32:41 2012 -> OLE2 support enabled.
Thu Dec 6 15:32:41 2012 -> PDF support disabled.
Thu Dec 6 15:32:41 2012 -> HTML support enabled.
Thu Dec 6 15:32:41 2012 -> Self checking every 1800 seconds.
--
View this message in context: http://old.nabble.com/clamav-no-timestamp-in-the-logs-tp34756576p34766927.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Bowie Bailey
2012-12-06 15:53:46 UTC
Permalink
Post by franckm
Ok I've done that. LogTimes are shown (in a weird datetime format) but the
Post by David Raynor
clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
By default, clamd does not log clean files. There is an option for that
in clamd.conf...

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean 1
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
franckm
2012-12-06 16:25:33 UTC
Permalink
Post by Bowie Bailey
Post by franckm
Ok I've done that. LogTimes are shown (in a weird datetime format) but the
Post by David Raynor
clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
By default, clamd does not log clean files. There is an option for that
in clamd.conf...
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean 1
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thanks it works now but I am not getting the log line when a new file is
getting scanned. I only get the result (OK line)
Post by Bowie Bailey
clamscan --verbose
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
Scanning /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK

----------- SCAN SUMMARY -----------
Known viruses: 315745
Engine version: 0.93
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
Time: 2.001 sec (0 m 2 s)


With clamdscan in verbose mode (LogVerbose yes) I get only the OK line


***@svr-stage1:/tmp> sudo tail -500f clamd.log
Thu Dec 6 16:16:12 2012 -> +++ Started at Thu Dec 6 16:16:12 2012
Thu Dec 6 16:16:12 2012 -> clamd daemon 0.93 (OS: linux-gnu, ARCH: x86_64,
CPU: x86_64)
Thu Dec 6 16:16:12 2012 -> Running as user vscan (UID 65, GID 108)
Thu Dec 6 16:16:12 2012 -> Log file size limited to 2097152 bytes.
Thu Dec 6 16:16:12 2012 -> Reading databases from /var/lib/clamav
Thu Dec 6 16:16:12 2012 -> Not loading PUA signatures.
Thu Dec 6 16:16:14 2012 -> Loaded 315745 signatures.
Thu Dec 6 16:16:14 2012 -> TCP: Bound to address 127.0.0.1 on port 3310
Thu Dec 6 16:16:14 2012 -> TCP: Setting connection queue length to 15
Thu Dec 6 16:16:14 2012 -> LOCAL: Unix socket file
/var/lib/clamav/clamd-socket
Thu Dec 6 16:16:14 2012 -> LOCAL: Setting connection queue length to 15
Thu Dec 6 16:16:14 2012 -> Listening daemon: PID: 23854
Thu Dec 6 16:16:14 2012 -> Limits: Global size limit set to 104857600
bytes.
Thu Dec 6 16:16:14 2012 -> Limits: File size limit set to 26214400 bytes.
Thu Dec 6 16:16:14 2012 -> Limits: Recursion level limit set to 16.
Thu Dec 6 16:16:14 2012 -> Limits: Files limit set to 10000.
Thu Dec 6 16:16:14 2012 -> Archive support enabled.
Thu Dec 6 16:16:14 2012 -> Algorithmic detection enabled.
Thu Dec 6 16:16:14 2012 -> Portable Executable support enabled.
Thu Dec 6 16:16:14 2012 -> ELF support enabled.
Thu Dec 6 16:16:14 2012 -> Mail files support enabled.
Thu Dec 6 16:16:14 2012 -> OLE2 support enabled.
Thu Dec 6 16:16:14 2012 -> PDF support disabled.
Thu Dec 6 16:16:14 2012 -> HTML support enabled.
Thu Dec 6 16:16:14 2012 -> Self checking every 1800 seconds.
Thu Dec 6 16:16:17 2012 ->
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
--
View this message in context: http://old.nabble.com/clamav-no-timestamp-in-the-logs-tp34756576p34767114.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Bowie Bailey
2012-12-06 16:50:01 UTC
Permalink
Post by franckm
Post by Bowie Bailey
Post by franckm
Ok I've done that. LogTimes are shown (in a weird datetime format) but the
Post by David Raynor
clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
By default, clamd does not log clean files. There is an option for that
in clamd.conf...
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean 1
Thanks it works now but I am not getting the log line when a new file is
getting scanned. I only get the result (OK line)
Post by Bowie Bailey
clamscan --verbose
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
Scanning /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Known viruses: 315745
Engine version: 0.93
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
Time: 2.001 sec (0 m 2 s)
With clamdscan in verbose mode (LogVerbose yes) I get only the OK line
Thu Dec 6 16:16:17 2012 ->
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
I don't think there is any way to replicate the verbose command line
behavior in the log file. The log file will only log one line per file
scanned indicating whether it is clean or has a virus.

Is there really any value in logging that a file is being scanned and
then 2 seconds later logging that the file is clean?
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
franckm
2012-12-06 17:12:33 UTC
Permalink
Post by Bowie Bailey
Post by franckm
Post by Bowie Bailey
Post by franckm
Ok I've done that. LogTimes are shown (in a weird datetime format) but the
Post by Al Varnell
clamdscan
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
By default, clamd does not log clean files. There is an option for that
in clamd.conf...
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean 1
Thanks it works now but I am not getting the log line when a new file is
getting scanned. I only get the result (OK line)
Post by Bowie Bailey
clamscan --verbose
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
Scanning /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Known viruses: 315745
Engine version: 0.93
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
Time: 2.001 sec (0 m 2 s)
With clamdscan in verbose mode (LogVerbose yes) I get only the OK line
Thu Dec 6 16:16:17 2012 ->
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
I don't think there is any way to replicate the verbose command line
behavior in the log file. The log file will only log one line per file
scanned indicating whether it is clean or has a virus.
Is there really any value in logging that a file is being scanned and
then 2 seconds later logging that the file is clean?
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thanks.
In the context of a real-time ESB where message consumers expect a given
file to be scanned, it could be useful. If the scanning line is not shown,
troubleshooting is harder as you don't know if the problem is with the
antivirus software or the program that triggers it.

Also without this line it's harder to get stats. How long before a file gets
scanned (after it's reached our infrastructure) and how long it takes to
clear it.

If we can't measure, we can't improve.

I am not sure I understand why some features are provided by clamscan but
not by clamdscan and others are provided by clamdscan but missing from
clamscan.
--
View this message in context: http://old.nabble.com/clamav-no-timestamp-in-the-logs-tp34756576p34767286.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Gene Heskett
2012-12-06 18:44:34 UTC
Permalink
Post by Bowie Bailey
Post by franckm
Post by Bowie Bailey
Post by franckm
Ok I've done that. LogTimes are shown (in a weird datetime format) but the
Post by Al Varnell
clamdscan
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.003 sec (0 m 0 s)
By default, clamd does not log clean files. There is an option for
that in clamd.conf...
Speaking of clamd.conf, I wonder if some of you might be editing the wrong
clamd.conf file? I am not sure how it got to be, but according the the
launcher script in /etc/init.d. it is using /etc/clamav/clamd.conf, but I
have others also.

***@coyote:/etc/clamav# locate clamd.conf
/etc/clamd.conf
/etc/clamav/clamd.conf
/usr/etc/clamd.conf
/usr/local/etc/clamd.conf
/usr/share/doc/clamav-base/examples/clamd.conf
/usr/share/man/man5/clamd.conf.5.gz
/usr/src/clamav-0.97.5/docs/man/clamd.conf.5
/usr/src/clamav-0.97.5/docs/man/clamd.conf.5.in
/usr/src/clamav-0.97.5/etc/clamd.conf
/var/lib/ucf/cache/:etc:clamav:clamd.conf

The 9.5 in installed when it was obvious that ubuntu wasn't going to update
the 96.3 install 10.04.4 came with, but now they must have because clamd --
version says 97.6.

The src tree can be nuked, as can /etc/clamd.conf, /usr/etc/clamd.conf.
/usr/local/etc/clamd.conf. It is much less confusing when you only have
_one_ clamd.conf, preferably located where the launcher in /etc/init.d says
it is.

The same situation vis-a-vis freshclam also exists, so I have been doing
some house cleaning.
Post by Bowie Bailey
Post by franckm
Post by Bowie Bailey
# Also log clean files. Useful in debugging but drastically increases
the # log size.
# Default: disabled
#LogClean 1
Thanks it works now but I am not getting the log line when a new file
is getting scanned. I only get the result (OK line)
Post by Bowie Bailey
clamscan --verbose
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
Scanning
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
----------- SCAN SUMMARY -----------
Known viruses: 315745
Engine version: 0.93
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
Time: 2.001 sec (0 m 2 s)
With clamdscan in verbose mode (LogVerbose yes) I get only the OK line
Thu Dec 6 16:16:17 2012 ->
/tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK
I don't think there is any way to replicate the verbose command line
behavior in the log file. The log file will only log one line per file
scanned indicating whether it is clean or has a virus.
Is there really any value in logging that a file is being scanned and
then 2 seconds later logging that the file is clean?
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
If you keep anything long enough, you can throw it away.
I was taught to respect my elders, but its getting
harder and harder to find any...
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dennis Peterson
2012-12-06 18:49:49 UTC
Permalink
Post by Gene Heskett
Speaking of clamd.conf, I wonder if some of you might be editing the wrong
clamd.conf file? I am not sure how it got to be, but according the the
launcher script in /etc/init.d. it is using /etc/clamav/clamd.conf, but I
have others also.
You should make no assumptions about the location of the clamd.conf
file. It can be anywhere but is specified by the configure/compile
operation, the installer if built from source, the RPM packager, and the
command line in the launch script. Any or all can be screwed up or got
right by any of the people involved.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Gene Heskett
2012-12-06 19:12:52 UTC
Permalink
Post by Dennis Peterson
Post by Gene Heskett
Speaking of clamd.conf, I wonder if some of you might be editing the
wrong clamd.conf file? I am not sure how it got to be, but according
the the launcher script in /etc/init.d. it is using
/etc/clamav/clamd.conf, but I have others also.
You should make no assumptions about the location of the clamd.conf
file. It can be anywhere but is specified by the configure/compile
operation, the installer if built from source, the RPM packager, and the
command line in the launch script. Any or all can be screwed up or got
right by any of the people involved.
dp
Of course I understand that Dennis, but when you go from an old, broken deb
install, to a tarball build and then back to a deb install, these installs
have no clue that they are replacing a different install, so its best to
end the confusion and summarily nuke the old stuff.

Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
I was in a beauty contest one. I not only came in last, I was hit in
the mouth by Miss Congeniality.
-- Phyllis Diller
I was taught to respect my elders, but its getting
harder and harder to find any...
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2012-12-08 07:44:37 UTC
Permalink
Post by Gene Heskett
Post by Dennis Peterson
Post by Gene Heskett
Speaking of clamd.conf, I wonder if some of you might be editing the
wrong clamd.conf file? I am not sure how it got to be, but according
the the launcher script in /etc/init.d. it is using
/etc/clamav/clamd.conf, but I have others also.
You should make no assumptions about the location of the clamd.conf
file. It can be anywhere but is specified by the configure/compile
operation, the installer if built from source, the RPM packager, and the
command line in the launch script. Any or all can be screwed up or got
right by any of the people involved.
dp
Of course I understand that Dennis, but when you go from an old, broken deb
install, to a tarball build and then back to a deb install, these installs
have no clue that they are replacing a different install, so its best to
end the confusion and summarily nuke the old stuff.
Cheers, Gene
Yes, and one way is to do an uninstall before upgrading. I do this for
each of my clamav upgrades. I have found that each of the distro's tends
to customize the install location to their own liking and which is
usually not the same as anyone elses.

Jim
--
Jim Preston



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dennis Peterson
2012-12-08 07:59:47 UTC
Permalink
Post by Jim Preston
Post by Gene Heskett
Post by Dennis Peterson
Post by Gene Heskett
Speaking of clamd.conf, I wonder if some of you might be editing the
wrong clamd.conf file? I am not sure how it got to be, but according
the the launcher script in /etc/init.d. it is using
/etc/clamav/clamd.conf, but I have others also.
You should make no assumptions about the location of the clamd.conf
file. It can be anywhere but is specified by the configure/compile
operation, the installer if built from source, the RPM packager, and the
command line in the launch script. Any or all can be screwed up or got
right by any of the people involved.
dp
Of course I understand that Dennis, but when you go from an old, broken deb
install, to a tarball build and then back to a deb install, these installs
have no clue that they are replacing a different install, so its best to
end the confusion and summarily nuke the old stuff.
Cheers, Gene
Yes, and one way is to do an uninstall before upgrading. I do this for
each of my clamav upgrades. I have found that each of the distro's
tends to customize the install location to their own liking and which
is usually not the same as anyone elses.
Jim
That has made it hard to find multiple sources of distros that will work
interchangeably :). And yum and rpm will not remove or replace those
packaged files that are not identical to what came from the package
which makes it worse. At best you can expect to see a .rpmnew as an
extension to duplicated files.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2012-12-09 00:49:07 UTC
Permalink
Post by Dennis Peterson
Post by Jim Preston
Post by Gene Heskett
Post by Dennis Peterson
file. It can be anywhere but is specified by the configure/compile
operation, the installer if built from source, the RPM packager, and the
command line in the launch script. Any or all can be screwed up or got
right by any of the people involved.
dp
Of course I understand that Dennis, but when you go from an old, broken deb
install, to a tarball build and then back to a deb install, these installs
have no clue that they are replacing a different install, so its best to
end the confusion and summarily nuke the old stuff.
Cheers, Gene
Yes, and one way is to do an uninstall before upgrading. I do this
for each of my clamav upgrades. I have found that each of the
distro's tends to customize the install location to their own liking
and which is usually not the same as anyone elses.
Jim
That has made it hard to find multiple sources of distros that will
work interchangeably :). And yum and rpm will not remove or replace
those packaged files that are not identical to what came from the
package which makes it worse. At best you can expect to see a .rpmnew
as an extension to duplicated files.
dp
Yes, with yum and rpm you should make sure you have the originally
installation package on hand to get the un-installation to work.
It is especially important to do the removal procedure if you are
switching from one source provider to another such as rpm to
build-from-sources.
--
Jim Preston



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Gene Heskett
2012-12-08 12:43:02 UTC
Permalink
Post by Jim Preston
Post by Gene Heskett
Post by Dennis Peterson
Post by Gene Heskett
Speaking of clamd.conf, I wonder if some of you might be editing the
wrong clamd.conf file? I am not sure how it got to be, but
according the the launcher script in /etc/init.d. it is using
/etc/clamav/clamd.conf, but I have others also.
You should make no assumptions about the location of the clamd.conf
file. It can be anywhere but is specified by the configure/compile
operation, the installer if built from source, the RPM packager, and
the command line in the launch script. Any or all can be screwed up
or got right by any of the people involved.
dp
Of course I understand that Dennis, but when you go from an old,
broken deb install, to a tarball build and then back to a deb
install, these installs have no clue that they are replacing a
different install, so its best to end the confusion and summarily
nuke the old stuff.
Cheers, Gene
Yes, and one way is to do an uninstall before upgrading. I do this for
each of my clamav upgrades. I have found that each of the distro's tends
to customize the install location to their own liking and which is
usually not the same as anyone elses.
Jim
I rather like the idea of putting locally built stuff in /usr/local, and
having that in front in ones $PATH, but frankly, far too little attention
is paid to 2 things:

1. writing a fully functional un-install seems to be beyond the average
coders ability to do.

2. Linux's ability to invalidate its cache when something has been removed
sucks dead toads thru soda straws as my friend Joanne D. is fond of saying.
Often only a &^^*3 reboot will restore that, but I'll at least check to see
if an ldconfig will fix it. Sometimes it will, but far from always.

Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
It's a poor workman who blames his tools.
I was taught to respect my elders, but its getting
harder and harder to find any...

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2012-12-09 00:54:47 UTC
Permalink
Post by Gene Heskett
Post by Jim Preston
Yes, and one way is to do an uninstall before upgrading. I do this for
each of my clamav upgrades. I have found that each of the distro's tends
to customize the install location to their own liking and which is
usually not the same as anyone elses.
Jim
I rather like the idea of putting locally built stuff in /usr/local, and
having that in front in ones $PATH, but frankly, far too little attention
1. writing a fully functional un-install seems to be beyond the average
coders ability to do.
I am not as familiar with the Linux packagers but ..... having done
programming for commercial proprietary companies, I know that many times
the people with the least experience and talent are tasked with the
packaging tasks. So yes, it is beyond the coders ability to write a
fully functional un-install. :)
Post by Gene Heskett
2. Linux's ability to invalidate its cache when something has been removed
sucks dead toads thru soda straws as my friend Joanne D. is fond of saying.
Often only a&^^*3 reboot will restore that, but I'll at least check to see
if an ldconfig will fix it. Sometimes it will, but far from always.
Cheers, Gene
Jim
--
Jim Preston



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dennis Peterson
2012-12-06 17:07:38 UTC
Permalink
Post by franckm
Thanks it works now but I am not getting the log line when a new file is
getting scanned. I only get the result (OK line)
Syslog uses a two-part record (facility.severity) to decide what to put
into a log file. Assuming you are using the default LOCAL6 syslog
facility you also need to set a severity level. Severity levels are
inclusive of higher levels, so if your syslog.conf (or rsyslog.conf)
entry is LOCAL6.warning you will not see lower lever log entries. Using
LOCAL6.debug (equivalent to LOCAL6.*) in your syslog tool will show you
everything ClamAV is capable of producing assuming you also have
verbose logging enabled. Syslog-ng (rsyslog can as well) uses a very
detailed rules scheme to produce the output and requires some study, but
will also give you the full logging output.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
franckm
2012-12-06 17:20:36 UTC
Permalink
Post by Dennis Peterson
Post by franckm
Thanks it works now but I am not getting the log line when a new file is
getting scanned. I only get the result (OK line)
Syslog uses a two-part record (facility.severity) to decide what to put
into a log file. Assuming you are using the default LOCAL6 syslog
facility you also need to set a severity level. Severity levels are
inclusive of higher levels, so if your syslog.conf (or rsyslog.conf)
entry is LOCAL6.warning you will not see lower lever log entries. Using
LOCAL6.debug (equivalent to LOCAL6.*) in your syslog tool will show you
everything ClamAV is capable of producing assuming you also have
verbose logging enabled. Syslog-ng (rsyslog can as well) uses a very
detailed rules scheme to produce the output and requires some study, but
will also give you the full logging output.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thanks Dennis.

Do you mean LogSyslog can provide more detailed log than LogFile?

Does the LogFacility setting apply to LogSyslog only or it also applies to
LogFile.

I have noticed my LogFacility setting does not have the default value. It is
set to LOG_MAIL not LOG_LOCAL6.
--
View this message in context: http://old.nabble.com/clamav-no-timestamp-in-the-logs-tp34756576p34767324.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dennis Peterson
2012-12-06 18:08:45 UTC
Permalink
Post by franckm
Thanks Dennis.
Do you mean LogSyslog can provide more detailed log than LogFile?
Does the LogFacility setting apply to LogSyslog only or it also applies to
LogFile.
I have noticed my LogFacility setting does not have the default value. It is
set to LOG_MAIL not LOG_LOCAL6.
The facility only determines what file will collect the logger data from
the service. The severity level found in your syslog.conf (or
rsyslog.conf) file determines the ultimate verbosity of that logging. If
it is set to mail.* then you are getting all there is. I've brought this
up only because you've not said what that logging level is in the syslog
configuration, and that is ultimately the controlling factor of what
gets put into the log.

I use LOCAL6.* /var/log/clamd.log to create a separate log
for ClamAV messages but that is a matter of preference. Mail logs are
easier to parse automatically if there is no non-MTA information in there.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Loading...