1 Topic by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Topic: freshclam running, but getting daily email report that is is not. Why

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.1 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? Downloaded
- Linux/BSD distribution name and version: Ubuntu 24.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MARIADB
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
--------------------- clam-update Begin ------------------------


No updates detected in the log for the freshclam daemon (the
ClamAV update process).  If the freshclam daemon is not running,
you may need to restart it.  Other options:

A. If you no longer wish to run freshclam, deleting the log file
    (configured is /var/log/clamav/freshclam.log ) will suppress this error message.

B. If you use a different log file, update the appropriate
    configuration file.  For example:
       echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
    where log_file is the filename of the freshclam log file.

C. If you are logging using syslog, you need to indicate that your
    log file uses the syslog format.  For example:
       echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
       echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf

---------------------- clam-update End -------------------------
Freshclam is working:

# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; enabled;>
     Active: active (running) since Sat 2024-11-02 07:09:55 UTC; 1 week 1 day a>
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://docs.clamav.net/
   Main PID: 81121 (freshclam)
      Tasks: 1 (limit: 18824)
     Memory: 206.9M (peak: 1.3G)
        CPU: 28.391s
     CGroup: /system.slice/clamav-freshclam.service
             └─81121 /usr/bin/freshclam -d --foreground=true

Nov 10 20:00:06 box freshclam[81121]: Received signal: wake up
Nov 10 20:00:06 box freshclam[81121]: ClamAV update process started at Sun Nov >
Nov 10 20:00:06 box freshclam[81121]: Sun Nov 10 20:00:06 2024 -> daily.cld dat>
Nov 10 20:00:06 box freshclam[81121]: Sun Nov 10 20:00:06 2024 -> main.cvd data>
Nov 10 20:00:06 box freshclam[81121]: Sun Nov 10 20:00:06 2024 -> bytecode.cvd >


And the logfile is active:

/var/log/clamav# ll
total 36
drwxr-xr-x  2 clamav clamav 4096 Nov 10 00:00 ./
drwxrwxr-x 20 root   syslog 4096 Nov 10 00:00 ../
-rw-r-----  1 clamav adm    1215 Nov 10 19:37 clamav.log
-rw-r-----  1 clamav adm    9926 Nov 10 00:00 clamav.log.1
-rw-r-----  1 clamav clamav  878 Nov  3 00:00 clamav.log.2.gz
-rw-r-----  1 clamav adm     430 Nov 10 21:00 freshclam.log
-rw-r-----  1 clamav adm       0 Nov  3 00:00 freshclam.log.1
-rw-r-----  1 clamav clamav 3516 Nov  9 23:00 freshclam.log.2.gz

Why am I getting a daily email saying it is not working?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by coped1961

  • coped1961
  • Member
  • Offline
  • Registered: 2024-11-13
  • Posts: 1

Re: freshclam running, but getting daily email report that is is not. Why

Try restarting the freshclam service. Maybe it will help.

3 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Re: freshclam running, but getting daily email report that is is not. Why

I have already tired that.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,356

Re: freshclam running, but getting daily email report that is is not. Why

Seems it's just a logwatch warning, not really the freshclam / clamav issue.

5 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Re: freshclam running, but getting daily email report that is is not. Why

Hi,
According to the message I did A,
Tried deleting the log file, that did not work.

B.
B. If you use a different log file, update the appropriate
    configuration file.  For example:
       echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
    where log_file is the filename of the freshclam log file.

Did this with echo "LogFile = freshclam.log" >> /etc/logwatch/conf/logfiles/clam-update.conf

And it fixed my issue after doing.  Deleting the log file in itself did nothing.  But doing item B seems to fix it.  The message is absent when I did item B.

6 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Re: freshclam running, but getting daily email report that is is not. Why

The message went away for a few days but came back.  It is still showing the logwatch message.  Where can I get support for the logwatch component?  What is their webpage or github?  If they have one?

7 Reply by ByteJuggler (edited by ByteJuggler 2025-01-27 02:18:44)

  • ByteJuggler
  • Member
  • Offline
  • Registered: 2020-06-03
  • Posts: 2

Re: freshclam running, but getting daily email report that is is not. Why

Make sure you put the right log file location when doing B.  For example I executed exactly the following:

echo "LogFile = /var/log/clamav/freshclam.log" >> /etc/logwatch/conf/logfiles/clam-update.conf

Then checked the file `/etc/logwatch/conf/logfiles/clam-update.conf` to check the line was appended. 

This command ensures the specified `LogFile` points to the file being checked by the logwatch monitor, as noted in the email.  So `freshclam` runs, it will log in the place that will be looked at by logwatch.

Next, run the command `freshclam` manually, which should output something like:

```
ClamAV update process started at Sun Jan 26 18:09:18 2025
Sun Jan 26 18:09:18 2025 -> daily.cld database is up-to-date (version: 27530, sigs: 2072292, f-level: 90, builder: raynman)
Sun Jan 26 18:09:18 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Sun Jan 26 18:09:18 2025 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)
```

Now, if you also check the logfile, you should see the same entries, for example execute:

tail /var/log/clamav/freshclam.log

This should output the last entries in the log file, which demonstrates that `freshclam` ran and updated the definitions as expected. 

In theory this should resolve your issue.  (My current version 1.7.1 PGSQL edition running on Ubuntu 24.04.1 LTS, and I had the same issue as you.)

8 Reply by Vortex (edited by Vortex 2025-04-20 09:48:52)

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 66

Re: freshclam running, but getting daily email report that is is not. Why

Thx ByteJuggler, this worked for me.

Make sure you put the right log file location when doing B.  For example I executed exactly the following:

echo "LogFile = /var/log/clamav/freshclam.log" >> /etc/logwatch/conf/logfiles/clam-update.conf

Then checked the file `/etc/logwatch/conf/logfiles/clam-update.conf` to check the line was appended.