Very minor request: ClamAV more verbose logging?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Very minor request: ClamAV more verbose logging?

K Post
With verbose logging for clamav on, we get lines like:
ClamAV: scanned 1146936 bytes in whitelisted message - OK

Would it be possible to add the name of the file being scanned?
ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

Thomas Eckardt/eck
The scanning engine does not know where the content comes from
(attachment, decompressed attachment, body check, text parts, mail
analyzer, archive post processor ... . )

So - no chance to have this information there.

Thomas



Von:    K Post <[hidden email]>
An:     ASSP development mailing list <[hidden email]>
Datum:  01.10.2016 22:02
Betreff:        [Assp-test] Very minor request: ClamAV more verbose
logging?



With verbose logging for clamav on, we get lines like:
ClamAV: scanned 1146936 bytes in whitelisted message - OK

Would it be possible to add the name of the file being scanned?
ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

K Post
Thanks for the reply.

Doesn't ASSP know what it's sending to the scanner though?  And it's ASSP
that writes to maillog, not ClamAV right?

Separately, I turned ClamAV logging to verbose just to see the logs, and
with this setting as such, I'm getting:
Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down
a couple of times an hour.

I see no issues with ClamAV, but always get worried about warnings.    With
ClamAV logging set to standard, I don't get these warnings.  So the
questions for me become:
1) Is verbose logging slowing things and causing the daemon to be
unreachable or is this happening with standard logging too and just not
logged?
2) Is this normal? If not, what should I do to fix this?



On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt <[hidden email]>
wrote:

> The scanning engine does not know where the content comes from
> (attachment, decompressed attachment, body check, text parts, mail
> analyzer, archive post processor ... . )
>
> So - no chance to have this information there.
>
> Thomas
>
>
>
> Von:    K Post <[hidden email]>
> An:     ASSP development mailing list <[hidden email]>
> Datum:  01.10.2016 22:02
> Betreff:        [Assp-test] Very minor request: ClamAV more verbose
> logging?
>
>
>
> With verbose logging for clamav on, we get lines like:
> ClamAV: scanned 1146936 bytes in whitelisted message - OK
>
> Would it be possible to add the name of the file being scanned?
> ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

Thomas Eckardt/eck
>1) Is verbose logging slowing things

The MainThread goes slower than more is logged

>1) and causing the daemon to be unreachable

No.

>1) is this happening with standard logging too and just not
>logged?

Yes.

>2) Is this normal? If not, what should I do to fix this?

This is normal. Every time the clamd reloads signatures or does the self
check (default 600 seconds) it becomes unavailable.
If you've configured to use more than one clamd, the next will be used.
If non of the configured clamd is available, you'll get the warning:
ClamAV Temporary Off :....

Thomas




Von:    K Post <[hidden email]>
An:     ASSP development mailing list <[hidden email]>
Datum:  02.10.2016 20:44
Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
logging?



Thanks for the reply.

Doesn't ASSP know what it's sending to the scanner though?  And it's ASSP
that writes to maillog, not ClamAV right?

Separately, I turned ClamAV logging to verbose just to see the logs, and
with this setting as such, I'm getting:
Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down
a couple of times an hour.

I see no issues with ClamAV, but always get worried about warnings. With
ClamAV logging set to standard, I don't get these warnings.  So the
questions for me become:
1) Is verbose logging slowing things and causing the daemon to be
unreachable or is this happening with standard logging too and just not
logged?
2) Is this normal? If not, what should I do to fix this?



On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt
<[hidden email]>
wrote:

> The scanning engine does not know where the content comes from
> (attachment, decompressed attachment, body check, text parts, mail
> analyzer, archive post processor ... . )
>
> So - no chance to have this information there.
>
> Thomas
>
>
>
> Von:    K Post <[hidden email]>
> An:     ASSP development mailing list <[hidden email]>
> Datum:  01.10.2016 22:02
> Betreff:        [Assp-test] Very minor request: ClamAV more verbose
> logging?
>
>
>
> With verbose logging for clamav on, we get lines like:
> ClamAV: scanned 1146936 bytes in whitelisted message - OK
>
> Would it be possible to add the name of the file being scanned?
> ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the

>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

K Post
Okay, I'm back to standard logging on ClamAV then....
Thanks

On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt <[hidden email]>
wrote:

> >1) Is verbose logging slowing things
>
> The MainThread goes slower than more is logged
>
> >1) and causing the daemon to be unreachable
>
> No.
>
> >1) is this happening with standard logging too and just not
> >logged?
>
> Yes.
>
> >2) Is this normal? If not, what should I do to fix this?
>
> This is normal. Every time the clamd reloads signatures or does the self
> check (default 600 seconds) it becomes unavailable.
> If you've configured to use more than one clamd, the next will be used.
> If non of the configured clamd is available, you'll get the warning:
> ClamAV Temporary Off :....
>
> Thomas
>
>
>
>
> Von:    K Post <[hidden email]>
> An:     ASSP development mailing list <[hidden email]>
> Datum:  02.10.2016 20:44
> Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
> logging?
>
>
>
> Thanks for the reply.
>
> Doesn't ASSP know what it's sending to the scanner though?  And it's ASSP
> that writes to maillog, not ClamAV right?
>
> Separately, I turned ClamAV logging to verbose just to see the logs, and
> with this setting as such, I'm getting:
> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down
> a couple of times an hour.
>
> I see no issues with ClamAV, but always get worried about warnings. With
> ClamAV logging set to standard, I don't get these warnings.  So the
> questions for me become:
> 1) Is verbose logging slowing things and causing the daemon to be
> unreachable or is this happening with standard logging too and just not
> logged?
> 2) Is this normal? If not, what should I do to fix this?
>
>
>
> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt
> <[hidden email]>
> wrote:
>
> > The scanning engine does not know where the content comes from
> > (attachment, decompressed attachment, body check, text parts, mail
> > analyzer, archive post processor ... . )
> >
> > So - no chance to have this information there.
> >
> > Thomas
> >
> >
> >
> > Von:    K Post <[hidden email]>
> > An:     ASSP development mailing list <[hidden email]>
> > Datum:  01.10.2016 22:02
> > Betreff:        [Assp-test] Very minor request: ClamAV more verbose
> > logging?
> >
> >
> >
> > With verbose logging for clamav on, we get lines like:
> > ClamAV: scanned 1146936 bytes in whitelisted message - OK
> >
> > Would it be possible to add the name of the file being scanned?
> > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK
> > ------------------------------------------------------------
> > ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Assp-test mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> > ------------------------------------------------------------
> > ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Assp-test mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

K Post
I was thinking more about this morning.  If ClamAV does go down, will
ClamAV standard logging from ASSP warning on this?  I definitely don't want
warnings when ClamAV is down for a second to reload, but if it stays down,
I'd hate to be unaware.

If it doesn't already do this, might ASSP be able to keep track of how long
ClamAV hasn't responded and after a threshold of say 2 minutes, then warn?
Just kind of thinking out loud here.

On Mon, Oct 3, 2016 at 10:13 AM, K Post <[hidden email]> wrote:

> Okay, I'm back to standard logging on ClamAV then....
> Thanks
>
> On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt <[hidden email]
> > wrote:
>
>> >1) Is verbose logging slowing things
>>
>> The MainThread goes slower than more is logged
>>
>> >1) and causing the daemon to be unreachable
>>
>> No.
>>
>> >1) is this happening with standard logging too and just not
>> >logged?
>>
>> Yes.
>>
>> >2) Is this normal? If not, what should I do to fix this?
>>
>> This is normal. Every time the clamd reloads signatures or does the self
>> check (default 600 seconds) it becomes unavailable.
>> If you've configured to use more than one clamd, the next will be used.
>> If non of the configured clamd is available, you'll get the warning:
>> ClamAV Temporary Off :....
>>
>> Thomas
>>
>>
>>
>>
>> Von:    K Post <[hidden email]>
>> An:     ASSP development mailing list <[hidden email]>
>> Datum:  02.10.2016 20:44
>> Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
>> logging?
>>
>>
>>
>> Thanks for the reply.
>>
>> Doesn't ASSP know what it's sending to the scanner though?  And it's ASSP
>> that writes to maillog, not ClamAV right?
>>
>> Separately, I turned ClamAV logging to verbose just to see the logs, and
>> with this setting as such, I'm getting:
>> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down
>> a couple of times an hour.
>>
>> I see no issues with ClamAV, but always get worried about warnings. With
>> ClamAV logging set to standard, I don't get these warnings.  So the
>> questions for me become:
>> 1) Is verbose logging slowing things and causing the daemon to be
>> unreachable or is this happening with standard logging too and just not
>> logged?
>> 2) Is this normal? If not, what should I do to fix this?
>>
>>
>>
>> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt
>> <[hidden email]>
>> wrote:
>>
>> > The scanning engine does not know where the content comes from
>> > (attachment, decompressed attachment, body check, text parts, mail
>> > analyzer, archive post processor ... . )
>> >
>> > So - no chance to have this information there.
>> >
>> > Thomas
>> >
>> >
>> >
>> > Von:    K Post <[hidden email]>
>> > An:     ASSP development mailing list <[hidden email]>
>> > Datum:  01.10.2016 22:02
>> > Betreff:        [Assp-test] Very minor request: ClamAV more verbose
>> > logging?
>> >
>> >
>> >
>> > With verbose logging for clamav on, we get lines like:
>> > ClamAV: scanned 1146936 bytes in whitelisted message - OK
>> >
>> > Would it be possible to add the name of the file being scanned?
>> > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf - OK
>> > ------------------------------------------------------------
>> > ------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> > _______________________________________________
>> > Assp-test mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>> >
>> >
>> >
>> > DISCLAIMER:
>> > *******************************************************
>> > This email and any files transmitted with it may be confidential,
>> legally
>> > privileged and protected in law and are intended solely for the use of
>> the
>> >
>> > individual to whom it is addressed.
>> > This email was multiple times scanned for viruses. There should be no
>> > known virus in this email!
>> > *******************************************************
>> >
>> >
>> > ------------------------------------------------------------
>> > ------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> > _______________________________________________
>> > Assp-test mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>> >
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Assp-test mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Assp-test mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

Thomas Eckardt/eck
If a call to clamav failes and the content was not scanned by any
instance, assp will log if scanlog is ON

ClamAV Temporary Off :.....

Thomas





Von:    K Post <[hidden email]>
An:     ASSP development mailing list <[hidden email]>
Datum:  04.10.2016 15:59
Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
logging?



I was thinking more about this morning.  If ClamAV does go down, will
ClamAV standard logging from ASSP warning on this?  I definitely don't
want
warnings when ClamAV is down for a second to reload, but if it stays down,
I'd hate to be unaware.

If it doesn't already do this, might ASSP be able to keep track of how
long
ClamAV hasn't responded and after a threshold of say 2 minutes, then warn?
Just kind of thinking out loud here.

On Mon, Oct 3, 2016 at 10:13 AM, K Post <[hidden email]> wrote:

> Okay, I'm back to standard logging on ClamAV then....
> Thanks
>
> On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt
<[hidden email]

> > wrote:
>
>> >1) Is verbose logging slowing things
>>
>> The MainThread goes slower than more is logged
>>
>> >1) and causing the daemon to be unreachable
>>
>> No.
>>
>> >1) is this happening with standard logging too and just not
>> >logged?
>>
>> Yes.
>>
>> >2) Is this normal? If not, what should I do to fix this?
>>
>> This is normal. Every time the clamd reloads signatures or does the
self

>> check (default 600 seconds) it becomes unavailable.
>> If you've configured to use more than one clamd, the next will be used.
>> If non of the configured clamd is available, you'll get the warning:
>> ClamAV Temporary Off :....
>>
>> Thomas
>>
>>
>>
>>
>> Von:    K Post <[hidden email]>
>> An:     ASSP development mailing list <[hidden email]>
>> Datum:  02.10.2016 20:44
>> Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
>> logging?
>>
>>
>>
>> Thanks for the reply.
>>
>> Doesn't ASSP know what it's sending to the scanner though?  And it's
ASSP
>> that writes to maillog, not ClamAV right?
>>
>> Separately, I turned ClamAV logging to verbose just to see the logs,
and
>> with this setting as such, I'm getting:
>> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down
>> a couple of times an hour.
>>
>> I see no issues with ClamAV, but always get worried about warnings.
With

>> ClamAV logging set to standard, I don't get these warnings.  So the
>> questions for me become:
>> 1) Is verbose logging slowing things and causing the daemon to be
>> unreachable or is this happening with standard logging too and just not
>> logged?
>> 2) Is this normal? If not, what should I do to fix this?
>>
>>
>>
>> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt
>> <[hidden email]>
>> wrote:
>>
>> > The scanning engine does not know where the content comes from
>> > (attachment, decompressed attachment, body check, text parts, mail
>> > analyzer, archive post processor ... . )
>> >
>> > So - no chance to have this information there.
>> >
>> > Thomas
>> >
>> >
>> >
>> > Von:    K Post <[hidden email]>
>> > An:     ASSP development mailing list
<[hidden email]>

>> > Datum:  01.10.2016 22:02
>> > Betreff:        [Assp-test] Very minor request: ClamAV more verbose
>> > logging?
>> >
>> >
>> >
>> > With verbose logging for clamav on, we get lines like:
>> > ClamAV: scanned 1146936 bytes in whitelisted message - OK
>> >
>> > Would it be possible to add the name of the file being scanned?
>> > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf -
OK

>> > ------------------------------------------------------------
>> > ------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> > _______________________________________________
>> > Assp-test mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>> >
>> >
>> >
>> > DISCLAIMER:
>> > *******************************************************
>> > This email and any files transmitted with it may be confidential,
>> legally
>> > privileged and protected in law and are intended solely for the use
of

>> the
>> >
>> > individual to whom it is addressed.
>> > This email was multiple times scanned for viruses. There should be no
>> > known virus in this email!
>> > *******************************************************
>> >
>> >
>> > ------------------------------------------------------------
>> > ------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> > _______________________________________________
>> > Assp-test mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>> >
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Assp-test mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
legally
>> privileged and protected in law and are intended solely for the use of
the

>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Assp-test mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Very minor request: ClamAV more verbose logging?

K Post
>ClamAV Temporary Off
Great.  Is that prefixed with WARNING or ERROR?  My error notify regex
looks for warning / error.  Can certainly modify if necessary.

On Tue, Oct 4, 2016 at 10:18 AM, Thomas Eckardt <[hidden email]>
wrote:

> If a call to clamav failes and the content was not scanned by any
> instance, assp will log if scanlog is ON
>
> ClamAV Temporary Off :.....
>
> Thomas
>
>
>
>
>
> Von:    K Post <[hidden email]>
> An:     ASSP development mailing list <[hidden email]>
> Datum:  04.10.2016 15:59
> Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
> logging?
>
>
>
> I was thinking more about this morning.  If ClamAV does go down, will
> ClamAV standard logging from ASSP warning on this?  I definitely don't
> want
> warnings when ClamAV is down for a second to reload, but if it stays down,
> I'd hate to be unaware.
>
> If it doesn't already do this, might ASSP be able to keep track of how
> long
> ClamAV hasn't responded and after a threshold of say 2 minutes, then warn?
> Just kind of thinking out loud here.
>
> On Mon, Oct 3, 2016 at 10:13 AM, K Post <[hidden email]> wrote:
>
> > Okay, I'm back to standard logging on ClamAV then....
> > Thanks
> >
> > On Mon, Oct 3, 2016 at 2:55 AM, Thomas Eckardt
> <[hidden email]
> > > wrote:
> >
> >> >1) Is verbose logging slowing things
> >>
> >> The MainThread goes slower than more is logged
> >>
> >> >1) and causing the daemon to be unreachable
> >>
> >> No.
> >>
> >> >1) is this happening with standard logging too and just not
> >> >logged?
> >>
> >> Yes.
> >>
> >> >2) Is this normal? If not, what should I do to fix this?
> >>
> >> This is normal. Every time the clamd reloads signatures or does the
> self
> >> check (default 600 seconds) it becomes unavailable.
> >> If you've configured to use more than one clamd, the next will be used.
> >> If non of the configured clamd is available, you'll get the warning:
> >> ClamAV Temporary Off :....
> >>
> >> Thomas
> >>
> >>
> >>
> >>
> >> Von:    K Post <[hidden email]>
> >> An:     ASSP development mailing list <[hidden email]>
> >> Datum:  02.10.2016 20:44
> >> Betreff:        Re: [Assp-test] Very minor request: ClamAV more verbose
> >> logging?
> >>
> >>
> >>
> >> Thanks for the reply.
> >>
> >> Doesn't ASSP know what it's sending to the scanner though?  And it's
> ASSP
> >> that writes to maillog, not ClamAV right?
> >>
> >> Separately, I turned ClamAV logging to verbose just to see the logs,
> and
> >> with this setting as such, I'm getting:
> >> Warning: the ClamAV daemon at 127.0.0.1:3310 seems to be down
> >> a couple of times an hour.
> >>
> >> I see no issues with ClamAV, but always get worried about warnings.
> With
> >> ClamAV logging set to standard, I don't get these warnings.  So the
> >> questions for me become:
> >> 1) Is verbose logging slowing things and causing the daemon to be
> >> unreachable or is this happening with standard logging too and just not
> >> logged?
> >> 2) Is this normal? If not, what should I do to fix this?
> >>
> >>
> >>
> >> On Sun, Oct 2, 2016 at 3:05 AM, Thomas Eckardt
> >> <[hidden email]>
> >> wrote:
> >>
> >> > The scanning engine does not know where the content comes from
> >> > (attachment, decompressed attachment, body check, text parts, mail
> >> > analyzer, archive post processor ... . )
> >> >
> >> > So - no chance to have this information there.
> >> >
> >> > Thomas
> >> >
> >> >
> >> >
> >> > Von:    K Post <[hidden email]>
> >> > An:     ASSP development mailing list
> <[hidden email]>
> >> > Datum:  01.10.2016 22:02
> >> > Betreff:        [Assp-test] Very minor request: ClamAV more verbose
> >> > logging?
> >> >
> >> >
> >> >
> >> > With verbose logging for clamav on, we get lines like:
> >> > ClamAV: scanned 1146936 bytes in whitelisted message - OK
> >> >
> >> > Would it be possible to add the name of the file being scanned?
> >> > ClamAV: scanned 1146936 bytes in whitelisted message - invoice.pdf -
> OK
> >> > ------------------------------------------------------------
> >> > ------------------
> >> > Check out the vibrant tech community on one of the world's most
> >> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >> > _______________________________________________
> >> > Assp-test mailing list
> >> > [hidden email]
> >> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >> >
> >> >
> >> >
> >> >
> >> > DISCLAIMER:
> >> > *******************************************************
> >> > This email and any files transmitted with it may be confidential,
> >> legally
> >> > privileged and protected in law and are intended solely for the use
> of
> >> the
> >> >
> >> > individual to whom it is addressed.
> >> > This email was multiple times scanned for viruses. There should be no
> >> > known virus in this email!
> >> > *******************************************************
> >> >
> >> >
> >> > ------------------------------------------------------------
> >> > ------------------
> >> > Check out the vibrant tech community on one of the world's most
> >> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >> > _______________________________________________
> >> > Assp-test mailing list
> >> > [hidden email]
> >> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >> >
> >> >
> >> ------------------------------------------------------------
> >> ------------------
> >> Check out the vibrant tech community on one of the world's most
> >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >> _______________________________________________
> >> Assp-test mailing list
> >> [hidden email]
> >> https://lists.sourceforge.net/lists/listinfo/assp-test
> >>
> >>
> >>
> >>
> >> DISCLAIMER:
> >> *******************************************************
> >> This email and any files transmitted with it may be confidential,
> legally
> >> privileged and protected in law and are intended solely for the use of
> the
> >>
> >> individual to whom it is addressed.
> >> This email was multiple times scanned for viruses. There should be no
> >> known virus in this email!
> >> *******************************************************
> >>
> >>
> >> ------------------------------------------------------------
> >> ------------------
> >> Check out the vibrant tech community on one of the world's most
> >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >> _______________________________________________
> >> Assp-test mailing list
> >> [hidden email]
> >> https://lists.sourceforge.net/lists/listinfo/assp-test
> >>
> >>
> >
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test