ClamAV Log Rotation (WAS: Antivirus suggestion...)

Jonathan T. Sage sagejona at theatre.msu.edu
Mon Mar 15 14:15:34 PST 2004 

Hope this is of some use:

Bart Silverstrim wrote:
>>>>> I haven't tried it on Exim, but I've had mostly good luck with 
>>>>> ClamAV (need to work on the log rotation question 
 >>>>> I've posted previously about, though...)

>>>> Speaking of that log question, have you been able to prove 
>>>> (substantiate may be a better word) that this happens?  also note 
>>>> that newsyslog has the ability to -HUP a process when it rotates a 
>>>> log file (for details on how to do this, take a look at apache log 
>>>> rotation howtos).

>>> I have been seeing several posts to the clamav-users list about it 
>>> happening, that once it hits the quota limit for the logfile size 
>>> that it will stop working.  Has it happened to me yet? no...my 
>>> logfile hasn't reached the 5 meg limit yet :-)
>>> I do need to find a way to rotate the log though.  I'm just waiting 
>>> to find someone that can say "yes, I'm running clamav, and using 
>>> newsyslog to rotate the log, here's the line I use in the conf file 
>>> to do it and here's the line I use in the clamav.conf file to get it 
>>> to work..."

  > Hey, if you get a working rotation configuration for Clamd, please do
> share! :-)  I've got a production server holding it's own in proving 
> open source software is a viable alternative to the commercial fellas 
> for our school district, and I don't need to have our mail system go 
> belly up because of an overgrown logfile :-)

Clamd log rotation:

first and foremost, make sure that clamav is gonna drop a pidfile.  in 
/usr/local/etc/clamav.conf, uncomment:

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid

then, add the following (one line) to /etc/newsyslog.conf

/var/log/clamd.log 			644  3     *    $W0D1 BJ \
     /var/run/clamd.pid  1

this will rotate the log once a week, keep 3 of them (current log +3 
weeks).  it will also compress the old one with bzip2 and SIGHUP the 
clamd process.  seems to work just fine for me, running clamav-devel on 
-current (Mar 3 or so right now)

~j

-- 
Jonathan T. Sage
Theatrical Lighting / Set Designer
Professional Web Design

[HTTP://www.JTSage.com]
[sagejona at msu.edu]
[See Headers for Contact Info]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040315/b3b4ae94/signature.bin

More information about the freebsd-questions mailing list