Nach dem Lauf von logrotate schreibt freshclam auf derzeit einem Server genau noch ein Mal in die Datei /var/log/clamav/freshclam.log. Danach herrscht Schweigen im Walde, obwohl ich in der /var/log/clamav/clamav.log, /var/log/syslog und auch im Journal sehe, dass freshclam sehr wohl weiterhin regelmäßig aufgerufen wird und seine Arbeit verrichtet. Hier mal einige der Logs. Logrotate
Code: Select all
root@mail:~# cat /var/log/clamav/freshclam.log
Sun Aug 20 01:00:01 2023 -> --------------------------------------
Sun Aug 20 01:00:01 2023 -> ClamAV update process started at Sun Aug 20 01:00:01 2023
Sun Aug 20 01:00:02 2023 -> daily.cld database is up-to-date (version: 27005, sigs: 2039951, f-level: 90, builder: raynman)
Sun Aug 20 01:00:02 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Sun Aug 20 01:00:02 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Sun Aug 20 01:00:10 2023 -> junk.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:11 2023 -> jurlbl.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:13 2023 -> phish.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:14 2023 -> rogue.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:15 2023 -> sanesecurity.ftm is up-to-date (version: custom database)
Sun Aug 20 01:00:16 2023 -> sigwhitelist.ign2 is up-to-date (version: custom database)
Sun Aug 20 01:00:18 2023 -> scam.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:19 2023 -> spamimg.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:20 2023 -> spamattach.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:21 2023 -> blurl.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:23 2023 -> foxhole_generic.cdb is up-to-date (version: custom database)
Sun Aug 20 01:00:24 2023 -> foxhole_filename.cdb is up-to-date (version: custom database)
Sun Aug 20 01:00:25 2023 -> malwarehash.hsb is up-to-date (version: custom database)
Sun Aug 20 01:00:26 2023 -> hackingteam.hsb is up-to-date (version: custom database)
Sun Aug 20 01:00:27 2023 -> winnow_malware.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:29 2023 -> winnow_malware_links.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:30 2023 -> winnow_extended_malware.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:31 2023 -> winnow.attachments.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:32 2023 -> winnow_bad_cw.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:33 2023 -> bofhland_cracked_URL.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:34 2023 -> bofhland_malware_URL.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:35 2023 -> bofhland_phishing_URL.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:37 2023 -> bofhland_malware_attach.hdb is up-to-date (version: custom database)
Sun Aug 20 01:00:38 2023 -> porcupine.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:39 2023 -> porcupine.hsb is up-to-date (version: custom database)
Sun Aug 20 01:00:40 2023 -> phishtank.ndb is up-to-date (version: custom database)
Sun Aug 20 01:00:40 2023 -> Testing database: '/var/lib/clamav/tmp.f10ec088cc/clamav-d568e3eccfe7e240311448b503d76d27.tmp-urlhaus.ndb' ...
Sun Aug 20 01:00:40 2023 -> Database test passed.
Sun Aug 20 01:00:40 2023 -> urlhaus.ndb updated (version: custom database, sigs: 4254)
Sun Aug 20 01:00:40 2023 -> Clamd successfully notified about the update.
root@mail:~#
Code: Select all
root@mail:~# cat /var/log/clamav/clamav.log
Sun Aug 20 00:00:43 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 00:00:56 2023 -> Database correctly reloaded (8812769 signatures)
Sun Aug 20 00:00:56 2023 -> Activating the newly loaded database...
Sun Aug 20 01:00:40 2023 -> SelfCheck: Database modification detected. Forcing reload.
Sun Aug 20 01:00:40 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 01:00:54 2023 -> Database correctly reloaded (8812733 signatures)
Sun Aug 20 01:00:54 2023 -> Activating the newly loaded database...
Sun Aug 20 01:01:13 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 01:01:26 2023 -> Database correctly reloaded (8812733 signatures)
Sun Aug 20 01:01:26 2023 -> Activating the newly loaded database...
Sun Aug 20 02:01:27 2023 -> SelfCheck: Database status OK.
Sun Aug 20 02:02:27 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 02:02:40 2023 -> Database correctly reloaded (8812717 signatures)
Sun Aug 20 02:02:40 2023 -> Activating the newly loaded database...
Sun Aug 20 03:03:05 2023 -> SelfCheck: Database modification detected. Forcing reload.
Sun Aug 20 03:03:05 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 03:03:18 2023 -> Database correctly reloaded (8812725 signatures)
Sun Aug 20 03:03:18 2023 -> Activating the newly loaded database...
Sun Aug 20 04:03:19 2023 -> SelfCheck: Database status OK.
Sun Aug 20 04:04:14 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 04:04:28 2023 -> Database correctly reloaded (8812716 signatures)
Sun Aug 20 04:04:28 2023 -> Activating the newly loaded database...
Sun Aug 20 05:04:29 2023 -> SelfCheck: Database modification detected. Forcing reload.
Sun Aug 20 05:04:29 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 05:04:42 2023 -> Database correctly reloaded (8812848 signatures)
Sun Aug 20 05:04:42 2023 -> Activating the newly loaded database...
Sun Aug 20 05:05:32 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 05:05:45 2023 -> Database correctly reloaded (8812761 signatures)
Sun Aug 20 05:05:45 2023 -> Activating the newly loaded database...
Sun Aug 20 06:05:46 2023 -> SelfCheck: Database status OK.
Sun Aug 20 06:06:35 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 06:06:48 2023 -> Database correctly reloaded (8812760 signatures)
Sun Aug 20 06:06:48 2023 -> Activating the newly loaded database...
Sun Aug 20 07:07:13 2023 -> SelfCheck: Database modification detected. Forcing reload.
Sun Aug 20 07:07:13 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 07:07:27 2023 -> Database correctly reloaded (8812787 signatures)
Sun Aug 20 07:07:27 2023 -> Activating the newly loaded database...
Sun Aug 20 08:07:28 2023 -> SelfCheck: Database status OK.
Sun Aug 20 08:08:37 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 08:08:51 2023 -> Database correctly reloaded (8812790 signatures)
Sun Aug 20 08:08:51 2023 -> Activating the newly loaded database...
Sun Aug 20 09:08:52 2023 -> SelfCheck: Database status OK.
Sun Aug 20 09:09:50 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 09:10:03 2023 -> Database correctly reloaded (8812811 signatures)
Sun Aug 20 09:10:03 2023 -> Activating the newly loaded database...
Sun Aug 20 10:10:04 2023 -> SelfCheck: Database modification detected. Forcing reload.
Sun Aug 20 10:10:04 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 10:10:17 2023 -> Database correctly reloaded (8812811 signatures)
Sun Aug 20 10:10:17 2023 -> Activating the newly loaded database...
Sun Aug 20 10:11:06 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 10:11:19 2023 -> Database correctly reloaded (8812816 signatures)
Sun Aug 20 10:11:19 2023 -> Activating the newly loaded database...
Sun Aug 20 11:11:20 2023 -> SelfCheck: Database status OK.
Sun Aug 20 11:12:18 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 11:12:31 2023 -> Database correctly reloaded (8812823 signatures)
Sun Aug 20 11:12:31 2023 -> Activating the newly loaded database...
Sun Aug 20 12:12:32 2023 -> SelfCheck: Database status OK.
Sun Aug 20 12:13:00 2023 -> Reading databases from /var/lib/clamav
Sun Aug 20 12:13:13 2023 -> Database correctly reloaded (8812798 signatures)
Sun Aug 20 12:13:13 2023 -> Activating the newly loaded database...
root@mail:~#
Code: Select all
Sat Aug 19 22:49:47 2023 -> Clamd successfully notified about the update.
Sat Aug 19 22:49:47 2023 -> --------------------------------------
Sat Aug 19 23:49:47 2023 -> Received signal: wake up
Sat Aug 19 23:49:47 2023 -> ClamAV update process started at Sat Aug 19 23:49:47 2023
Sat Aug 19 23:49:47 2023 -> daily.cld database is up-to-date (version: 27005, sigs: 2039951, f-level: 90, builder: raynman)
Sat Aug 19 23:49:47 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Sat Aug 19 23:49:47 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Sat Aug 19 23:49:52 2023 -> junk.ndb is up-to-date (version: custom database)
Sat Aug 19 23:49:53 2023 -> jurlbl.ndb is up-to-date (version: custom database)
Sat Aug 19 23:49:54 2023 -> phish.ndb is up-to-date (version: custom database)
Sat Aug 19 23:49:55 2023 -> rogue.hdb is up-to-date (version: custom database)
Sat Aug 19 23:49:56 2023 -> sanesecurity.ftm is up-to-date (version: custom database)
Sat Aug 19 23:49:57 2023 -> sigwhitelist.ign2 is up-to-date (version: custom database)
Sat Aug 19 23:49:59 2023 -> scam.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:00 2023 -> spamimg.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:01 2023 -> spamattach.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:02 2023 -> blurl.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:03 2023 -> foxhole_generic.cdb is up-to-date (version: custom database)
Sat Aug 19 23:50:04 2023 -> foxhole_filename.cdb is up-to-date (version: custom database)
Sat Aug 19 23:50:05 2023 -> malwarehash.hsb is up-to-date (version: custom database)
Sat Aug 19 23:50:07 2023 -> hackingteam.hsb is up-to-date (version: custom database)
Sat Aug 19 23:50:08 2023 -> winnow_malware.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:09 2023 -> winnow_malware_links.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:10 2023 -> winnow_extended_malware.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:11 2023 -> winnow.attachments.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:12 2023 -> winnow_bad_cw.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:13 2023 -> bofhland_cracked_URL.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:14 2023 -> bofhland_malware_URL.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:16 2023 -> bofhland_phishing_URL.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:17 2023 -> bofhland_malware_attach.hdb is up-to-date (version: custom database)
Sat Aug 19 23:50:18 2023 -> porcupine.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:19 2023 -> porcupine.hsb is up-to-date (version: custom database)
Sat Aug 19 23:50:20 2023 -> phishtank.ndb is up-to-date (version: custom database)
Sat Aug 19 23:50:21 2023 -> Testing database: '/var/lib/clamav/tmp.d8eeb5ec4e/clamav-f2486110b2c394e463b395059d29fc37.tmp-urlhaus.ndb' ...
Sat Aug 19 23:50:21 2023 -> Database test passed.
Sat Aug 19 23:50:21 2023 -> urlhaus.ndb updated (version: custom database, sigs: 4278)
Sat Aug 19 23:50:21 2023 -> Clamd successfully notified about the update.
Sat Aug 19 23:50:21 2023 -> --------------------------------------
Sun Aug 20 00:00:01 2023 -> Received signal: re-opening log file
root@mail:~#

 , sollte m.E. "clamav adm" sein, so ist es jedenfalls auf anderen Servern. Fragt sich nur noch, wieso logrotate hier die Gruppe nicht so gesetzt hat, wie es in /etc/logrotate.d/clamav-freshclam drinsteht.
 , sollte m.E. "clamav adm" sein, so ist es jedenfalls auf anderen Servern. Fragt sich nur noch, wieso logrotate hier die Gruppe nicht so gesetzt hat, wie es in /etc/logrotate.d/clamav-freshclam drinsteht. 
  
 . Ich starte die Kiste mal neu, ist ja schliesslich Windows
. Ich starte die Kiste mal neu, ist ja schliesslich Windows   
  

 . Oder wird die von Strato weitervermietet, wenn der Server gerade mal down ist? Ich gehe davon aus, dass diese IP zwingend fix sein muss, ob mit oder ohne DHCP. Zumindest bis nach 30 Tagen die Geld-zurück Garantie ausgelaufen ist, Bisher war sie es auch
. Oder wird die von Strato weitervermietet, wenn der Server gerade mal down ist? Ich gehe davon aus, dass diese IP zwingend fix sein muss, ob mit oder ohne DHCP. Zumindest bis nach 30 Tagen die Geld-zurück Garantie ausgelaufen ist, Bisher war sie es auch  