Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Clamd virus detection logging and notification
clamav-users at lists
Nov 27, 2020, 6:26 PM
Post #1 of 2 (175 views)
Permalink
Hello,

When the clamd daemon is running and automatically detects a virus - does it send to a specific log file or does this log file location need to be enabled or specified in the scan.conf?

Also, is there any notification process when a virus is automatically detected by the clamd daemon as opposed to the on demand \ one time scanning, by running the clamscan command line option?

I don't see anything specific to this in the documentation.

Thanks,

Will
Re: [clamav-users] Clamd virus detection logging and notification [ In reply to ]
clamav-users at lists
Nov 28, 2020, 4:54 AM
Post #2 of 2 (174 views)
Permalink
Hi there,

On Sat, 28 Nov 2020, Will Watters via clamav-users wrote:

> When the clamd daemon is running and automatically detects a virus -

Nothing is "automatically detected". The daemon will scan something
when you tell it to. How you do that is up to you. Read the manual
about 'clamdscan' for example. Note that the utilities 'clamdscan'
and 'clamscan' behave very differently. If you simply start clamd but
then don't send anything to it for it to scan, all it does is use up a
very small quantity of CPU cycles and a very large quantity of memory.

> does it send to a specific log file or does this log file location
> need to be enabled or specified in the scan.conf?

If you have a file called 'scan.conf' provided with ClamAV, then you
are using ClamAV from a package which was produced by an organization
other than Cisco/Sourcefire/Talos. For more information you need to
read the documentation provided by your package maintainer. ClamAV
offers some flexibility in logging and reporting, and very likely the
maintainer of the packaged version for your operating system has done
things with logging so that you don't have to. If you read the file
'clamd.conf' in the upstream version of ClamAV - which you can get by
visiting the download page on the clamav.net Website, downloading any
of the archives of the latest version and extracting that into some
temporary directory on your computer - then you will see a very few
lines about logging fairly early on in that file which you should be
able to match up with similar lines in your 'scan.conf' to give you an
idea of what you need to do.

> ... is there any notification process when a virus is automatically
> detected by the clamd daemon as opposed to the on demand \ one time
> scanning, by running the clamscan command line option?
>
> I don't see anything specific to this in the documentation.

You don't see that in the documentation because it doesn't do what you
seem to have deduced that it does on the basis of wishful thinking.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal