Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)
On Mar 16, 2004, at 6:28 PM, Wayne Sierke wrote: On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote: Hope this is of some use: snip Clamd log rotation: first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment: # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid then, add the following (one line) to /etc/newsyslog.conf /var/log/clamd.log 644 3 *$W0D1 BJ \ /var/run/clamd.pid 1 this will rotate the log once a week, keep 3 of them (current log +3 weeks). it will also compress the old one with bzip2 and SIGHUP the clamd process. seems to work just fine for me, running clamav-devel on -current (Mar 3 or so right now) Here's what I got: # ls -lrt /var/log/clamd* -rw-r- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 - SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 - SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 - ERROR: accept() failed. Wed Mar 17 06:59:32 2004 - SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 - SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 - SelfCheck: Database status OK. # portversion -v clamav* clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). I suppose the next question is, how *should* I be doing the log rotation (if I do a ports update and it does indeed update to .70)...what entries in the newsyslog.conf file should be made and what, if anything, needs to be entered into the clamav file? I don't want to mix workaround for not continuing to log old method with new works with sighup method... Thanks everyone! -Bart ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)
On Tue, 2004-03-16 at 08:45, Jonathan T. Sage wrote: Hope this is of some use: snip Clamd log rotation: first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment: # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid then, add the following (one line) to /etc/newsyslog.conf /var/log/clamd.log644 3 *$W0D1 BJ \ /var/run/clamd.pid 1 this will rotate the log once a week, keep 3 of them (current log +3 weeks). it will also compress the old one with bzip2 and SIGHUP the clamd process. seems to work just fine for me, running clamav-devel on -current (Mar 3 or so right now) Here's what I got: # ls -lrt /var/log/clamd* -rw-r- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 - SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 - SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 - ERROR: accept() failed. Wed Mar 17 06:59:32 2004 - SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 - SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 - SelfCheck: Database status OK. # portversion -v clamav* clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). Wayne ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ClamAV Log Rotation (WAS: Antivirus suggestion...)
Wayne Sierke wrote: snip Clamd log rotation: first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment: # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid then, add the following (one line) to /etc/newsyslog.conf /var/log/clamd.log 644 3 *$W0D1 BJ \ /var/run/clamd.pid 1 this will rotate the log once a week, keep 3 of them (current log +3 weeks). it will also compress the old one with bzip2 and SIGHUP the clamd process. seems to work just fine for me, running clamav-devel on -current (Mar 3 or so right now) Here's what I got: # ls -lrt /var/log/clamd* -rw-r- 1 clamav clamav 0 Mar 17 06:00 /var/log/clamd.log -rw-r- 1 clamav clamav 35873 Mar 17 09:00 /var/log/clamd.log.0 # tail -n 6 /var/log/clamd.log.0 Wed Mar 17 05:58:54 2004 - SelfCheck: Database status OK. Wed Mar 17 06:00:00 2004 - SIGHUP catched: log file re-opened. Wed Mar 17 06:00:00 2004 - ERROR: accept() failed. Wed Mar 17 06:59:32 2004 - SelfCheck: Database status OK. Wed Mar 17 08:00:10 2004 - SelfCheck: Database status OK. Wed Mar 17 09:00:48 2004 - SelfCheck: Database status OK. # portversion -v clamav* clamav-0.67.1 = up-to-date with port Hmm, just saw a submission to -ports for an update to 0.70-rc, looks like that version is needed to have the SIGHUP handling (according to its NEWS file). Ah. yes, When I wrote this, i was using clamav-devel, and the SIGHUP handling works fine there. thanks for the info though. ~j -- Jonathan T. Sage Theatrical Lighting / Set Designer Professional Web Design [HTTP://www.JTSage.com] [EMAIL PROTECTED] [See Headers for Contact Info] signature.asc Description: OpenPGP digital signature
Antivirus suggestion...
Anybody can suggest me a free antivirus to use with MailScanner + Spammassassin on a FreeBSD-4.8 box running Exim as MTA ??? Thanks in advance... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Antivirus suggestion...
take a look at clamav, which is in the ports /usr/ports/security/clamav free, and good :-) -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Xpression Verzonden: zaterdag 15 maart 2003 15:01 Aan: FreeBSD-questions Onderwerp: Antivirus suggestion... Anybody can suggest me a free antivirus to use with MailScanner + Spammassassin on a FreeBSD-4.8 box running Exim as MTA ??? Thanks in advance... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Antivirus suggestion...
On Mar 15, 2003, at 9:01 AM, Xpression wrote: Anybody can suggest me a free antivirus to use with MailScanner + Spammassassin on a FreeBSD-4.8 box running Exim as MTA ??? Thanks in advance... I haven't tried it on Exim, but I've had mostly good luck with ClamAV (need to work on the log rotation question I've posted previously about, though...) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ClamAV Log Rotation (WAS: Antivirus suggestion...)
Hope this is of some use: Bart Silverstrim wrote: I haven't tried it on Exim, but I've had mostly good luck with ClamAV (need to work on the log rotation question I've posted previously about, though...) Speaking of that log question, have you been able to prove (substantiate may be a better word) that this happens? also note that newsyslog has the ability to -HUP a process when it rotates a log file (for details on how to do this, take a look at apache log rotation howtos). I have been seeing several posts to the clamav-users list about it happening, that once it hits the quota limit for the logfile size that it will stop working. Has it happened to me yet? no...my logfile hasn't reached the 5 meg limit yet :-) I do need to find a way to rotate the log though. I'm just waiting to find someone that can say yes, I'm running clamav, and using newsyslog to rotate the log, here's the line I use in the conf file to do it and here's the line I use in the clamav.conf file to get it to work... Hey, if you get a working rotation configuration for Clamd, please do share! :-) I've got a production server holding it's own in proving open source software is a viable alternative to the commercial fellas for our school district, and I don't need to have our mail system go belly up because of an overgrown logfile :-) Clamd log rotation: first and foremost, make sure that clamav is gonna drop a pidfile. in /usr/local/etc/clamav.conf, uncomment: # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid then, add the following (one line) to /etc/newsyslog.conf /var/log/clamd.log 644 3 *$W0D1 BJ \ /var/run/clamd.pid 1 this will rotate the log once a week, keep 3 of them (current log +3 weeks). it will also compress the old one with bzip2 and SIGHUP the clamd process. seems to work just fine for me, running clamav-devel on -current (Mar 3 or so right now) ~j -- Jonathan T. Sage Theatrical Lighting / Set Designer Professional Web Design [HTTP://www.JTSage.com] [EMAIL PROTECTED] [See Headers for Contact Info] signature.asc Description: OpenPGP digital signature