[qmailtoaster] Re: freshclam & logwatch

[Eric Shubert]

Just an FYI. This bit me again when I upgraded to CentOS5.6. The fix to 
/usr/share/logwatch/scripts/services/clam-update didn't make it into the 
most recent version, and clobbered the patch. :( Once the new 
logwatch-devel list is up on gmane.org, I'll post a question there and 
see which version, if any, that patch has made its way into. I do like 
seeing a time stamp on every log record. ;)

--
-Eric 'shubes'
On 06/19/2010 10:42 AM, Martin Waschbuesch wrote:
Hi Eric,

I also applied the patch you mentioned, restored the updated (e.g. with 
'LogTime Yes'  freshclam.conf) and this is the result in my logwatch email:

--------------------- clam-update Begin ------------------------

Last ClamAV update process started at Sat Jun 18 19:38:50 2010

Last Status:
    main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: 
sven)
    daily.cld is up to date (version: 11220, sigs: 96675, f-level: 51, builder: 
guitar)
    bytecode.cld is up to date (version: 26, sigs: 3, f-level: 51, builder: 
nervous)

---------------------- clam-update End -------------------------

It works and I prefer this solution to changing what freshclam does by default 
when installing the package.

Thanks,

Martin

Am 19.06.2010 um 19:25 schrieb Eric Shubert:

Finn Buhelt wrote:
Hi Eric.
I have checked     clamav-toaster-0.95.3.1.3.31  : logtime set to default NO
                           clamav-toaster-0.96.0.1.3       : logtime set to YES 
(faulty)
                           clamav-toaster-0-96.1.1.3.36 : logtime set to YES 
(faulty)
This indicates a change in the freshclam.conf file when moving from version 
0.95 to 0.96 - there are also other changes in the conf file. There seems to be 
new directives from ver. 0.96 - all are at the end of the conf file 
(statistics, google browsing etc) but they are all disabled and has nothing to 
do with the logtime directive, but maybe the logtime change has sneaked in when 
adding these new features.
I think that everyone that installs from scratch and all that uses qtp-update 
gets the faulty logtime setting (I think qtp-update overwrites the current 
freshclam.conf when put into production).

No, qtp-newmodel (not qtp-update) follows whatever rules are in the spec file 
for configs.

Only if You 'manually' rpm updates  You 'only' get the faulty setting in the 
freshclam.conf.rpmnew file - this ofcourse only if the logtime setting was 
disabled in the freshclam.conf file You are updating.

That's because the freshclam.conf file is now coded as 'noreplace' in the spec 
file, which is correct (imho). I don't believe this was always the case, as I 
have 2 freshclam.conf.rpmsave files (dated Jan and Apr this year), which 
indicate that 'noreplace' was added fairly recently. BTW, both rpmsave files 
have LogTime commented out.

So here's what I think. 0.96.0 introduced "LogTime Yes", and did not have noreplace in the spec file, so 
anyone upgrading/installing 0.96.0 got the new setting. Then 0.96.1 came out, again with "LogTime Yes", but 
the config was changed to "noreplace". So anyone upgrading from a version previous to 0.96.0 to version 
0.96.1 is ok, but anyone who had 0.96.0 installed in any way (new or upgraded) has "LogTime Yes".

But  why, may we ask, is the logtime directive in there at all ? It is not 
documented anywhere as being a valid setting in the freshclam.conf file !

It's documented in the config file. ;) Sometimes the man pages aren't kept up 
to date, or things get missed in the documentation, especially on a .0 release.

IMHO, a log file w/out time stamps on every line are deficient. I really like 
the option. However, the time format should be consistent with the syslog 
format (which it is not).

I believe the best remedy for this problem is to fix logwatch to deal 
appropriately with the timestamp in the log. The fix I referred to yesterday 
does appear to work fine. The fix isn't very robust though, as  the format of 
the timestamp is not flexible at all. That's a fault in logwatch though, not 
clamav.

BTW You are not loosing it - I think many would have lost their minds having 
all these threads going on in this forum as You have - I know everyone in here 
appreciates the huge effort You put into responding to all our 'challenges'  - 
so keep up the good work - You are not allowed to loose anything ;-)

Ha! Thanks.

Thanx,
Finn
----- Original Message ----- From: "Eric Shubert"<e...@shubes.net>
To:<qmailtoaster-list@qmailtoaster.com>
Sent: Saturday, June 19, 2010 1:45 AM
Subject: [qmailtoaster] Re: freshclam&  logwatch
Finn Buhelt wrote:
Hi Eric.

Now I've done some research regarding the logtime 'feature'.

According to documentation there is no 'logtime directive' in a freshclam.conf 
file - even looking through some of the sourcecode (freshclam) I cannot find 
anything that deals with such a directive - well okay it's been many years 
since I did code so I may absolutely have missed something.

But I did check/unpack latest clamav-toaster-0.96.1.1.3.36.rpm and found that 
the logtime is set to YES in the freshclam.conf file - which matches perfectly 
with my own latest freshclam.conf.rpmnew (etc/freshclam.conf.rpmnew) file that 
has the YES setting.

I think the YES setting may have been introduced when clamav-toaster-0.96.0* 
was made, because it was that time I had the issue at first (back in April) - I 
also recall that I used the QTP-MENU update - and had some issues switching to 
production (I made some notes but have lost them) .

Doing some checking in the clamav.org site and checking the latest source from 
here, the setting in the freshclam.conf is NO.

when I get some time I will try to find the rpm's from then and unpack to 
verify.

Cheers,
Finn


Thanks Finn.

FWIW, my freshclam.conf.rpmnew from the latest (0.96.1) update also has "LogTime 
Yes", so at least that's consistent (and I'm not losing my mind - yet).

--
-Eric 'shubes'


---------------------------------------------------------------------------------


--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
         To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
"It isn't that they can't see the solution. It is that they can't see the 
problem."

Gilbert K. Chesterton


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
     Vickers Consulting Group offers Qmailtoaster support and installations.
       If you need professional help with your setup, contact them today!



---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com