Re: [Clamav-users] Logrotate won't restart clamd
Hi, I have the same problem (0.65 and devel). It seems the signal handling isn't sufficient. In clamd/server.c sighup is set, but it seems it's never really used to re-open the logfile. case SIGHUP: sighup = 1; - Frank -- Email: [EMAIL PROTECTED] http://www.tu-chemnitz.de/~fri/ Work: Computing Services, Chemnitz University of Technology, Germany --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
Tomasz Kojm wrote: That's not gonna work. I have clamd.log in directory writeable by user The log file itself must be writeable for clamd not only a directory. But of course logfile is owned by user clamav group clamav mode 640. _IT_IS_A_BUG_. -- Tuomo Soini [EMAIL PROTECTED] Linux and network services +358 40 5240030 Foobar Oy http://foobar.fi/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
Dennis Skinner wrote: Seems to work fine for me. Try the copytruncate option. Copytruncate is only work-around that bug. Clamd doesn't close logfile and open it again as it should when it's getting SIGHUP. And same applies to freshclam. -- Tuomo Soini [EMAIL PROTECTED] Linux and network services +358 40 5240030 Foobar Oy http://foobar.fi/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Tue, 03 Feb 2004 at 9:57:02 +0200, Tuomo Soini wrote: Dennis Skinner wrote: Seems to work fine for me. Try the copytruncate option. Copytruncate is only work-around that bug. Clamd doesn't close logfile and open it again as it should when it's getting SIGHUP. And same applies to freshclam. It may be true, unfortunately. I'd like to stress that, though logrotate and clamd cooperate for me, it may be the effect of restarting clamd, not SIGHUPping it: postrotate /etc/init.d/clamav-daemon force-reload endscript The entry force-reload contains 'stop; sleep; start'. I haven't tried SIGHUP. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 2004-02-02 at 17:42, Paul Carpenter wrote: I use logrotate on my RedHat system with: /var/log/clamd.log { missingok create 0640 clamav root prerotate /sbin/service clamd stop 2 /dev/null || true endscript postrotate sleep 5 /sbin/service clamd start 2 /dev/null || true endscript } Seems to work fine. Except that you're allowing viruses to pass through during that sleep 5... -- Tarjei --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Tue, 03 Feb 2004 at 13:37:16 +0100, Tarjei Knapstad wrote: On Mon, 2004-02-02 at 17:42, Paul Carpenter wrote: I use logrotate on my RedHat system with: /var/log/clamd.log { missingok create 0640 clamav root prerotate /sbin/service clamd stop 2 /dev/null || true endscript postrotate sleep 5 /sbin/service clamd start 2 /dev/null || true endscript } Seems to work fine. Except that you're allowing viruses to pass through during that sleep 5... I don't know all possible ways of using clamav so I can't say for sure... but no, it doesn't allow viruses to pass. In the worst case MTA just queues messages for a while, when clamd isn't up. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Tue, 03 Feb 2004 at 13:28:07 +0100, Kritof Petr wrote: Tomasz Papszun wrote: It may be true, unfortunately. I'd like to stress that, though logrotate and clamd cooperate for me, it may be the effect of restarting clamd, not SIGHUPping it: postrotate /etc/init.d/clamav-daemon force-reload endscript The entry force-reload contains 'stop; sleep; start'. Doesnt it drops all open connections from users who acually scans something? Not at all. I use Postfix + Amavisd-new. In case clamd is unavailable (for any reason), messages are given to av_scanners_backup, which contains clamscan. Clamscan is (almost) always available. Even if none scanners would be available, postfix just queues messages in an internal spool. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Logrotate won't restart clamd
I am using logrotate to rotate my clamd logs. I have an entry called clam in /etc/logrotate.d which looks like this: /var/log/clam/clam*.log { sharedscripts postrotate /bin/kill `/usr/bin/cat /var/run/clamd/clamd.pid` 2/dev/null /usr/local/sbin/clamd endscript } If I don't kill clamd, it keeps writing to the old log. When this runs, the clam daemon dies. I've tried killall -HUP, but it doesn't work (presumably an issue with ownership of the process). I've also tried a sleep between the two commands to give clamd a chance to die. I have a cron job which rescues clamd if it dies, but it's not a very elegant way of doing it. Any suggestions as to how I can get this working? I run clamd as user clamav. I've got Slackware 9.1 and clamav-6.50 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
Robert S wrote: I am using logrotate to rotate my clamd logs. I have an entry called clam in /etc/logrotate.d which looks like this: /var/log/clam/clam*.log { sharedscripts postrotate /bin/kill `/usr/bin/cat /var/run/clamd/clamd.pid` 2/dev/null /usr/local/sbin/clamd endscript } If I don't kill clamd, it keeps writing to the old log. When this runs, the clam daemon dies. I've tried killall -HUP, but it doesn't work (presumably an issue with ownership of the process). I've also tried a sleep between the two commands to give clamd a chance to die. I have a cron job which rescues clamd if it dies, but it's not a very elegant way of doing it. Any suggestions as to how I can get this working? Yes . It is known issue. I reported it many times in last 6 month, but developers ignores it. Log rotating never worked. Petr --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 02 Feb 2004 11:28:59 +0100 Krištof Petr [EMAIL PROTECTED] wrote: Yes . It is known issue. I reported it many times in last 6 month, but developers ignores it. Log rotating never worked. Unfortunately, I'm not familiar with logrotate. But will check the HUP handling tonight. Sorry ! Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Feb 2 13:01:37 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Logrotate won't restart clamd
Tomasz Kojm wrote: On Mon, 02 Feb 2004 11:28:59 +0100 Kritof Petr [EMAIL PROTECTED] wrote: Yes . It is known issue. I reported it many times in last 6 month, but developers ignores it. Log rotating never worked. Unfortunately, I'm not familiar with logrotate. But will check the HUP handling tonight. Sorry ! Tomasz, you dont need to lose time with logrotate. This is simple step by step, how to test it: 1) Start clamd 2) Remove clamd's log file 3) Sent SIGHUP to clamd 4a) You will got error Mon Feb 2 13:58:35 2004 - SIGHUP catched: log file re-opened. Mon Feb 2 13:58:35 2004 - ERROR: accept() failed. 4b) Clamd should will create new log file and start to log to it. This is the way the logrotate works. It removes old logfile and sends SIGHUP to clamd to re-create log file and continue logging. Thanks Petr --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 02 Feb 2004 at 14:03:55 +0100, Kritof Petr wrote: Tomasz Kojm wrote: Unfortunately, I'm not familiar with logrotate. But will check the HUP handling tonight. Sorry ! Tomasz, you dont need to lose time with logrotate. This is simple step by step, how to test it: 1) Start clamd 2) Remove clamd's log file 3) Sent SIGHUP to clamd 4a) You will got error Mon Feb 2 13:58:35 2004 - SIGHUP catched: log file re-opened. Mon Feb 2 13:58:35 2004 - ERROR: accept() failed. 4b) Clamd should will create new log file and start to log to it. This is the way the logrotate works. It removes old logfile and sends SIGHUP to clamd to re-create log file and continue logging. I didn't look at the sources but I've always thought that log rotating is done different way. The current logfile is _moved_ to other filename, not removed (deleted). Due to this, the logfile is still open and new entries can be written to it. Then on reload or restart, the handle (file descriptor?) is released and the new logfile is created. Not earlier! I don't know if it makes any difference for clamd, though. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 2004-02-02 at 07:27, Tomasz Papszun wrote: On Mon, 02 Feb 2004 at 14:03:55 +0100, Kritof Petr wrote: Tomasz Kojm wrote: The current logfile is _moved_ to other filename, not removed (deleted). Initially, yes, but a SIGHUP is done to make the application re-open the log files. Then the original log file is compressed, which essentially deletes the old file. -- Daniel J McDonald, CCIE 2495, CNX Austin Energy --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 02 Feb 2004 at 7:43:28 -0600, Daniel J McDonald wrote: On Mon, 2004-02-02 at 07:27, Tomasz Papszun wrote: On Mon, 02 Feb 2004 at 14:03:55 +0100, Kritof Petr wrote: Tomasz Kojm wrote: The current logfile is _moved_ to other filename, not removed (deleted). Initially, yes, but a SIGHUP is done to make the application re-open the log files. Then the original log file is compressed, which essentially deletes the old file. I was talking about that _initially_ aspect. What happens later with old logfiles is out of clamd interest. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
Tomasz Papszun wrote: On Mon, 02 Feb 2004 at 7:43:28 -0600, Daniel J McDonald wrote: I was talking about that _initially_ aspect. What happens later with old logfiles is out of clamd interest. That's not the problem. Problem is that kill -HUP doesn't affect clamd at all. It doesn't release old lockfile. My logrotate script is: /var/log/clamav/clamd.log { missingok create 640 clamav clamav postrotate /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2 /dev/null` 2 /dev/null || true endscript } Problem is clamd won't release and re-open logfile. And same problem is with freshclam. -- Tuomo Soini [EMAIL PROTECTED] Linux and network services +358 40 5240030 Foobar Oy http://foobar.fi/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 2 Feb 2004, Daniel Wiberg wrote: Just a thought, user clamav does not have write permissions in the log directory, so logrotate, which I guess runs as root should create the new files also, owned by user clamav. Or did I overlook something? That could be it. If clamav opens the log file initially as root, but when it receives the HUP signal it may be trying as the clam user. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Mon, 02 Feb 2004 at 14:53:10 +0100, Daniel Wiberg wrote: On Mon, Feb 02, 2004 at 02:27:18PM +0100, Tomasz Papszun wrote: I didn't look at the sources but I've always thought that log rotating is done different way. The current logfile is _moved_ to other filename, not removed (deleted). Due to this, the logfile is still open and new entries can be written to it. Then on reload or restart, the handle (file descriptor?) is released and the new logfile is created. Not earlier! I don't know if it makes any difference for clamd, though. Just a thought, user clamav does not have write permissions in the log directory, so logrotate, which I guess runs as root should create the new files also, owned by user clamav. Or did I overlook something? Daniel is right. I forgot to write the most important thing :-) : clamd works with logrotate correctly at my place. The previous logfile ends with: Sun Feb 1 06:28:36 2004 - Socket file removed. Sun Feb 1 06:28:36 2004 - Pid file removed. Sun Feb 1 06:28:36 2004 - --- Stopped at Sun Feb 1 06:28:36 2004 And the current one begins with: Sun Feb 1 06:28:36 2004 - +++ Started at Sun Feb 1 06:28:36 2004 Sun Feb 1 06:28:36 2004 - Log file size limit disabled. Sun Feb 1 06:28:36 2004 - Reading databases from /var/lib/clamav/ ... This is ClamAV version 0.65-BugFixesFromCVS-20031123 on Debian Woody. My clamav-daemon entry is: /var/log/clamd.log { weekly missingok notifempty compress postrotate /etc/init.d/clamav-daemon force-reload endscript } But I have also create option in logrotate.conf so a new logfile is created with the same attributes as an old one (amavis.amavis). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
Tomasz Kojm wrote: That could be it. If clamav opens the log file initially as root, but when it receives the HUP signal it may be trying as the clam user. You're right. Petr: the solution to your problem is to change the owner of the log file so clamd is able to open it for r/w. Doesnt help. [EMAIL PROTECTED] clamav]# ll total 15 drwxr-xr-x2 clamav clamav 1024 Feb 2 22:58 . drwxr-xr-x 14 root root 2048 Feb 2 21:33 .. -rw-r-1 clamav clamav 11399 Feb 2 22:33 clamd.log [EMAIL PROTECTED] clamav]# mv clamd.log clamd.log.0 [EMAIL PROTECTED] clamav]# kill -SIGHUP `cat /var/run/clamav/clamd.pid` [EMAIL PROTECTED] clamav]# ll total 15 drwxr-xr-x2 clamav clamav 1024 Feb 2 22:58 . drwxr-xr-x 14 root root 2048 Feb 2 21:33 .. -rw-r-1 clamav clamav 11515 Feb 2 22:59 clamd.log.0 # tac clamd.log.0 |more Mon Feb 2 22:59:06 2004 - ERROR: accept() failed. Mon Feb 2 22:59:06 2004 - SIGHUP catched: log file re-opened. Mon Feb 2 22:33:49 2004 - SelfCheck: Database status OK. Mon Feb 2 21:33:12 2004 - SelfCheck: Database status OK. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
Tomasz Kojm wrote: You're right. Petr: the solution to your problem is to change the owner of the log file so clamd is able to open it for r/w. That's not gonna work. I have clamd.log in directory writeable by user clamav and logrotate script creates logfile owned by user clamav group clamav and clamd doesn't change logfile. After kill -HUP it writes to old logfile. clamav is 0.65. -- Tuomo Soini [EMAIL PROTECTED] Linux and network services +358 40 5240030 Foobar Oy http://foobar.fi/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Logrotate won't restart clamd
On Tue, 03 Feb 2004 00:05:33 +0200 Tuomo Soini [EMAIL PROTECTED] wrote: Tomasz Kojm wrote: You're right. Petr: the solution to your problem is to change the owner of the log file so clamd is able to open it for r/w. That's not gonna work. I have clamd.log in directory writeable by user The log file itself must be writeable for clamd not only a directory. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Feb 2 23:26:57 CET 2004 pgp0.pgp Description: PGP signature