On November 13, 2018 10:28:27 PM UTC, Yasuhiro KIMURA <y...@utahime.org> wrote:
>Hello,
>
>I use ClamAV 0.100.2 on Debian 9.6. Everything works fine about virus
>scan. But when seeing syslog I found 2 strange behaviors.
>
>1. Message is written to syslog even if LogSyslog is false.
>
>On Debian LogSyslog is set to false in both clamd.conf and
>frashclam.conf. But there are messages from clamd and freshclam in
>/var/log/syslog.
>
>2. Message itself includes timestamp.
>
>I also use ClamAV 0.100.2 on FreeBSD 11.2-RELEASE. On FreeBSD
>LogSyslog is set to true and messages such as following are written to
>syslog.
>
>Nov 14 06:51:30 freebsd-server freshclam[761]: Received signal: wake up
>Nov 14 06:51:30 freebsd-server freshclam[761]: ClamAV update process
>started at Wed Nov 14 06:51:30 2018
>Nov 14 06:51:30 freebsd-server freshclam[761]: main.cld is up to date
>(version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
>Nov 14 06:51:30 freebsd-server freshclam[761]: daily.cld is up to date
>(version: 25117, sigs: 2150146, f-level: 63, builder: neo)
>Nov 14 06:51:30 freebsd-server freshclam[761]: bytecode.cld is up to
>date (version: 327, sigs: 91, f-level: 63, builder: neo)
>Nov 14 06:51:30 freebsd-server freshclam[761]:
>--------------------------------------
>Nov 14 06:53:22 freebsd-server clamd[754]: SelfCheck: Database status
>OK.
>
>But on Debian message format is different from that of FreeBSD.
>
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> Received signal: wake up
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> ClamAV update process started at Wed Nov 14 06:26:54 2018
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
>builder: sigmgr)
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> daily.cld is up to date (version: 25117, sigs: 2150146, f-level: 63,
>builder: neo)
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63,
>builder: neo)
>Nov 14 06:27:06 debian-server clamd[559]: Wed Nov 14 06:27:06 2018 ->
>SelfCheck: Database status OK.
>
>It includes timestamp inside message itself.
>
>Then my question is, which of following category these behaviors fall
>into?
>
>a. Expected and proper behavior.
>b. Bug of ClamAV itself.
>c. Result of customization by Debian.
>d. Bug of package that should be reported to Debian package maintainer.
Assuming you haven't made an effort to select sys v init on the Debian system,
it's running using systemd. FreeBSD is presumably using sys v.
Systemd includes a logging component that probably explains the difference. My
guess is a., but almost certainly not b. or c.
Scott K
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
