search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.49k stars 709 forks source link

No log output from freshclam #1022

Open Forza-tng opened 1 year ago

Forza-tng commented 1 year ago

Describe the bug

I have installed ClamAV 1.2.0 on Gentoo Linux, amd64. The problem I have is that freshclam does not output anything to a log file, or to syslog if I configure it for that.

I have also enabled verbose output and debug output, but it does not affect logging. I have switched between file log and syslog, but none are working. I do get normal console output, but debug and verbose modes do not increase console output.

When running freshclam through strace, I cannot see any syscalls that tries to write to the log file. I'll see if I can attach it to this ticket. It is rather large.

In addition I have changed clamav/freshclam user to root and changed the filesystem permissions accordingly.

I do not use the milter part of clamav.

clamconf -n

Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
LogTime = "yes"
LogClean = "yes"
LogSyslog = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamav/clamd.pid"
LocalSocket = "/var/run/clamav/clamd.sock"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
MaxThreads = "20"
ExcludePath = "^/proc/", "^/sys/", "^/dev/"
AlertPhishingSSLMismatch = "yes"
AlertPhishingCloak = "yes"
MaxFileSize = "419430400"
OnAccessMountPath = "/media/userData", "/media/filehistory", "/media/downloads", "/home"
OnAccessExcludeUname = "clamav"
OnAccessMaxFileSize = "10485760"
OnAccessMaxThreads = "10"
Config file: freshclam.conf
---------------------------
LogTime = "yes"
LogSyslog = "yes"
LogVerbose = "yes"
PidFile = "/run/freshclam.pid"
Debug = "yes"
UpdateLogFile = "/var/log/clamav/freshclam_.log"
DatabaseOwner = "root"
DatabaseMirror = "database.clamav.net"
Config file: clamav-milter.conf
-------------------------------
LogFile = "/var/log/clamav/clamav-milter.log"
PidFile = "/var/run/clamav-milter.pid"
User = "root"
ClamdSocket = "unix:/run/clamav/clamd.sock"
Software settings
-----------------
Version: 1.2.0
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR
Database information
--------------------
Database directory: /var/lib/clamav
main.cld: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023
daily.cld: version 27028, sigs: 2040447, built on Mon Sep 11 09:37:06 2023
Total number of signatures: 8687965
Platform information
--------------------
uname: Linux 6.4.12-gentoo-e350 #1 SMP Sat Aug 26 12:38:31 CEST 2023 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: "Gentoo Linux"
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21bebe08000000000c0301
Build information
-----------------
GNU C: 12.3.1 20230526 (12.3.1)
sizeof(void*) = 8
Engine flevel: 190, dconf: 190

Attachments

Screenshot_20230910_212517_Termius

micahsnyder commented 1 year ago

Ordinarily you would set DatabaseOwner clamav instead of root. And you would set the owner to be clamav user for both:

In that configuration, and with these settings, I had no issues getting log messages to appear in the freshclam_.log file (same filename as in your config). My freshclam.conf file has:

LogTime yes
LogSyslog yes
LogVerbose yes
PidFile /run/freshclam.pid
Debug yes
UpdateLogFile /var/log/clamav/freshclam_.log
DatabaseDirectory /var/lib/clamav
DatabaseOwner clamav
DatabaseMirror database.clamav.net
micahsnyder commented 1 year ago

Oh it's worth mentioning that you need to start freshclam with sudo / as root in order for that PidFile setting to work, and that freshclam will drop privileges after startup to run as the clamav user.