Hi, Friends,
I want to share my resolve way via gemini ai helps about this clamav report
issue in logwatch.
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04.2 LTS
Release: 24.04
# apt-cache policy clamav-freshclam
clamav-freshclam:
Installed: 1.4.3+dfsg-0ubuntu0.24.04.1
Candidate: 1.4.3+dfsg-0ubuntu0.24.04.1
Version table:
*** 1.4.3+dfsg-0ubuntu0.24.04.1 500
500 https://free.nchc.org.tw/ubuntu noble-updates/main amd64 Packages
500 https://free.nchc.org.tw/ubuntu noble-security/main amd64 Packages
100 /var/lib/dpkg/status
1.0.5+dfsg-1.1ubuntu3 500
500 https://free.nchc.org.tw/ubuntu noble/main amd64 Packages
# apt-cache policy logwatch
logwatch:
Installed: 7.7-1ubuntu1
Candidate: 7.7-1ubuntu1
Version table:
*** 7.7-1ubuntu1 500
500 https://free.nchc.org.tw/ubuntu noble/main amd64 Packages
500 https://free.nchc.org.tw/ubuntu noble/main i386 Packages
100 /var/lib/dpkg/status
#######
I am lazy user until last week to just upgrade to my os to latest release.
And I am starting to fix many compatible detects until now, and this clamAV
report is the one of headaches.
It is always report cannot detect any logs in default file
(/var/log/clamav/freshclam.log) where has had working well before.
$ tail /var/log/clamav/freshclam.log
Fri Aug 1 09:03:31 2025 -> --------------------------------------
Fri Aug 1 09:03:31 2025 -> daily.cld database is up-to-date (version: 27718,
sigs: 2076325, f-level: 90, builder: raynman)
Fri Aug 1 09:03:31 2025 -> main.cvd database is up-to-date (version: 62, sigs:
6647427, f-level: 90, builder: sigmgr)
Fri Aug 1 09:03:31 2025 -> bytecode.cld database is up-to-date (version: 336,
sigs: 83, f-level: 90, builder: nrandolp)
BEFORE:
$ logwatch --detail high --range yesterday --service clam-update
$ logwatch --detail high --range today --service clam-update
$ logwatch --detail high --service clam-update
(nothing to show, although it is really there logs.)
AFTER:
After google gemini ai helps, I finally understand the perl script cannot
identify now format of clamav log.
Perl language is too much advanced learning for me, and I use this customized
script file instead.
$ sudo nano /etc/logwatch/conf/logfiles/clam-update.conf
LogFile = /var/log/clamav/freshclam.log
Archive = /var/log/clamav/freshclam.log.*
$ sudo nano /etc/logwatch/scripts/services/clam-update
#!/bin/sh
# 這個腳本只會處理從 logwatch 傳入的日誌內容
# 並篩選出最近 24 小時內的記錄
# 計算 24 小時前 Unix 時間戳
TIME_24_HOURS_AGO=$(date -d "24 hours ago" +%s)
echo "ClamAV Report (Last 24 Hours):"
echo "======================"
# 讀取 logwatch 傳入的所有日誌內容
LOG_INPUT=$(cat)
# 使用 awk 篩選出 24 小時內的日誌行
FILTERED_LOGS=$(echo "$LOG_INPUT" | awk -v time_ago="$TIME_24_HOURS_AGO" '{
# 檢查日誌行的格式是否正確
if (match($0, /^[A-Z][a-z]{2} +[A-Z][a-z]{2} +[ 0-9]+
[0-9]{2}:[0-9]{2}:[0-9]{2}/)) {
# 將日誌時間轉換為 Unix 時間戳
log_date = substr($0, RSTART, RLENGTH) " " strftime("%Y", systime())
cmd = "date -d \"" log_date "\" +%s 2>/dev/null"
cmd | getline log_timestamp
close(cmd)
# 如果日誌時間晚於 24 小時前,則印出
if (log_timestamp > time_ago) {
print $0
}
} else {
# 如果不是標準日誌行,可能是一行被截斷的日誌,也一併印出
print $0
}
}')
echo ""
echo "--- Warnings ---"
echo "$FILTERED_LOGS" | grep "WARNING:" | sed 's/^.*freshclam\[[0-9]*\]: //g'
echo ""
echo "--- Errors ---"
echo "$FILTERED_LOGS" | grep "ERROR:" | sed 's/^.*freshclam\[[0-9]*\]: //g'
echo ""
echo "--- Updates ---"
echo "$FILTERED_LOGS" | grep "ClamAV update process started" | sed
's/^.*freshclam\[[0-9]*\]: //g'
echo "$FILTERED_LOGS" | grep "database is up-to-date" | sed
's/^.*freshclam\[[0-9]*\]: //g'
$ sudo chmod +x /etc/logwatch/scripts/services/clam-update
$ logwatch --detail high --service clam-update
################### Logwatch 7.7 (07/22/22) ####################
Processing Initiated: Fri Aug 1 11:00:24 2025
Date Range Processed: yesterday
( 2025-Jul-31 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: stdout / text
Logfiles for Host: linux.jir.idv.tw
##################################################################
--------------------- clam-update Begin ------------------------
ClamAV Report (Last 24 Hours):
======================
--- Warnings ---
--- Errors ---
--- Updates ---
Thu Jul 31 11:30:13 2025 -> daily.cld database is up-to-date (version: 27717,
sigs: 2078182, f-level: 90, builder: nrando>
Thu Jul 31 11:30:13 2025 -> main.cvd database is up-to-date (version: 62,
sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Jul 31 11:30:13 2025 -> bytecode.cld database is up-to-date (version: 336,
sigs: 83, f-level: 90, builder: nrandolp)
...
Fri Aug 1 09:03:31 2025 -> daily.cld database is up-to-date (version: 27718,
sigs: 2076325, f-level: 90, builder: raynma>
Fri Aug 1 09:03:31 2025 -> main.cvd database is up-to-date (version: 62,
sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Aug 1 09:03:31 2025 -> bytecode.cld database is up-to-date (version: 336,
sigs: 83, f-level: 90, builder: nrandolp)
---------------------- clam-update End -------------------------
###################### Logwatch End #########################
After create this customized file and setting, I finally can get the correct
log report to output at least.
However, this way is not able to use parameter "--range" anymore, but also the
default set up in this customized file is shown off the within 24 hours of data
for reference.
I do not know this is good resolve way or not, but this procedure is my limited
knowledge with ai advise to read the moment of status records.
If future can be better or upgrade the maintaining version of logwatch in
Ubuntu, please tell me to run new installation.
Thanks tanking time to read my description.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067608
Title:
clamav-freshclam 1.0.5 and logwatch 7.7-1 fails to report
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2067608/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
