[clamav-users] Strange behaviors about syslog on Debian
Yasuhiro KIMURA
yasu at utahime.org
Tue Nov 13 22:28:27 UTC 2018
Hello,
I use ClamAV 0.100.2 on Debian 9.6. Everything works fine about virus
scan. But when seeing syslog I found 2 strange behaviors.
1. Message is written to syslog even if LogSyslog is false.
On Debian LogSyslog is set to false in both clamd.conf and
frashclam.conf. But there are messages from clamd and freshclam in
/var/log/syslog.
2. Message itself includes timestamp.
I also use ClamAV 0.100.2 on FreeBSD 11.2-RELEASE. On FreeBSD
LogSyslog is set to true and messages such as following are written to
syslog.
Nov 14 06:51:30 freebsd-server freshclam[761]: Received signal: wake up
Nov 14 06:51:30 freebsd-server freshclam[761]: ClamAV update process started at Wed Nov 14 06:51:30 2018
Nov 14 06:51:30 freebsd-server freshclam[761]: main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Nov 14 06:51:30 freebsd-server freshclam[761]: daily.cld is up to date (version: 25117, sigs: 2150146, f-level: 63, builder: neo)
Nov 14 06:51:30 freebsd-server freshclam[761]: bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
Nov 14 06:51:30 freebsd-server freshclam[761]: --------------------------------------
Nov 14 06:53:22 freebsd-server clamd[754]: SelfCheck: Database status OK.
But on Debian message format is different from that of FreeBSD.
Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> Received signal: wake up
Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> ClamAV update process started at Wed Nov 14 06:26:54 2018
Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> daily.cld is up to date (version: 25117, sigs: 2150146, f-level: 63, builder: neo)
Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018 -> bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
Nov 14 06:27:06 debian-server clamd[559]: Wed Nov 14 06:27:06 2018 -> SelfCheck: Database status OK.
It includes timestamp inside message itself.
Then my question is, which of following category these behaviors fall
into?
a. Expected and proper behavior.
b. Bug of ClamAV itself.
c. Result of customization by Debian.
d. Bug of package that should be reported to Debian package maintainer.
Best Regards.
---
Yasuhiro KIMURA
More information about the clamav-users
mailing list