Posts Tagged ‘clamav’

Third-party phishing and scam signatures for ClamAV

Saturday, August 2nd, 2008

Wow, check this out! While reading SpamAssassin mailing group archives yesterday I dug out this quite interesting ClamAV signatures published by SaneSecurity. This could be an extra obstacle in never ending war with spammers and could potentially reduce the load on SpamAssassin, because the detection it taking place before SA starts scoring. Gonna see how it works on a test machine.

[20080805]: Cool! More than a hundred hits during only one night and still kickin’. Go production, go!

How to rotate clamd/freshclam log files

Sunday, January 27th, 2008

At some point you may get the following message in freshclam.log file:

  1. Log size = 3701814, max = 1048576
  2. LOGGING DISABLED (Maximal log file size exceeded).

That means that you reached the maximum allowed log size defined by LogFileMaxSize parameter found in clamd.conf and basically logging was disabled.

So, how to rotate freshclam.log?

There is a way to rotate ClamAV log files using newsyslog. In order to do this edit /etc/newsyslog.conf and add the following line (all in one line), following by killall -HUP syslogd:

  1. /var/log/clamav/freshclam.log qscand:qscand 644 3 * $W0D1 Z /var/run/clamav/freshclam.pid 1

It does look like a standard newsyslog entry with four values worth mentioning though. qscand:qscand is the one who runs clamd/freshclam (I use clamd with qmail-scanner). The second one $W0D1 means rotate every week on Sunday at 1AM. The third and the forth one /var/run/clamav/freshclam.pid 1 mean that the signal number 1 will be sent to the daemon’s process ID (/var/run/clamav/freshclam.pid) which stands for HUP (hang up). In other words we just restart freshclam after each sucessfull log rotation.

Check man newsyslog.conf and man kill for more details in case interested.

PS: I beleive you can rotate clamd.log the same way assuming that you would change PID to /var/run/clamav/clamd.pid, not tested though.

PSS [20080528]: Confirmed. Same technique works fine with clamd.log as well.

  1. /var/log/clamav/clamd.log qscand:qscand 644 3 * $W0D1 Z /var/run/clamav/clamd.pid 1