[Slackbuilds-users] ClamAV logging inconsistencies
pyllyukko
pyllyukko at maimed.org
Tue Oct 9 18:33:05 UTC 2012
Hi.
I think the current ClamAV SlackBuild has some inconsistencies in the
way ClamAV does logging.
Issue #1:
The rc.clamav script instructs freshclam to log to /var/log/freshclam.log, which by default is not writable by the clamav user. I think the proper place would be /var/log/clamav/freshclam.log, since this is created by the SlackBuild and also handled by the logrotate script (logrotate.clamav).
This is also important, because if the freshclam daemon does logging to
/var/log/freshclam.log, and it is not covered by the logrotate script,
at some point freshclam stops logging:
Log size = 1048606, max = 1048576
LOGGING DISABLED (Maximal log file size exceeded).
Log size = 1048691, max = 1048576
LOGGING DISABLED (Maximal log file size exceeded).
Issue #2:
The logrotate script does not send SIGHUP to freshclam, which might lead
to freshclam not logging at all. When freshclam is running in daemon
mode that is.
--
pyllyukko
email: <pyllyukko at maimed.org>
pgp: 0xA1F32EAA
www: http://maimed.org/~pyllyukko/
twitter: https://twitter.com/pyllyukko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20121009/0bffe18b/attachment.asc>
More information about the SlackBuilds-users
mailing list