debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #04804
[Bug 2067608] Re: clamav-freshclam 1.0.5 and logwatch 7.7-1 fails to report
Hi, Friends,
I want to share my resolve way via gemini ai helps about this clamav report issue in logwatch.
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04.2 LTS
Release: 24.04
# apt-cache policy clamav-freshclam
clamav-freshclam:
Installed: 1.4.3+dfsg-0ubuntu0.24.04.1
Candidate: 1.4.3+dfsg-0ubuntu0.24.04.1
Version table:
*** 1.4.3+dfsg-0ubuntu0.24.04.1 500
500 https://free.nchc.org.tw/ubuntu noble-updates/main amd64 Packages
500 https://free.nchc.org.tw/ubuntu noble-security/main amd64 Packages
100 /var/lib/dpkg/status
1.0.5+dfsg-1.1ubuntu3 500
500 https://free.nchc.org.tw/ubuntu noble/main amd64 Packages
# apt-cache policy logwatch
logwatch:
Installed: 7.7-1ubuntu1
Candidate: 7.7-1ubuntu1
Version table:
*** 7.7-1ubuntu1 500
500 https://free.nchc.org.tw/ubuntu noble/main amd64 Packages
500 https://free.nchc.org.tw/ubuntu noble/main i386 Packages
100 /var/lib/dpkg/status
#######
I am lazy user until last week to just upgrade to my os to latest release.
And I am starting to fix many compatible detects until now, and this clamAV report is the one of headaches.
It is always report cannot detect any logs in default file (/var/log/clamav/freshclam.log) where has had working well before.
$ tail /var/log/clamav/freshclam.log
Fri Aug 1 09:03:31 2025 -> --------------------------------------
Fri Aug 1 09:03:31 2025 -> daily.cld database is up-to-date (version: 27718, sigs: 2076325, f-level: 90, builder: raynman)
Fri Aug 1 09:03:31 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Aug 1 09:03:31 2025 -> bytecode.cld database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)
BEFORE:
$ logwatch --detail high --range yesterday --service clam-update
$ logwatch --detail high --range today --service clam-update
$ logwatch --detail high --service clam-update
(nothing to show, although it is really there logs.)
AFTER:
After google gemini ai helps, I finally understand the perl script cannot identify now format of clamav log.
Perl language is too much advanced learning for me, and I use this customized script file instead.
$ sudo nano /etc/logwatch/conf/logfiles/clam-update.conf
LogFile = /var/log/clamav/freshclam.log
Archive = /var/log/clamav/freshclam.log.*
$ sudo nano /etc/logwatch/scripts/services/clam-update
#!/bin/sh
# 這個腳本只會處理從 logwatch 傳入的日誌內容
# 並篩選出最近 24 小時內的記錄
# 計算 24 小時前 Unix 時間戳
TIME_24_HOURS_AGO=$(date -d "24 hours ago" +%s)
echo "ClamAV Report (Last 24 Hours):"
echo "======================"
# 讀取 logwatch 傳入的所有日誌內容
LOG_INPUT=$(cat)
# 使用 awk 篩選出 24 小時內的日誌行
FILTERED_LOGS=$(echo "$LOG_INPUT" | awk -v time_ago="$TIME_24_HOURS_AGO" '{
# 檢查日誌行的格式是否正確
if (match($0, /^[A-Z][a-z]{2} +[A-Z][a-z]{2} +[ 0-9]+ [0-9]{2}:[0-9]{2}:[0-9]{2}/)) {
# 將日誌時間轉換為 Unix 時間戳
log_date = substr($0, RSTART, RLENGTH) " " strftime("%Y", systime())
cmd = "date -d \"" log_date "\" +%s 2>/dev/null"
cmd | getline log_timestamp
close(cmd)
# 如果日誌時間晚於 24 小時前,則印出
if (log_timestamp > time_ago) {
print $0
}
} else {
# 如果不是標準日誌行,可能是一行被截斷的日誌,也一併印出
print $0
}
}')
echo ""
echo "--- Warnings ---"
echo "$FILTERED_LOGS" | grep "WARNING:" | sed 's/^.*freshclam\[[0-9]*\]: //g'
echo ""
echo "--- Errors ---"
echo "$FILTERED_LOGS" | grep "ERROR:" | sed 's/^.*freshclam\[[0-9]*\]: //g'
echo ""
echo "--- Updates ---"
echo "$FILTERED_LOGS" | grep "ClamAV update process started" | sed 's/^.*freshclam\[[0-9]*\]: //g'
echo "$FILTERED_LOGS" | grep "database is up-to-date" | sed 's/^.*freshclam\[[0-9]*\]: //g'
$ sudo chmod +x /etc/logwatch/scripts/services/clam-update
$ logwatch --detail high --service clam-update
################### Logwatch 7.7 (07/22/22) ####################
Processing Initiated: Fri Aug 1 11:00:24 2025
Date Range Processed: yesterday
( 2025-Jul-31 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: stdout / text
Logfiles for Host: linux.jir.idv.tw
##################################################################
--------------------- clam-update Begin ------------------------
ClamAV Report (Last 24 Hours):
======================
--- Warnings ---
--- Errors ---
--- Updates ---
Thu Jul 31 11:30:13 2025 -> daily.cld database is up-to-date (version: 27717, sigs: 2078182, f-level: 90, builder: nrando>
Thu Jul 31 11:30:13 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Jul 31 11:30:13 2025 -> bytecode.cld database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)
...
Fri Aug 1 09:03:31 2025 -> daily.cld database is up-to-date (version: 27718, sigs: 2076325, f-level: 90, builder: raynma>
Fri Aug 1 09:03:31 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Aug 1 09:03:31 2025 -> bytecode.cld database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)
---------------------- clam-update End -------------------------
###################### Logwatch End #########################
After create this customized file and setting, I finally can get the correct log report to output at least.
However, this way is not able to use parameter "--range" anymore, but also the default set up in this customized file is shown off the within 24 hours of data for reference.
I do not know this is good resolve way or not, but this procedure is my limited knowledge with ai advise to read the moment of status records.
If future can be better or upgrade the maintaining version of logwatch in Ubuntu, please tell me to run new installation.
Thanks tanking time to read my description.
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to logwatch in Ubuntu.
https://bugs.launchpad.net/bugs/2067608
Title:
clamav-freshclam 1.0.5 and logwatch 7.7-1 fails to report
Status in clamav package in Ubuntu:
Triaged
Status in logwatch package in Ubuntu:
Confirmed
Status in clamav source package in Noble:
Confirmed
Status in logwatch source package in Noble:
Confirmed
Status in clamav source package in Oracular:
Won't Fix
Status in logwatch source package in Oracular:
Won't Fix
Status in clamav source package in Plucky:
Confirmed
Status in logwatch source package in Plucky:
Confirmed
Status in clamav source package in Questing:
Triaged
Status in logwatch source package in Questing:
Confirmed
Bug description:
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
$ apt-cache policy clamav-freshclam
clamav-freshclam:
Installed: 1.0.5+dfsg-1.1ubuntu3
Candidate: 1.0.5+dfsg-1.1ubuntu3
Version table:
*** 1.0.5+dfsg-1.1ubuntu3 500
500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
$ apt-cache policy logwatch
logwatch:
Installed: 7.7-1ubuntu1
Candidate: 7.7-1ubuntu1
Version table:
*** 7.7-1ubuntu1 500
500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu noble/main i386 Packages
100 /var/lib/dpkg/status
Expect that daily logwatch emails properly show clamav update
information.
I believe that this problem started around the time clamav went to
version 1.0.x.
Excerpt from daily logwatch email report...
--------------------- clam-update Begin ------------------------
No updates detected in the log for the freshclam daemon (the
ClamAV update process). If the freshclam daemon is not running,
you may need to restart it. Other options:
A. If you no longer wish to run freshclam, deleting the log file
(configured is /var/log/clamav/freshclam.log ) will suppress this error message.
B. If you use a different log file, update the appropriate
configuration file. For example:
echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
where log_file is the filename of the freshclam log file.
C. If you are logging using syslog, you need to indicate that your
log file uses the syslog format. For example:
echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf
---------------------- clam-update End -------------------------
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: clamav-freshclam 1.0.5+dfsg-1.1ubuntu3
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu May 30 05:54:37 2024
InstallationDate: Installed on 2021-09-25 (978 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: clamav
UpgradeStatus: Upgraded to noble on 2024-05-25 (5 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2067608/+subscriptions