[clamav-users] "LogClean yes"

domenico madouno at gmail.com
Mon Jan 15 17:44:58 UTC 2018


Hi Micah,

I'm sorry for mistake, the file I sent you is OK apart the commented 
line. Probably the mistake was during the copy from VM to host (a file 
exchange) .

I've controlled the config file and is all ok, in any case I've done 
another test.

1. stop the clamd

2. verify the configuration

3. start the clamd

4. copy EICAR.txt to /root/Incoming  --> log output

5. copy the no_virus.txt to /root/Incoming (simple text file) --> no log 
output

Below is the /var/log/clamd.scan output:

+++ Started at Mon Jan 15 18:20:57 2018
Received 0 file descriptor(s) from systemd.
clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user root (UID 0, GID 0)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
Loaded 6382552 signatures.
LOCAL: Unix socket file /var/run/clamd.scan/clamd.sock
LOCAL: Setting connection queue length to 200
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 10000.
Limits: PCRERecMatchLimit limit set to 5000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
ScanOnAccess: notifying only for access attempts.
ScanOnAccess: Max file size limited to 5242880 bytes
ScanOnAccess: Protecting directory '/root/Incoming' (and all 
sub-directories)
ScanOnAccess: /root/Incoming/EICAR.txt: Eicar-Test-Signature FOUND
ScanOnAccess: /root/Incoming/EICAR.txt (deleted): Eicar-Test-Signature FOUND
^C
[root at localhost ~]#


Kind regards,

Domenico




Il 15/01/2018 15:51, Micah Snyder (micasnyd) ha scritto:
> Hi Domenico,
>
> Try changing:
> #LogClean yes
>
> to:
> LogClean yes
>
> (delete the #)
>
> Micah Snyder
> Software Engineer
> Talos
> Cisco Systems, Inc.
>
>
>
> On Jan 14, 2018, at 1:29 PM, domenico <madouno at gmail.com<mailto:madouno at gmail.com>> wrote:
>
>
> #LogClean yes
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>




More information about the clamav-users mailing list