Discussion:
Logrotate won't restart clamd
Robert S
2004-02-02 08:12:08 UTC
Permalink
I am using logrotate to rotate my clamd logs. I have an entry called "clam"
in /etc/logrotate.d which looks like this:

/var/log/clam/clam*.log {
sharedscripts
postrotate
/bin/kill `/usr/bin/cat /var/run/clamd/clamd.pid` 2>/dev/null
/usr/local/sbin/clamd
endscript
}

If I don't kill clamd, it keeps writing to the old log.

When this runs, the clam daemon dies.

I've tried killall -HUP, but it doesn't work (presumably an issue with
ownership of the process). I've also tried a sleep between the two commands
to give clamd a chance to die.

I have a cron job which "rescues" clamd if it dies, but it's not a very
elegant way of doing it.

Any suggestions as to how I can get this working?

I run clamd as user clamav. I've got Slackware 9.1 and clamav-6.50





-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Krištof Petr
2004-02-02 10:28:59 UTC
Permalink
Post by Robert S
I am using logrotate to rotate my clamd logs. I have an entry called "clam"
/var/log/clam/clam*.log {
sharedscripts
postrotate
/bin/kill `/usr/bin/cat /var/run/clamd/clamd.pid` 2>/dev/null
/usr/local/sbin/clamd
endscript
}
If I don't kill clamd, it keeps writing to the old log.
When this runs, the clam daemon dies.
I've tried killall -HUP, but it doesn't work (presumably an issue with
ownership of the process). I've also tried a sleep between the two commands
to give clamd a chance to die.
I have a cron job which "rescues" clamd if it dies, but it's not a very
elegant way of doing it.
Any suggestions as to how I can get this working?
Yes . It is known issue. I reported it many times in last 6 month, but
developers
ignores it. Log rotating never worked.

Petr




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Kojm
2004-02-02 12:02:44 UTC
Permalink
On Mon, 02 Feb 2004 11:28:59 +0100
Post by Krištof Petr
Yes . It is known issue. I reported it many times in last 6 month, but
developers
ignores it. Log rotating never worked.
Unfortunately, I'm not familiar with logrotate. But will check the HUP
handling tonight. Sorry !

Best regards,
Tomasz Kojm
--
oo ..... ***@clamav.net www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Mon Feb 2 13:01:37 CET 2004
Krištof Petr
2004-02-02 13:03:55 UTC
Permalink
Post by Tomasz Kojm
On Mon, 02 Feb 2004 11:28:59 +0100
Post by Krištof Petr
Yes . It is known issue. I reported it many times in last 6 month, but
developers
ignores it. Log rotating never worked.
Unfortunately, I'm not familiar with logrotate. But will check the HUP
handling tonight. Sorry !
Tomasz,

you dont need to lose time with logrotate. This is simple step by step,
how to test it:

1) Start clamd

2) Remove clamd's log file

3) Sent SIGHUP to clamd

4a) You will got error
Mon Feb 2 13:58:35 2004 -> SIGHUP catched: log file re-opened.
Mon Feb 2 13:58:35 2004 -> ERROR: accept() failed.

4b) Clamd should will create new log file and start to log to it.

This is the way the logrotate works. It removes old logfile and sends
SIGHUP to clamd to re-create log file and continue logging.

Thanks
Petr




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Papszun
2004-02-02 13:27:18 UTC
Permalink
Post by Krištof Petr
Post by Tomasz Kojm
Unfortunately, I'm not familiar with logrotate. But will check the HUP
handling tonight. Sorry !
Tomasz,
you dont need to lose time with logrotate. This is simple step by step,
1) Start clamd
2) Remove clamd's log file
3) Sent SIGHUP to clamd
4a) You will got error
Mon Feb 2 13:58:35 2004 -> SIGHUP catched: log file re-opened.
Mon Feb 2 13:58:35 2004 -> ERROR: accept() failed.
4b) Clamd should will create new log file and start to log to it.
This is the way the logrotate works. It removes old logfile and sends
SIGHUP to clamd to re-create log file and continue logging.
I didn't look at the sources but I've always thought that log rotating
is done different way.
The current logfile is _moved_ to other filename, not removed (deleted).
Due to this, the logfile is still open and new entries can be written to
it. Then on reload or restart, the handle (file descriptor?) is released
and the new logfile is created. Not earlier!

I don't know if it makes any difference for clamd, though.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Daniel J McDonald
2004-02-02 13:43:28 UTC
Permalink
Post by Tomasz Papszun
The current logfile is _moved_ to other filename, not removed (deleted).
Initially, yes, but a SIGHUP is done to make the application re-open the
log files. Then the original log file is compressed, which essentially
deletes the old file.
--
Daniel J McDonald, CCIE 2495, CNX
Austin Energy




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Papszun
2004-02-02 14:04:25 UTC
Permalink
Post by Daniel J McDonald
Post by Tomasz Papszun
The current logfile is _moved_ to other filename, not removed (deleted).
Initially, yes, but a SIGHUP is done to make the application re-open the
log files. Then the original log file is compressed, which essentially
deletes the old file.
I was talking about that "_initially_" aspect. What happens later with
old logfiles is out of clamd interest.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tuomo Soini
2004-02-02 14:35:39 UTC
Permalink
Post by Tomasz Papszun
I was talking about that "_initially_" aspect. What happens later with
old logfiles is out of clamd interest.
That's not the problem. Problem is that kill -HUP doesn't affect clamd
at all. It doesn't release old lockfile. My logrotate script is:

/var/log/clamav/clamd.log {
missingok
create 640 clamav clamav
postrotate
/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>
/dev/null || true
endscript
}

Problem is clamd won't release and re-open logfile. And same problem is
with freshclam.
--
Tuomo Soini <***@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Krištof Petr
2004-02-02 13:49:45 UTC
Permalink
Post by Tomasz Papszun
I didn't look at the sources but I've always thought that log rotating
is done different way.
The current logfile is _moved_ to other filename, not removed (deleted).
Due to this, the logfile is still open and new entries can be written to
it. Then on reload or restart, the handle (file descriptor?) is released
and the new logfile is created. Not earlier!
Thanks for correct me, you are right. Log file is moved, not removed.

Petr




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Daniel Wiberg
2004-02-02 13:53:10 UTC
Permalink
Post by Tomasz Papszun
I didn't look at the sources but I've always thought that log rotating
is done different way.
The current logfile is _moved_ to other filename, not removed (deleted).
Due to this, the logfile is still open and new entries can be written to
it. Then on reload or restart, the handle (file descriptor?) is released
and the new logfile is created. Not earlier!
I don't know if it makes any difference for clamd, though.
Just a thought, user clamav does not have write permissions in the log
directory, so logrotate, which I guess runs as root should create the new
files also, owned by user clamav.

Or did I overlook something?

//daniel wiberg
--
www.wiberg.nu


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Christopher X. Candreva
2004-02-02 14:43:48 UTC
Permalink
Post by Daniel Wiberg
Just a thought, user clamav does not have write permissions in the log
directory, so logrotate, which I guess runs as root should create the new
files also, owned by user clamav.
Or did I overlook something?
That could be it. If clamav opens the log file initially as root, but when
it receives the HUP signal it may be trying as the clam user.

==========================================================
Chris Candreva -- ***@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Kojm
2004-02-02 21:26:53 UTC
Permalink
On Mon, 2 Feb 2004 09:43:48 -0500 (EST)
Post by Christopher X. Candreva
Post by Daniel Wiberg
Just a thought, user clamav does not have write permissions in the
log directory, so logrotate, which I guess runs as root should
create the new files also, owned by user clamav.
Or did I overlook something?
That could be it. If clamav opens the log file initially as root, but
when it receives the HUP signal it may be trying as the clam user.
You're right. Petr: the solution to your problem is to change the owner
of the log file so clamd is able to open it for r/w.

Best regards,
Tomasz Kojm
--
oo ..... ***@clamav.net www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Mon Feb 2 22:23:09 CET 2004
Tuomo Soini
2004-02-02 22:05:33 UTC
Permalink
Post by Tomasz Kojm
You're right. Petr: the solution to your problem is to change the owner
of the log file so clamd is able to open it for r/w.
That's not gonna work. I have clamd.log in directory writeable by user
clamav and logrotate script creates logfile owned by user clamav group
clamav and clamd doesn't change logfile. After kill -HUP it writes to
old logfile.

clamav is 0.65.
--
Tuomo Soini <***@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Kojm
2004-02-02 22:27:51 UTC
Permalink
On Tue, 03 Feb 2004 00:05:33 +0200
Post by Tuomo Soini
Post by Tomasz Kojm
You're right. Petr: the solution to your problem is to change the
owner of the log file so clamd is able to open it for r/w.
That's not gonna work. I have clamd.log in directory writeable by user
The log file itself must be writeable for clamd not only a directory.

Best regards,
Tomasz Kojm
--
oo ..... ***@clamav.net www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Mon Feb 2 23:26:57 CET 2004
Tuomo Soini
2004-02-03 07:51:26 UTC
Permalink
Post by Tomasz Kojm
Post by Tuomo Soini
That's not gonna work. I have clamd.log in directory writeable by user
The log file itself must be writeable for clamd not only a directory.
But of course logfile is owned by user clamav group clamav mode 640.

_IT_IS_A_BUG_.
--
Tuomo Soini <***@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Alexander Piavka
2004-02-03 09:05:00 UTC
Permalink
Hi, i'm running mandrake9.1 and have the following rpms installed
libclamav1-0.66-0.20031204.1mdk
clamav-0.66-0.20031204.1mdk
clamd-0.66-0.20031204.1mdk
clamav-db-0.66-0.20031204.1mdk
libclamav1-devel-0.66-0.20031204.1mdk
clamav-milter-0.66-0.20031204.1mdk

today i found that over just one night in /var/lib/clamav many dirctories
with mostly email text files were created, which took about 700M. This has
never happend before, what could be the cause of this?

0336627833969047/ 2af2095321235b73/ 5c3ef507d5c5efc6/ 8457b40ee1792a22/
bd5dabbf44020ad3/ daily.cvd
085b21e84059d9b3/ 303a659157f18301/ 5fa73c8b73bb6867/ 84622e91d0e49068/
c08079e274465dbe df4bfa0fa22f315d/
092c251d0d96496d/ 3d092bbaabe4a60d/ 637edebca0cb377c/ 85774786e12e829f/
cb8f1fa11b3e04a2/ eeb002563b1180e4/
0d97566bd3afb14e/ 45d4d76bda0e5ffb/ 6d3266f6ef310aa9/ a1519d4f7a57cbdc/
clamd.socket= f1c8333948b66647/
10ee20f3d522354d/ 50202f10fe5ad4be/ 6fd188a041673a49/ a2d5c8767f7e2309/
d36040d5db8a1348/ f5c8dce7a9af9546/
18cedd25c73cdf28/ 58916d995e603cbc/ 71d5f35c1017f136/ a86a69fb67cdd00b/
d6c74b624e0b0fb7/ main.cvd
28eea215bf4820f6/ 5bbec38cf37d40aa/ 7e310e8730db63ac/ bbd6932712de9c63/
d74d177a6a0f8fc6/ mirrors.txt

Thanks



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Jo Mills
2004-02-03 10:18:52 UTC
Permalink
Post by Alexander Piavka
Hi, i'm running mandrake9.1 and have the following rpms installed
libclamav1-0.66-0.20031204.1mdk
clamav-0.66-0.20031204.1mdk
clamd-0.66-0.20031204.1mdk
clamav-db-0.66-0.20031204.1mdk
libclamav1-devel-0.66-0.20031204.1mdk
clamav-milter-0.66-0.20031204.1mdk
today i found that over just one night in /var/lib/clamav many dirctories
with mostly email text files were created, which took about 700M. This has
never happend before, what could be the cause of this?
0336627833969047/ 2af2095321235b73/ 5c3ef507d5c5efc6/ 8457b40ee1792a22/
bd5dabbf44020ad3/ daily.cvd
085b21e84059d9b3/ 303a659157f18301/ 5fa73c8b73bb6867/ 84622e91d0e49068/
c08079e274465dbe df4bfa0fa22f315d/
092c251d0d96496d/ 3d092bbaabe4a60d/ 637edebca0cb377c/ 85774786e12e829f/
cb8f1fa11b3e04a2/ eeb002563b1180e4/
0d97566bd3afb14e/ 45d4d76bda0e5ffb/ 6d3266f6ef310aa9/ a1519d4f7a57cbdc/
clamd.socket= f1c8333948b66647/
10ee20f3d522354d/ 50202f10fe5ad4be/ 6fd188a041673a49/ a2d5c8767f7e2309/
d36040d5db8a1348/ f5c8dce7a9af9546/
18cedd25c73cdf28/ 58916d995e603cbc/ 71d5f35c1017f136/ a86a69fb67cdd00b/
d6c74b624e0b0fb7/ main.cvd
28eea215bf4820f6/ 5bbec38cf37d40aa/ 7e310e8730db63ac/ bbd6932712de9c63/
d74d177a6a0f8fc6/ mirrors.txt
Thanks
Just to say I reported this yesterday too. With
clamav-devel-20040129, freshclam and our Novel http proxy, freshclam
returns "1" for success but it hasn't worked - for some reason our
Novel proxy causes a timeout and I think the server drops the
connection. /var/lib/clamav/ fills up with the "oddly named" files
and yet clamscan uses /usr/local/share/clamav/ for the location of
viruses.*.

I am hoping our IT guys can correct the problem with the Novel proxy.

Jo.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Alexander Piavka
2004-02-03 14:40:13 UTC
Permalink
Hi, the clamav-milter does not want to send a virus message to the
recipient, or any kind of notification inspite of that i tell
it not to block virus emails and deliver them to user.

I use the flags

CLAMAV_FLAGS="--config-file=/etc/clam/clamav.conf
--quarantine-dir=/var/lib/clamav/viruses --max-children=10 -f -p ***@cs.bgu.ac.il inet:***@132.72.41.66"

Is this a bug?
Thanks



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Alexander Piavka
2004-02-03 14:44:52 UTC
Permalink
Post by Alexander Piavka
Hi, the clamav-milter does not want to send a virus message to the
recipient, or any kind of notification inspite of that i tell
it not to block virus emails and deliver them to user.
I use the flags
CLAMAV_FLAGS="--config-file=/etc/clam/clamav.conf
Is this a bug?
Thanks
ps.
what i want is just to add the X-Virus-Scanned header, and in procmail
i'll just look if X-Virus-Scanned says the mail is a virus it will
put it in a different mailbox. But virus emails never reach the recipient
no matter which options i use
pls help



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Nigel Horne
2004-02-03 16:30:58 UTC
Permalink
Post by Alexander Piavka
CLAMAV_FLAGS="--config-file=/etc/clam/clamav.conf
--quarantine-dir=/var/lib/clamav/viruses --max-children=10 -f -p
What version of clamav-milter?
What operating system?

-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
***@despammed.com http://www.bandsman.co.uk



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Krištof Petr
2004-02-02 22:02:12 UTC
Permalink
Post by Tomasz Kojm
Post by Christopher X. Candreva
That could be it. If clamav opens the log file initially as root, but
when it receives the HUP signal it may be trying as the clam user.
You're right. Petr: the solution to your problem is to change the owner
of the log file so clamd is able to open it for r/w.
Doesnt help.


[***@mr clamav]# ll
total 15
drwxr-xr-x 2 clamav clamav 1024 Feb 2 22:58 .
drwxr-xr-x 14 root root 2048 Feb 2 21:33 ..
-rw-r----- 1 clamav clamav 11399 Feb 2 22:33 clamd.log
[***@mr clamav]# mv clamd.log clamd.log.0
[***@mr clamav]# kill -SIGHUP `cat /var/run/clamav/clamd.pid`
[***@mr clamav]# ll
total 15
drwxr-xr-x 2 clamav clamav 1024 Feb 2 22:58 .
drwxr-xr-x 14 root root 2048 Feb 2 21:33 ..
-rw-r----- 1 clamav clamav 11515 Feb 2 22:59 clamd.log.0
# tac clamd.log.0 |more
Mon Feb 2 22:59:06 2004 -> ERROR: accept() failed.
Mon Feb 2 22:59:06 2004 -> SIGHUP catched: log file re-opened.
Mon Feb 2 22:33:49 2004 -> SelfCheck: Database status OK.
Mon Feb 2 21:33:12 2004 -> SelfCheck: Database status OK.





-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Papszun
2004-02-02 14:57:51 UTC
Permalink
Post by Daniel Wiberg
Post by Tomasz Papszun
I didn't look at the sources but I've always thought that log rotating
is done different way.
The current logfile is _moved_ to other filename, not removed (deleted).
Due to this, the logfile is still open and new entries can be written to
it. Then on reload or restart, the handle (file descriptor?) is released
and the new logfile is created. Not earlier!
I don't know if it makes any difference for clamd, though.
Just a thought, user clamav does not have write permissions in the log
directory, so logrotate, which I guess runs as root should create the new
files also, owned by user clamav.
Or did I overlook something?
Daniel is right.
I forgot to write the most important thing :-) :
clamd works with logrotate correctly at my place.
The previous logfile ends with:

Sun Feb 1 06:28:36 2004 -> Socket file removed.
Sun Feb 1 06:28:36 2004 -> Pid file removed.
Sun Feb 1 06:28:36 2004 -> --- Stopped at Sun Feb 1 06:28:36 2004

And the current one begins with:

Sun Feb 1 06:28:36 2004 -> +++ Started at Sun Feb 1 06:28:36 2004
Sun Feb 1 06:28:36 2004 -> Log file size limit disabled.
Sun Feb 1 06:28:36 2004 -> Reading databases from /var/lib/clamav/
...

This is ClamAV version 0.65-BugFixesFromCVS-20031123 on Debian Woody.

My clamav-daemon entry is:

/var/log/clamd.log {
weekly
missingok
notifempty
compress
postrotate
/etc/init.d/clamav-daemon force-reload
endscript
}

But I have also "create" option in logrotate.conf so a new logfile is
created with the same attributes as an old one (amavis.amavis).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Dennis Skinner
2004-02-02 22:56:08 UTC
Permalink
Post by Krištof Petr
Yes . It is known issue. I reported it many times in last 6 month, but
developers
ignores it. Log rotating never worked.
Petr
Seems to work fine for me. Try the copytruncate option.

/usr/clamav/log/clamd.log {
create 600 clamav clamav
rotate 20
daily
compress
compresscmd /usr/bin/bzip2
compressext .bz2
copytruncate
nomail
olddir /usr/clamav/log/archive/
}
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tuomo Soini
2004-02-03 07:57:02 UTC
Permalink
Post by Dennis Skinner
Seems to work fine for me. Try the copytruncate option.
Copytruncate is only work-around that bug. Clamd doesn't close logfile
and open it again as it should when it's getting SIGHUP. And same
applies to freshclam.
--
Tuomo Soini <***@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Papszun
2004-02-03 09:03:05 UTC
Permalink
Post by Tuomo Soini
Post by Dennis Skinner
Seems to work fine for me. Try the copytruncate option.
Copytruncate is only work-around that bug. Clamd doesn't close logfile
and open it again as it should when it's getting SIGHUP. And same
applies to freshclam.
It may be true, unfortunately.
I'd like to stress that, though logrotate and clamd cooperate for me, it
may be the effect of restarting clamd, not "SIGHUPping" it:

postrotate
/etc/init.d/clamav-daemon force-reload
endscript

The entry "force-reload" contains 'stop; sleep; start'.

I haven't tried SIGHUP.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Krištof Petr
2004-02-03 12:28:07 UTC
Permalink
Post by Tomasz Papszun
It may be true, unfortunately.
I'd like to stress that, though logrotate and clamd cooperate for me, it
postrotate
/etc/init.d/clamav-daemon force-reload
endscript
The entry "force-reload" contains 'stop; sleep; start'.
Doesnt it drops all open connections from users who acually scans something?

Petr




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Papszun
2004-02-03 14:53:50 UTC
Permalink
Post by Krištof Petr
Post by Tomasz Papszun
It may be true, unfortunately.
I'd like to stress that, though logrotate and clamd cooperate for me, it
postrotate
/etc/init.d/clamav-daemon force-reload
endscript
The entry "force-reload" contains 'stop; sleep; start'.
Doesnt it drops all open connections from users who acually scans something?
Not at all. I use Postfix + Amavisd-new. In case clamd is unavailable
(for any reason), messages are given to "av_scanners_backup", which
contains clamscan. Clamscan is (almost) always available.

Even if none scanners would be available, postfix just queues messages
in an "internal" spool.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
g***@cnc.bc.ca
2004-02-02 16:18:56 UTC
Permalink
I'm having an identical problem with logrotation. Except it is not
with clamd but rather with my maillog. It did not start until I began
using mailgraph.pl. I can't figure it out either. I don't think that
the problem is related to either clamd or mailgraph.

Where does one get "support" for logrotate? Is there a mailing list
for it?

Anyone...

----- Original Message Follows -----
Post by Robert S
I am using logrotate to rotate my clamd logs. I have an entry
/var/log/clam/clam*.log {
sharedscripts
postrotate
/bin/kill `/usr/bin/cat /var/run/clamd/clamd.pid`
2>/dev/null /usr/local/sbin/clamd
endscript
}
If I don't kill clamd, it keeps writing to the old log.
When this runs, the clam daemon dies.
I've tried killall -HUP, but it doesn't work (presumably an issue
with >ownership of the process). I've also tried a sleep between
the two commands >to give clamd a chance to die.
Post by Robert S
I have a cron job which "rescues" clamd if it dies, but it's not a
very >elegant way of doing it.
Post by Robert S
Any suggestions as to how I can get this working?
Yes . It is known issue. I reported it many times in last 6 month,
but developers
ignores it. Log rotating never worked.
Petr
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Clamav-users mailing list
https://lists.sourceforge.net/lists/listinfo/clamav-users
====================
Kevin W. Gagel
Network Administrator
(250) 561-5848 local 448
(250) 562-2131 local 448

--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Paul Carpenter
2004-02-02 16:42:11 UTC
Permalink
I use logrotate on my RedHat system with:

/var/log/clamd.log {
missingok
create 0640 clamav root
prerotate
/sbin/service clamd stop 2> /dev/null || true
endscript
postrotate
sleep 5
/sbin/service clamd start 2> /dev/null || true
endscript
}

Seems to work fine.

On Monday 02 February 2004 10:08 am,
Post by Tuomo Soini
Post by Tomasz Papszun
I was talking about that "_initially_" aspect. What happens later with
old logfiles is out of clamd interest.
That's not the problem. Problem is that kill -HUP doesn't affect clamd
/var/log/clamav/clamd.log {
missingok
create 640 clamav clamav
postrotate
/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>
/dev/null || true
endscript
}
Problem is clamd won't release and re-open logfile. And same problem is
with freshclam.
--
Paul Carpenter
***@dodgenet.com
DodgeNet, Inc.




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tarjei Knapstad
2004-02-03 12:37:16 UTC
Permalink
Post by Tomasz Papszun
/var/log/clamd.log {
missingok
create 0640 clamav root
prerotate
/sbin/service clamd stop 2> /dev/null || true
endscript
postrotate
sleep 5
/sbin/service clamd start 2> /dev/null || true
endscript
}
Seems to work fine.
Except that you're allowing viruses to pass through during that sleep
5...

--
Tarjei



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Tomasz Papszun
2004-02-03 14:57:04 UTC
Permalink
Post by Tarjei Knapstad
Post by Tomasz Papszun
/var/log/clamd.log {
missingok
create 0640 clamav root
prerotate
/sbin/service clamd stop 2> /dev/null || true
endscript
postrotate
sleep 5
/sbin/service clamd start 2> /dev/null || true
endscript
}
Seems to work fine.
Except that you're allowing viruses to pass through during that sleep
5...
I don't know all possible ways of using clamav so I can't say for
sure... but no, it doesn't allow viruses to pass. In the worst case MTA
just queues messages for a while, when clamd isn't up.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Frank Richter
2004-02-05 16:37:35 UTC
Permalink
Hi,
I have the same problem (0.65 and devel).
It seems the signal handling isn't sufficient.

In clamd/server.c sighup is set, but it seems it's never really
used to re-open the logfile.

case SIGHUP:
sighup = 1;

- Frank
--
Email: ***@hrz.tu-chemnitz.de http://www.tu-chemnitz.de/~fri/
Work: Computing Services, Chemnitz University of Technology, Germany


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
Loading...