ClamAV update log settings
Steve Campbell
campbell at cnpapers.com
Wed Sep 27 15:48:46 IST 2006
Thanks, Jim,
Don't know how I overlooked the clamav-autoupdate thing. So obvious.
I think I'll think about this for a while, but just probably change the
logrotate and keep it in /tmp.
Steve
----- Original Message -----
From: "Jim Holland" <mailscanner at mango.zw>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, September 27, 2006 10:34 AM
Subject: Re: ClamAV update log settings
> On Wed, 27 Sep 2006, Steve Campbell wrote:
>
>> I just realized that there is a file in my /tmp directory named
>> ClamAV.update.log. It gets very big over time, and although I have
>> cleaned
>> this before, I just began wondering about why it is where it is.
>>
>> I see also that I have a logrotate script for the freshclam log. But it
>> points to /var/log/clamav/. I could change this to work with the file in
>> /tmp, but /var/log/ is the usual RH log directory.
>>
>> So I have been trying to discover why the file is in /tmp. Apparently,
>> the
>> freshclam.conf file is not being used by update.virus.scanners, as it
>> points
>> to /var/log/clamav. Is there an option that can be changed somewhere to
>> remain MS compatible when upgrading, to move this file to /var/log/?
>
> The log file location is specified in
> /usr/lib/MailScanner/clamav-autoupdate.
> However it is set to log to /tmp/ClamAV.update.log because then there are
> no permissions issues - changing it to use /var/log will probably not work
> unless you have insecure permissions on that directory.
>
> freshclam should not be used directly with the MailScanner setup. The
> virus update is handled by /etc/cron.hourly/update_virus_scanners (which I
> modify by adding "killall freshclam 2> /dev/null" to it before the
> "/usr/sbin/update_virus_scanners" line because it can otherwise fail to
> update). That cron job calls /usr/sbin/update_virus_scanners which calls
> /usr/lib/MailScanner/clamav-autoupdate which itself calls freshclam. The
> log file settings in freshclam.conf are overridden by clamav-autoupdate.
>
> I just use a symlink in the /var/log directory to point to
> /tmp/ClamAV.update.log to make it easy to view.
>
> If you really need to have the logging in /var/log then you could probably
> achieve it by using the syslog option in freshclam.conf and then editing
> clamav-autoupdate accordingly. I haven't tried it - the default is fine
> for me.
>
> Regards
>
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list