[clamav-users] clamav-users Digest, Vol 127, Issue 18

Mon Apr 27 15:09:12 UTC 2015

Thanks GED

Apologies for the lack of context, the server is Ubuntu 14.04 on Amazon running ClamAV version as below

ClamAV 0.98.6/20384/Mon Apr 27 12:36:55 2015

There is an /etc/logrotate.conf file and an /etc/logrotate.d directory

Inside the directory are two clam av files

clamav-freshclam
clamav-daemon

Clamav-freshclam contents are
/var/log/clamav/freshclam.log {
     rotate 12
     weekly
     compress
     delaycompress
     missingok
     create 640  clamav adm
     postrotate
     /etc/init.d/clamav-freshclam reload-log > /dev/null
     endscript
     }
I expect the 12 needs to be changed to 52 to get 1 year rotation

clamav-daemon contents are
/var/log/clamav/clamav.log {
     rotate 12
     weekly
     compress
     delaycompress
     create 640  clamav adm
     postrotate
     /etc/init.d/clamav-daemon reload-log > /dev/null
     endscript
     }

Again I expect rotated needs to be changed to 52

Thanks again for pointing me in the right direction...

Dale

-----Original Message-----
From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf Of clamav-users-request at lists.clamav.net
Sent: 27 April 2015 12:00 am
To: clamav-users at lists.clamav.net
Subject: clamav-users Digest, Vol 127, Issue 18

Send clamav-users mailing list submissions to
	clamav-users at lists.clamav.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
	clamav-users-request at lists.clamav.net

You can reach the person managing the list at
	clamav-users-owner at lists.clamav.net

When replying, please edit your Subject line so it is more specific than "Re: Contents of clamav-users digest..."

Today's Topics:

   1. Re: PCI DSS - Configuring ClamAv Logs to be Retained	for 12
      Months (G.W. Haywood)

----------------------------------------------------------------------

Message: 1
Date: Sat, 25 Apr 2015 18:29:51 +0100 (BST)
From: "G.W. Haywood" <clamav at jubileegroup.co.uk>
To: clamav-users at lists.clamav.net
Subject: Re: [clamav-users] PCI DSS - Configuring ClamAv Logs to be
	Retained	for 12 Months
Message-ID:
	<Pine.LNX.4.64.1504251805020.3164 at mail5.jubileegroup.co.uk>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

Hi there,

On Sat, 25 Apr 2015, Dale Carter wrote:

> In order for ClamAv to be considered PCI Compliant the logs need to be 
> kept for 12 months, preferably on a remote server.
> 
> How do I configure logs to be kept for this long or is there a way to 
> do it using rsyslog to a remote server for ClamAV
> 
> If anyone has configured these settings before, it would be a big help.

You need to tell us a bit more.  You haven't told us what version of ClamAV you're using and you haven't told us what operating system(s) you're using either.

If you're running some flavour of Unix then perhaps you're using logrotate and syslogd.  If you're using logrotate it's trivial to change the rotation interval (e.g. daily, weekly, monthly) and the length of time that logs are kept.  Look in /etc/logrotate.conf if you have such a file on the machine that's running ClamAV, and possibly also at files in in /etc/logrotate.d/ if you have such a directory.
All the configuration files are plain text and you can edit them with any text editor.  They're self-explanatory.

Here's a sample of one of the logrotate configuration files on one of my mail servers:

root at mail4:~# cat /etc/logrotate.d/mail # mail4:/etc/logrotate.d/mail /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log /var/log/mail.milter-regex /var/log/daemon.log /var/log/kern.log /var/log/auth.log /var/log/user.log /var/log/cron.log /var/log/debug /var/log/messages /var/log/dmesg {
         monthly
         rotate 600
         missingok
         notifempty
         compress
         delaycompress
         sharedscripts
}
# EOF: /etc/logrotate.d/mail

The following should help with logging remotely with syslogd:

http://unixhelp.ed.ac.uk/CGI/man-cgi?syslog.conf+5

It's less self-explanatory but you can find some examples in that man page, and many more elsewhere on the 'net.

As with many daemons, you need to restart syslogd or send it a SIGHUP to get it to read a changed configuration.  More details here:

http://unixhelp.ed.ac.uk/CGI/man-cgi?syslogd+8

Make safe copies of any files that you change before you change them.
Sometimes people break things and it's easier to get back to square 1 if you have the old configuration files. :)

If you're running Windows, now might be a good time to change. :)

-- 

73,
Ged.

------------------------------

Subject: Digest Footer

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

------------------------------

End of clamav-users Digest, Vol 127, Issue 18
*********************************************