Hello, I use ClamAV 0.100.2 on Debian 9.6. Everything works fine about virus scan. But when seeing syslog I found 2 strange behaviors.
1. Message is written to syslog even if LogSyslog is false. On Debian LogSyslog is set to false in both clamd.conf and frashclam.conf. But there are messages from clamd and freshclam in /var/log/syslog. 2. Message itself includes timestamp. I also use ClamAV 0.100.2 on FreeBSD 11.2-RELEASE. On FreeBSD LogSyslog is set to true and messages such as following are written to syslog. Nov 14 06:51:30 freebsd-server freshclam[761]: Received signal: wake up Nov 14 06:51:30 freebsd-server freshclam[761]: ClamAV update process started at Wed Nov 14 06:51:30 2018 Nov 14 06:51:30 freebsd-server freshclam[761]: main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Nov 14 06:51:30 freebsd-server freshclam[761]: daily.cld is up to date (version: 25117, sigs: 2150146, f-level: 63, builder: neo) Nov 14 06:51:30 freebsd-server freshclam[761]: bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo) Nov 14 06:51:30 freebsd-server freshclam[761]: -------------------------------------- Nov 14 06:53:22 freebsd-server clamd[754]: SelfCheck: Database status OK. But on Debian message format is different from that of FreeBSD. Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> Received signal: wake up Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> ClamAV update process started at Wed Nov 14 06:26:54 2018 Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> daily.cld is up to date (version: 25117, sigs: 2150146, f-level: 63, builder: neo) Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo) Nov 14 06:27:06 debian-server clamd[559]: Wed Nov 14 06:27:06 2018 -> SelfCheck: Database status OK. It includes timestamp inside message itself. Then my question is, which of following category these behaviors fall into? a. Expected and proper behavior. b. Bug of ClamAV itself. c. Result of customization by Debian. d. Bug of package that should be reported to Debian package maintainer. Best Regards. --- Yasuhiro KIMURA _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
