ClamAV update log settings

Steve Campbell campbell at
Wed Sep 27 15:48:46 IST 2006

Thanks, Jim,

Don't know how I overlooked the clamav-autoupdate thing. So obvious.

I think I'll think about this for a while, but just probably change the 
logrotate and keep it in /tmp.


----- Original Message ----- 
From: "Jim Holland" <mailscanner at>
To: "MailScanner discussion" <mailscanner at>
Sent: Wednesday, September 27, 2006 10:34 AM
Subject: Re: ClamAV update log settings

> On Wed, 27 Sep 2006, Steve Campbell wrote:
>> I just realized that there is a file in my /tmp directory named
>> ClamAV.update.log. It gets very big over time, and although I have 
>> cleaned
>> this before, I just began wondering about why it is where it is.
>> I see also that I have a logrotate script for the freshclam log. But it
>> points to /var/log/clamav/. I could change this to work with the file in
>> /tmp, but /var/log/ is the usual RH log directory.
>> So I have been trying to discover why the file is in /tmp. Apparently, 
>> the
>> freshclam.conf file is not being used by update.virus.scanners, as it 
>> points
>> to /var/log/clamav. Is there an option that can be changed somewhere to
>> remain MS compatible when upgrading, to move this file to /var/log/?
> The log file location is specified in 
> /usr/lib/MailScanner/clamav-autoupdate.
> However it is set to log to /tmp/ClamAV.update.log because then there are
> no permissions issues - changing it to use /var/log will probably not work
> unless you have insecure permissions on that directory.
> freshclam should not be used directly with the MailScanner setup.  The
> virus update is handled by /etc/cron.hourly/update_virus_scanners (which I
> modify by adding "killall freshclam 2> /dev/null" to it before the
> "/usr/sbin/update_virus_scanners" line because it can otherwise fail to
> update).  That cron job calls /usr/sbin/update_virus_scanners which calls
> /usr/lib/MailScanner/clamav-autoupdate which itself calls freshclam.  The
> log file settings in freshclam.conf are overridden by clamav-autoupdate.
> I just use a symlink in the /var/log directory to point to
> /tmp/ClamAV.update.log to make it easy to view.
> If you really need to have the logging in /var/log then you could probably
> achieve it by using the syslog option in freshclam.conf and then editing
> clamav-autoupdate accordingly.  I haven't tried it - the default is fine
> for me.
> Regards
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
> -- 
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list