[Slackbuilds-users] ClamAV logging inconsistencies

pyllyukko pyllyukko at maimed.org
Tue Oct 9 18:33:05 UTC 2012


I think the current ClamAV SlackBuild has some inconsistencies in the
way ClamAV does logging.

Issue #1:

The rc.clamav script instructs freshclam to log to /var/log/freshclam.log, which by default is not writable by the clamav user. I think the proper place would be /var/log/clamav/freshclam.log, since this is created by the SlackBuild and also handled by the logrotate script (logrotate.clamav).

This is also important, because if the freshclam daemon does logging to
/var/log/freshclam.log, and it is not covered by the logrotate script,
at some point freshclam stops logging:

Log size = 1048606, max = 1048576
LOGGING DISABLED (Maximal log file size exceeded).
Log size = 1048691, max = 1048576
LOGGING DISABLED (Maximal log file size exceeded).

Issue #2:

The logrotate script does not send SIGHUP to freshclam, which might lead
to freshclam not logging at all. When freshclam is running in daemon
mode that is.

email:   <pyllyukko at maimed.org>
pgp:     0xA1F32EAA
www:     http://maimed.org/~pyllyukko/
twitter: https://twitter.com/pyllyukko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20121009/0bffe18b/attachment.asc>

More information about the SlackBuilds-users mailing list