← Back to team overview

debcrafters-packages team mailing list archive

[Bug 2067608] Re: clamav-freshclam 1.0.5 and logwatch 7.7-1 fails to report

 

Hi, Friends,
I want to share my resolve way via gemini ai helps about this clamav report issue in logwatch.


# lsb_release -rd
No LSB modules are available.
Description:	Ubuntu 24.04.2 LTS
Release:	24.04

# apt-cache policy clamav-freshclam
clamav-freshclam:
  Installed: 1.4.3+dfsg-0ubuntu0.24.04.1
  Candidate: 1.4.3+dfsg-0ubuntu0.24.04.1
  Version table:
 *** 1.4.3+dfsg-0ubuntu0.24.04.1 500
        500 https://free.nchc.org.tw/ubuntu noble-updates/main amd64 Packages
        500 https://free.nchc.org.tw/ubuntu noble-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.5+dfsg-1.1ubuntu3 500
        500 https://free.nchc.org.tw/ubuntu noble/main amd64 Packages

# apt-cache policy logwatch
logwatch:
  Installed: 7.7-1ubuntu1
  Candidate: 7.7-1ubuntu1
  Version table:
 *** 7.7-1ubuntu1 500
        500 https://free.nchc.org.tw/ubuntu noble/main amd64 Packages
        500 https://free.nchc.org.tw/ubuntu noble/main i386 Packages
        100 /var/lib/dpkg/status


#######

I am lazy user until last week to just upgrade to my os to latest release.
And I am starting to fix many compatible detects until now, and this clamAV report is the one of headaches.
It is always report cannot detect any logs in default file (/var/log/clamav/freshclam.log) where has had working well before.

$ tail /var/log/clamav/freshclam.log
Fri Aug  1 09:03:31 2025 -> --------------------------------------
Fri Aug  1 09:03:31 2025 -> daily.cld database is up-to-date (version: 27718, sigs: 2076325, f-level: 90, builder: raynman)
Fri Aug  1 09:03:31 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Aug  1 09:03:31 2025 -> bytecode.cld database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)

BEFORE:
$ logwatch --detail high --range yesterday --service clam-update
$ logwatch --detail high --range today --service clam-update
$ logwatch --detail high --service clam-update
(nothing to show, although it is really there logs.)


AFTER:
After google gemini ai helps, I finally understand the perl script cannot identify now format of clamav log.
Perl language is too much advanced learning for me, and I use this customized script file instead.

$ sudo nano /etc/logwatch/conf/logfiles/clam-update.conf                                     
LogFile = /var/log/clamav/freshclam.log
Archive = /var/log/clamav/freshclam.log.*

$ sudo nano /etc/logwatch/scripts/services/clam-update
#!/bin/sh

# 這個腳本只會處理從 logwatch 傳入的日誌內容
# 並篩選出最近 24 小時內的記錄

# 計算 24 小時前 Unix 時間戳
TIME_24_HOURS_AGO=$(date -d "24 hours ago" +%s)

echo "ClamAV Report (Last 24 Hours):"
echo "======================"

# 讀取 logwatch 傳入的所有日誌內容
LOG_INPUT=$(cat)

# 使用 awk 篩選出 24 小時內的日誌行
FILTERED_LOGS=$(echo "$LOG_INPUT" | awk -v time_ago="$TIME_24_HOURS_AGO" '{
    # 檢查日誌行的格式是否正確
    if (match($0, /^[A-Z][a-z]{2} +[A-Z][a-z]{2} +[ 0-9]+ [0-9]{2}:[0-9]{2}:[0-9]{2}/)) {
        # 將日誌時間轉換為 Unix 時間戳
        log_date = substr($0, RSTART, RLENGTH) " " strftime("%Y", systime())
        cmd = "date -d \"" log_date "\" +%s 2>/dev/null"
        cmd | getline log_timestamp
        close(cmd)

        # 如果日誌時間晚於 24 小時前,則印出
        if (log_timestamp > time_ago) {
            print $0
        }
    } else {
        # 如果不是標準日誌行,可能是一行被截斷的日誌,也一併印出
        print $0
    }
}')

echo ""
echo "--- Warnings ---"
echo "$FILTERED_LOGS" | grep "WARNING:" | sed 's/^.*freshclam\[[0-9]*\]: //g'

echo ""
echo "--- Errors ---"
echo "$FILTERED_LOGS" | grep "ERROR:" | sed 's/^.*freshclam\[[0-9]*\]: //g'

echo ""
echo "--- Updates ---"
echo "$FILTERED_LOGS" | grep "ClamAV update process started" | sed 's/^.*freshclam\[[0-9]*\]: //g'
echo "$FILTERED_LOGS" | grep "database is up-to-date" | sed 's/^.*freshclam\[[0-9]*\]: //g'

$ sudo chmod +x /etc/logwatch/scripts/services/clam-update
$ logwatch --detail high --service clam-update
################### Logwatch 7.7 (07/22/22) #################### 
        Processing Initiated: Fri Aug  1 11:00:24 2025
        Date Range Processed: yesterday
                              ( 2025-Jul-31 )
                              Period is day.
        Detail Level of Output: 10
        Type of Output/Format: stdout / text
        Logfiles for Host: linux.jir.idv.tw
 ################################################################## 

 --------------------- clam-update Begin ------------------------

 ClamAV Report (Last 24 Hours):
 ======================

 --- Warnings ---

 --- Errors ---

 --- Updates ---
 Thu Jul 31 11:30:13 2025 -> daily.cld database is up-to-date (version: 27717, sigs: 2078182, f-level: 90, builder: nrando>
 Thu Jul 31 11:30:13 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
 Thu Jul 31 11:30:13 2025 -> bytecode.cld database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)
...
 Fri Aug  1 09:03:31 2025 -> daily.cld database is up-to-date (version: 27718, sigs: 2076325, f-level: 90, builder: raynma>
 Fri Aug  1 09:03:31 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
 Fri Aug  1 09:03:31 2025 -> bytecode.cld database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)

 ---------------------- clam-update End -------------------------


 ###################### Logwatch End ######################### 


After create this customized file and setting, I finally can get the correct log report to output at least.
However, this way is not able to use parameter "--range" anymore, but also the default set up in this customized file is shown off the within 24 hours of data for reference.
I do not know this is good resolve way or not, but this procedure is my limited knowledge with ai advise to read the moment of status records.
If future can be better or upgrade the maintaining version of logwatch in Ubuntu, please tell me to run new installation.
Thanks tanking time to read my description.

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to logwatch in Ubuntu.
https://bugs.launchpad.net/bugs/2067608

Title:
  clamav-freshclam 1.0.5 and logwatch 7.7-1 fails to report

Status in clamav package in Ubuntu:
  Triaged
Status in logwatch package in Ubuntu:
  Confirmed
Status in clamav source package in Noble:
  Confirmed
Status in logwatch source package in Noble:
  Confirmed
Status in clamav source package in Oracular:
  Won't Fix
Status in logwatch source package in Oracular:
  Won't Fix
Status in clamav source package in Plucky:
  Confirmed
Status in logwatch source package in Plucky:
  Confirmed
Status in clamav source package in Questing:
  Triaged
Status in logwatch source package in Questing:
  Confirmed

Bug description:
  $ lsb_release -rd
  No LSB modules are available.
  Description:	Ubuntu 24.04 LTS
  Release:	24.04

  $ apt-cache policy clamav-freshclam
  clamav-freshclam:
    Installed: 1.0.5+dfsg-1.1ubuntu3
    Candidate: 1.0.5+dfsg-1.1ubuntu3
    Version table:
   *** 1.0.5+dfsg-1.1ubuntu3 500
          500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
          100 /var/lib/dpkg/status

  $ apt-cache policy logwatch
  logwatch:
    Installed: 7.7-1ubuntu1
    Candidate: 7.7-1ubuntu1
    Version table:
   *** 7.7-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
          500 http://us.archive.ubuntu.com/ubuntu noble/main i386 Packages
          100 /var/lib/dpkg/status

  Expect that daily logwatch emails properly show clamav update
  information.

  I believe that this problem started around the time clamav went to
  version 1.0.x.

  Excerpt from daily logwatch email report...

   --------------------- clam-update Begin ------------------------

   No updates detected in the log for the freshclam daemon (the
   ClamAV update process).  If the freshclam daemon is not running,
   you may need to restart it.  Other options:
   
   A. If you no longer wish to run freshclam, deleting the log file
      (configured is /var/log/clamav/freshclam.log ) will suppress this error message.
   
   B. If you use a different log file, update the appropriate
      configuration file.  For example:
         echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
      where log_file is the filename of the freshclam log file.
   
   C. If you are logging using syslog, you need to indicate that your
      log file uses the syslog format.  For example:
         echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
         echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf
   
   ---------------------- clam-update End -------------------------

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: clamav-freshclam 1.0.5+dfsg-1.1ubuntu3
  ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
  Uname: Linux 6.8.0-31-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.28.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu May 30 05:54:37 2024
  InstallationDate: Installed on 2021-09-25 (978 days ago)
  InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: clamav
  UpgradeStatus: Upgraded to noble on 2024-05-25 (5 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2067608/+subscriptions