Package: logcheck-database Version: 1.3.18 The rule file /etc/logcheck/ignore.d.server/clamav-freshclam is missing the date and time information for the clamav version 0.100.2.
Example syslog entries for clamav which should be ignored but are actually
in the output:
Oct 25 06:26:35 myhostname freshclam[6614]: Thu Oct 25 06:26:35 2018 ->
Received signal: wake up
Oct 25 06:26:35 myhostname freshclam[6614]: Thu Oct 25 06:26:35 2018 ->
ClamAV update process started at Thu Oct 25 06:26:35 2018
Oct 25 06:26:35 myhostname freshclam[6614]: Thu Oct 25 06:26:35 2018 ->
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
Oct 25 06:26:35 myhostname freshclam[6614]: Thu Oct 25 06:26:35 2018 ->
daily.cld is up to date (version: 25067, sigs: 2133244, f-level: 63,
builder: neo)
Oct 25 06:26:35 myhostname freshclam[6614]: Thu Oct 25 06:26:35 2018 ->
bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder:
neo)
Original lines in /etc/logcheck/ignore.d.server/clamav-freshclam:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: ClamAV update
process started at .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Received signal:
(wake up|re-opening log file)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]:
(bytecode|daily|main)\.c(l|v)d (is up to date|updated) \(version: [0-9]+,
sigs: [0-9]+, f-level: [0-9]+, builder: \w+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Clamd successfully
notified about the update\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]:
--------------------------------------$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Database updated
\([0-9]+ signatures\) from .* \(IP: [0-9.]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading
daily-[0-9]+.cdiff \[100%\] ?$
Modified lines to correctly ignore these messages (the part between the
colon and the text is new):
<----------------- new part ------------------->
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> ClamAV update process started at .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> Received signal: (wake up|re-opening log
file)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> (bytecode|daily|main)\.c(l|v)d (is up to
date|updated) \(version: [0-9]+, sigs: [0-9]+, f-level: [0-9]+, builder:
\w+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> Clamd successfully notified about the
update\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> --------------------------------------$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> Database updated \([0-9]+ signatures\)
from .* \(IP: [0-9.]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: [ a-zA-Z]+
[0-3][0-9] [ :0-9]{8} [0-9]{4} -> Downloading daily-[0-9]+.cdiff \[100%\] ?$
I am using Debian 9.5 with kernel 4.9.0-8-amd64.
smime.p7s
Description: S/MIME cryptographic signature
