On Sun, 2010-09-26 at 23:09 +0300, Török Edwin wrote: > On Sun, 26 Sep 2010 20:02:42 +0100 > John Horne <[email protected]> wrote: > > > Hello, > > > > Using ClamAV 0.96.2, for some reason over the weekend we have started > > to see these error messages in our freshclam log file: > > > > Sun Sep 26 19:25:55 2010 -> ERROR: SubmitDetectionStats: Incorrect > > format of the log file (1) > > > > This has occurred on more than one server, and as far as I can see the > > clamd and freshclam log files look fine. > > freshclam needs lines ending like this: > : virusname FOUND > > > Any ideas about this? > > Apply this patch, then run freshclam --submit-stats again. It should > print exactly which line is causing problems in the logfile > Hello,
Apologies for the delay. Our logs have of course rotated now, and so we are not getting the messages any more. I have upgraded our servers to 0.96.3, and included the part of the patch recording the line in the error message. I have looked through our archived clamd log for the time given, and I think I have found the lines causing a problem: ======================================================= Sun Sep 26 05:28:43 2010 -> /var/spool/exim/scan/1Oziqx-0003dI-DG/1Oziqx-0003dI-DG.eml: Sanesecurity.Rogue.0hr.0925v23071 .UNOFFICIAL FOUND Sun Sep 26 05:59:52 2010 -> /var/spool/exim/scan/1OzjL6-0004gA-5m/1OzjL6-0004gA-5m.eml: Sanesecurity.Rogue.0hr.0925v23071 .UNOFFICIAL FOUND Sun Sep 26 07:14:27 2010 -> /var/spool/exim/scan/1OzkVH-0002E3-MP/1OzkVH-0002E3-MP.eml: Sanesecurity.Rogue.0hr.0925v23071 .UNOFFICIAL FOUND Sun Sep 26 18:56:18 2010 -> /var/spool/exim/scan/1OzvSU-0003Fr-BM/1OzvSU-0003Fr-BM.eml: Sanesecurity.Rogue.0hr.0925v23071 .UNOFFICIAL FOUND ======================================================= As can be seen there is a space before the '.UNOFFICIAL'. I have checked through our archived Sanesecurity 'rogue' file, and the entry does have a space at the end. The Sanesecurity files have obviously been updated by now, so we are no longer seeing the problem. Thanks, John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
