I enabled logging in /home/admispconfig/ispconfig/tools/clamav/etc/clamav.conf: Code: # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. #LogFileMaxSize 2M # Log time with an each message. LogTime # Use system logger (can work together with LogFile). #LogSyslog # Enable verbose logging. LogVerbose clamd.log is writable (chmod 666 just to be nice): Code: root@m2a74am-vm1:/home/admispconfig/ispconfig/tools/clamav/etc# ls -la /var/log/clamd.log -rw-rw-rw- 1 admispconfig admispconfig 0 2010-05-11 18:07 /var/log/clamd.log Restarted /etc/init.d/ispconfig_server after changing clamav.conf; the restart of freshclam appears in syslog, but I'm not sure if this means that clamd also was restarted? Clam works: if I send email through with eicar.com attached, the email is received (postfix logs it) but it never appears in the inbox. Sending a clean message, of course, is no problem. The virus detections are not logged; clamd.log remains a zero-length file. BTW, are the detections quarantined or deleted? If quarantined, where? Is there any documentation on how ispconfig 2 sets up clam? Thanks!
OK, I caught that I forgot to set values to true/yes/1 in clamav.conf. Now its: Code: # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. #LogFileMaxSize 2M # Log time with an each message. LogTime 1 # Use system logger (can work together with LogFile). LogSyslog 1 # Enable verbose logging. LogVerbose 1 but having done so still does not cause any log entries to appear either in the syslog or in clamd.log. When an email is received I can see 50 - 90 % activity on one cpu for clamscan for a few seconds so I know its active. Just to be sure I rebooted the server, but the story is the same. Anyone have an idea?
