Wazuh Integration. Logging virus detection to /var/log/syslog does not work

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net

https://www.clamav.net/

GNU General Public License v2.0

4.47k stars 707 forks source link

Wazuh Integration. Logging virus detection to /var/log/syslog does not work #1404

Closed Fre33m0 closed 1 week ago

Fre33m0 commented 2 weeks ago

After viewing the manual, setting LogSyslog to true is supposed to forward all logs to /var/log/syslog, but in the case, the logs related to the virus detection are not forwarded to the file.

Ubuntu 24.04 Install via: sudo apt-get install clamav clamav-freshclam

Due to this error, we do not receive any warnings regarding viruses in Wazuh.

Fre33m0 commented 1 week ago

Solved: clamdscan --fdpass --log=/var/log/myclam.log /home/user/

clamav without "d" does not work.

micahsnyder commented 1 week ago

Glad to hear you solved it.

clamdscan connects to clamd, and clamd.conf only applies to clamd and associated clients to clamd (e.g. clamdscan, clamonacc, and clamav-milter).

clamscan does not use any config file and relies purely on commandline options.