[Slackbuilds-users] ClamAV logging inconsistencies

pyllyukko pyllyukko at maimed.org
Sun Oct 21 10:28:15 UTC 2012


Hello.

Story continues.

On Tue, Oct 09, 2012 at 09:33:05PM +0300, pyllyukko wrote:
> I think the current ClamAV SlackBuild has some inconsistencies in the
> way ClamAV does logging.
> 
> Issue #1:
> 
> The rc.clamav script instructs freshclam to log to /var/log/freshclam.log, which by default is not writable by the clamav user. I think the proper place would be /var/log/clamav/freshclam.log, since this is created by the SlackBuild and also handled by the logrotate script (logrotate.clamav).
> 
> This is also important, because if the freshclam daemon does logging to
> /var/log/freshclam.log, and it is not covered by the logrotate script,
> at some point freshclam stops logging:
> 
> Log size = 1048606, max = 1048576
> LOGGING DISABLED (Maximal log file size exceeded).
> Log size = 1048691, max = 1048576
> LOGGING DISABLED (Maximal log file size exceeded).
> 
> Issue #2:
> 
> The logrotate script does not send SIGHUP to freshclam, which might lead
> to freshclam not logging at all. When freshclam is running in daemon
> mode that is.

I ran into more problems with ClamAV. Now that the script sends SIGHUP
to both clamd and freshclam, it might be required to add 'sharedscripts'
to the logrotate conf.

Also, I received this from logrotate by mail:
(I have 'create 0640 root adm' in /etc/logrotate.conf, hence the GID)

error: error setting owner of /var/log/clamav/clamd.log to uid 0 and gid
4: Operation not permitted
error: error setting owner of /var/log/clamav/freshclam.log to uid 0 and
gid 4: Operation not permitted

I noticed that the clamav logrotate script only has the 'su' option, and
lacks 'create' completely. I believe this might be the reason.


But, I still need to do more tests to make sure, and to find out how I
can get it working perfectly.

-- 
pyllyukko
email:   <pyllyukko at maimed.org>
pgp:     0xA1F32EAA
www:     http://maimed.org/~pyllyukko/
twitter: https://twitter.com/pyllyukko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20121021/3afb63e5/attachment.asc>


More information about the SlackBuilds-users mailing list