[clamav-users] Strange behaviors about syslog on Debian

Scott Kitterman debian at kitterman.com
Wed Nov 14 02:08:12 UTC 2018



On November 13, 2018 10:28:27 PM UTC, Yasuhiro KIMURA <yasu at utahime.org> wrote:
>Hello,
>
>I use ClamAV 0.100.2 on Debian 9.6. Everything works fine about virus
>scan. But when seeing syslog I found 2 strange behaviors.
>
>1. Message is written to syslog even if LogSyslog is false.
>
>On Debian LogSyslog is set to false in both clamd.conf and
>frashclam.conf. But there are messages from clamd and freshclam in
>/var/log/syslog.
>
>2. Message itself includes timestamp.
>
>I also use ClamAV 0.100.2 on FreeBSD 11.2-RELEASE. On FreeBSD
>LogSyslog is set to true and messages such as following are written to
>syslog.
>
>Nov 14 06:51:30 freebsd-server freshclam[761]: Received signal: wake up
>Nov 14 06:51:30 freebsd-server freshclam[761]: ClamAV update process
>started at Wed Nov 14 06:51:30 2018
>Nov 14 06:51:30 freebsd-server freshclam[761]: main.cld is up to date
>(version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
>Nov 14 06:51:30 freebsd-server freshclam[761]: daily.cld is up to date
>(version: 25117, sigs: 2150146, f-level: 63, builder: neo)
>Nov 14 06:51:30 freebsd-server freshclam[761]: bytecode.cld is up to
>date (version: 327, sigs: 91, f-level: 63, builder: neo)
>Nov 14 06:51:30 freebsd-server freshclam[761]:
>--------------------------------------
>Nov 14 06:53:22 freebsd-server clamd[754]: SelfCheck: Database status
>OK.
>
>But on Debian message format is different from that of FreeBSD.
>
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> Received signal: wake up
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> ClamAV update process started at Wed Nov 14 06:26:54 2018
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
>builder: sigmgr)
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> daily.cld is up to date (version: 25117, sigs: 2150146, f-level: 63,
>builder: neo)
>Nov 14 06:26:54 debian-server freshclam[504]: Wed Nov 14 06:26:54 2018
>-> bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63,
>builder: neo)
>Nov 14 06:27:06 debian-server clamd[559]: Wed Nov 14 06:27:06 2018 ->
>SelfCheck: Database status OK.
>
>It includes timestamp inside message itself.
>
>Then my question is, which of following category these behaviors fall
>into?
>
>a. Expected and proper behavior.
>b. Bug of ClamAV itself.
>c. Result of customization by Debian.
>d. Bug of package that should be reported to Debian package maintainer.

Assuming you haven't made an effort to select sys v init on the Debian system, it's running using systemd.  FreeBSD is presumably using sys v.

Systemd includes a logging component that probably explains the difference.  My guess is a., but almost certainly not b. or c.

Scott K



More information about the clamav-users mailing list