On Thursday 06 December 2012 13:21:24 Bowie Bailey did opine: > On 12/6/2012 11:25 AM, franckm wrote: > > Bowie Bailey wrote: > >> On 12/6/2012 10:43 AM, franckm wrote: > >>> Ok I've done that. LogTimes are shown (in a weird datetime format) > >>> but the > >>> > >>> file that I've just scanned is not listed at all: > >>>> clamdscan > >>>> /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt > >>> > >>> /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK > >>> > >>> ----------- SCAN SUMMARY ----------- > >>> Infected files: 0 > >>> Time: 0.003 sec (0 m 0 s) > >> > >> By default, clamd does not log clean files. There is an option for > >> that in clamd.conf... > >> Speaking of clamd.conf, I wonder if some of you might be editing the wrong clamd.conf file? I am not sure how it got to be, but according the the launcher script in /etc/init.d. it is using /etc/clamav/clamd.conf, but I have others also.
root@coyote:/etc/clamav# locate clamd.conf /etc/clamd.conf /etc/clamav/clamd.conf /usr/etc/clamd.conf /usr/local/etc/clamd.conf /usr/share/doc/clamav-base/examples/clamd.conf /usr/share/man/man5/clamd.conf.5.gz /usr/src/clamav-0.97.5/docs/man/clamd.conf.5 /usr/src/clamav-0.97.5/docs/man/clamd.conf.5.in /usr/src/clamav-0.97.5/etc/clamd.conf /var/lib/ucf/cache/:etc:clamav:clamd.conf The 9.5 in installed when it was obvious that ubuntu wasn't going to update the 96.3 install 10.04.4 came with, but now they must have because clamd -- version says 97.6. The src tree can be nuked, as can /etc/clamd.conf, /usr/etc/clamd.conf. /usr/local/etc/clamd.conf. It is much less confusing when you only have _one_ clamd.conf, preferably located where the launcher in /etc/init.d says it is. The same situation vis-a-vis freshclam also exists, so I have been doing some house cleaning. > >> # Also log clean files. Useful in debugging but drastically increases > >> the # log size. > >> # Default: disabled > >> #LogClean 1 > > > > Thanks it works now but I am not getting the log line when a new file > > is getting scanned. I only get the result (OK line) > > > > With clamscan in verbose mode I used to get: > >> clamscan --verbose > >> /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt > > > > Scanning > > /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt > > /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK > > > > ----------- SCAN SUMMARY ----------- > > Known viruses: 315745 > > Engine version: 0.93 > > Scanned directories: 0 > > Scanned files: 1 > > Infected files: 0 > > Data scanned: 0.01 MB > > Time: 2.001 sec (0 m 2 s) > > > > > > With clamdscan in verbose mode (LogVerbose yes) I get only the OK line > > > > > > Thu Dec 6 16:16:17 2012 -> > > /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt: OK > > I don't think there is any way to replicate the verbose command line > behavior in the log file. The log file will only log one line per file > scanned indicating whether it is clean or has a virus. > > Is there really any value in logging that a file is being scanned and > then 2 seconds later logging that the file is clean? Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) My web page: <http://coyoteden.dyndns-free.com:85/gene> is up! If you keep anything long enough, you can throw it away. I was taught to respect my elders, but its getting harder and harder to find any... _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml