1 Topic by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Topic: freshclam running, but getting daily email report that is is not. Why

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.1 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? Downloaded
- Linux/BSD distribution name and version: Ubuntu 24.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MARIADB
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
--------------------- clam-update Begin ------------------------


No updates detected in the log for the freshclam daemon (the
ClamAV update process).  If the freshclam daemon is not running,
you may need to restart it.  Other options:

A. If you no longer wish to run freshclam, deleting the log file
    (configured is /var/log/clamav/freshclam.log ) will suppress this error message.

B. If you use a different log file, update the appropriate
    configuration file.  For example:
       echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
    where log_file is the filename of the freshclam log file.

C. If you are logging using syslog, you need to indicate that your
    log file uses the syslog format.  For example:
       echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
       echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf

---------------------- clam-update End -------------------------
Freshclam is working:

# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; enabled;>
     Active: active (running) since Sat 2024-11-02 07:09:55 UTC; 1 week 1 day a>
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://docs.clamav.net/
   Main PID: 81121 (freshclam)
      Tasks: 1 (limit: 18824)
     Memory: 206.9M (peak: 1.3G)
        CPU: 28.391s
     CGroup: /system.slice/clamav-freshclam.service
             └─81121 /usr/bin/freshclam -d --foreground=true

Nov 10 20:00:06 box freshclam[81121]: Received signal: wake up
Nov 10 20:00:06 box freshclam[81121]: ClamAV update process started at Sun Nov >
Nov 10 20:00:06 box freshclam[81121]: Sun Nov 10 20:00:06 2024 -> daily.cld dat>
Nov 10 20:00:06 box freshclam[81121]: Sun Nov 10 20:00:06 2024 -> main.cvd data>
Nov 10 20:00:06 box freshclam[81121]: Sun Nov 10 20:00:06 2024 -> bytecode.cvd >


And the logfile is active:

/var/log/clamav# ll
total 36
drwxr-xr-x  2 clamav clamav 4096 Nov 10 00:00 ./
drwxrwxr-x 20 root   syslog 4096 Nov 10 00:00 ../
-rw-r-----  1 clamav adm    1215 Nov 10 19:37 clamav.log
-rw-r-----  1 clamav adm    9926 Nov 10 00:00 clamav.log.1
-rw-r-----  1 clamav clamav  878 Nov  3 00:00 clamav.log.2.gz
-rw-r-----  1 clamav adm     430 Nov 10 21:00 freshclam.log
-rw-r-----  1 clamav adm       0 Nov  3 00:00 freshclam.log.1
-rw-r-----  1 clamav clamav 3516 Nov  9 23:00 freshclam.log.2.gz

Why am I getting a daily email saying it is not working?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by coped1961

  • coped1961
  • Member
  • Offline
  • Registered: 2024-11-13
  • Posts: 1

Re: freshclam running, but getting daily email report that is is not. Why

Try restarting the freshclam service. Maybe it will help.

3 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Re: freshclam running, but getting daily email report that is is not. Why

I have already tired that.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,197

Re: freshclam running, but getting daily email report that is is not. Why

Seems it's just a logwatch warning, not really the freshclam / clamav issue.

5 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Re: freshclam running, but getting daily email report that is is not. Why

Hi,
According to the message I did A,
Tried deleting the log file, that did not work.

B.
B. If you use a different log file, update the appropriate
    configuration file.  For example:
       echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
    where log_file is the filename of the freshclam log file.

Did this with echo "LogFile = freshclam.log" >> /etc/logwatch/conf/logfiles/clam-update.conf

And it fixed my issue after doing.  Deleting the log file in itself did nothing.  But doing item B seems to fix it.  The message is absent when I did item B.

6 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 16

Re: freshclam running, but getting daily email report that is is not. Why

The message went away for a few days but came back.  It is still showing the logwatch message.  Where can I get support for the logwatch component?  What is their webpage or github?  If they have one?

7 Reply by ByteJuggler (edited by ByteJuggler 2025-01-27 02:18:44)

  • ByteJuggler
  • Member
  • Offline
  • Registered: 2020-06-03
  • Posts: 2

Re: freshclam running, but getting daily email report that is is not. Why

Make sure you put the right log file location when doing B.  For example I executed exactly the following:

echo "LogFile = /var/log/clamav/freshclam.log" >> /etc/logwatch/conf/logfiles/clam-update.conf

Then checked the file `/etc/logwatch/conf/logfiles/clam-update.conf` to check the line was appended. 

This command ensures the specified `LogFile` points to the file being checked by the logwatch monitor, as noted in the email.  So `freshclam` runs, it will log in the place that will be looked at by logwatch.

Next, run the command `freshclam` manually, which should output something like:

```
ClamAV update process started at Sun Jan 26 18:09:18 2025
Sun Jan 26 18:09:18 2025 -> daily.cld database is up-to-date (version: 27530, sigs: 2072292, f-level: 90, builder: raynman)
Sun Jan 26 18:09:18 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Sun Jan 26 18:09:18 2025 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)
```

Now, if you also check the logfile, you should see the same entries, for example execute:

tail /var/log/clamav/freshclam.log

This should output the last entries in the log file, which demonstrates that `freshclam` ran and updated the definitions as expected. 

In theory this should resolve your issue.  (My current version 1.7.1 PGSQL edition running on Ubuntu 24.04.1 LTS, and I had the same issue as you.)