<< Back to shouce.jb51.net

Clamav Log Page

This page shows the log files of the antivirus daemon clamav and the virii signature updater freshclam.

Figure 9.10. Displays clamav log viewer

Displays clamav log viewer

For this page, the Logs information appearing in the Log: section of the window consists of:

Clamav itself normally does not have to log much, since services which make use of clamav log to their log files if they find a virus. This log file is useful to see information about clamav signature updates.

As you can see below the lines show when the update process started and what it has done. On Endian Firewall ClamAV automatically updates each full hour, therefore you will see such lines appear every hour. The last two lines show the currently installed signature base version and how much virus signatures they contain.

May 16 08:01:00 freshclam[27206]: Daemon started.
May 16 08:01:00 freshclam[27206]: ClamAV update process started at Tue May 16 08:01:00 2006
May 16 08:01:00 freshclam[27206]: main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm)
May 16 08:01:00 freshclam[27206]: daily.cvd is up to date (version: 1463, sigs: 4343, f-level: 8, builder: ccordes)

If new signatures are ready to install they will be automatically downloaded, installed and then the ClamAV daemon reloads automatically its signature database. You will find such a log entry if this happens:

May 15 13:01:00 freshclam[12157]: Daemon started.
May 15 13:01:00 freshclam[12157]: ClamAV update process started at Tue May 15 13:01:00 2006
May 15 13:01:00 freshclam[12157]: main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm)
May 15 13:01:08 freshclam[12157]: daily.cvd updated (version: 1463, sigs: 4343, f-level: 8, builder: ccordes)
May 15 13:01:08 freshclam[12157]: Database updated (55549 signatures) from db.local.clamav.net (IP: 213.92.8.5)
May 15 13:01:08 clamd[27017]: SelfCheck: Database modification detected. Forcing reload.
May 15 13:01:08 clamd[27017]: Reading databases from /usr/share/clamav
May 15 13:01:08 freshclam[12157]: Clamd successfully notified about the update.
May 15 13:01:08 clamd[27017]: Database correctly reloaded (55549 viruses)

As the log lines show you, after the download of the new signaturefile daily.cvd, the update daemon freshclam notifies the antivirus daemon clamd about the modification and it immediatly reloads all it's virus signatures.

Note

Each line shows you process information after the timestamp. This is the name of the process and the Process ID in square brackets.