[Slackbuilds-users] ClamAV logging inconsistencies

pyllyukko pyllyukko at maimed.org
Wed Jan 16 18:04:48 UTC 2013


On Sun, Oct 21, 2012 at 01:28:15PM +0300, pyllyukko wrote:
> I ran into more problems with ClamAV. Now that the script sends SIGHUP
> to both clamd and freshclam, it might be required to add 'sharedscripts'
> to the logrotate conf.
> Also, I received this from logrotate by mail:
> (I have 'create 0640 root adm' in /etc/logrotate.conf, hence the GID)
> error: error setting owner of /var/log/clamav/clamd.log to uid 0 and gid
> 4: Operation not permitted
> error: error setting owner of /var/log/clamav/freshclam.log to uid 0 and
> gid 4: Operation not permitted
> I noticed that the clamav logrotate script only has the 'su' option, and
> lacks 'create' completely. I believe this might be the reason.
> But, I still need to do more tests to make sure, and to find out how I
> can get it working perfectly.

After some testing, I've come to the conclusion that the "create"
configuration is also necessary, otherwise the logging from clamd stops
after rotation.

So here's my complete working conf:

/var/log/clamav/*.log {
    su clamav clamav
    rotate 5
    create 0660 clamav clamav
    /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2>/dev/null` 2>/dev/null || true
    /bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2>/dev/null` 2>/dev/null || true

Can someone update this to the SlackBuild?

email:   <pyllyukko at maimed.org>
pgp:     0xA1F32EAA
www:     http://maimed.org/~pyllyukko/
twitter: https://twitter.com/pyllyukko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20130116/265acb0d/attachment.asc>

More information about the SlackBuilds-users mailing list