This page shows the log files of the antivirus daemon clamav and the virii signature updater freshclam.
For this page, the information appearing in the Log: section of the window consists of:
The Time the event has happened.
The data that the services write to the logfile.
Clamav itself normally does not have to log really much, since the services that make use of clamav log to their logfiles themselves if they find a virus. This logfile is useful to see information about clamav signature updates.
As you can see below the lines show when the update process started and what was done. On Endian Firewall ClamAV automatically updates each full hour, therefore you will see these lines appear every hour. The last two lines show the currently installed signature base version and how many virus signatures they contain.
May 16 08:01:00 freshclam[27206]: Daemon started. May 16 08:01:00 freshclam[27206]: ClamAV update process started at Tue May 16 08:01:00 2006 May 16 08:01:00 freshclam[27206]: main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm) May 16 08:01:00 freshclam[27206]: daily.cvd is up to date (version: 1463, sigs: 4343, f-level: 8, builder: ccordes)
If new signatures are ready to install they will be automatically downloaded, installed and then the ClamAV daemon will automatically reload its signature database. You will find such a log like the one below if this happens:
May 15 13:01:00 freshclam[12157]: Daemon started. May 15 13:01:00 freshclam[12157]: ClamAV update process started at Tue May 15 13:01:00 2006 May 15 13:01:00 freshclam[12157]: main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm) May 15 13:01:08 freshclam[12157]: daily.cvd updated (version: 1463, sigs: 4343, f-level: 8, builder: ccordes) May 15 13:01:08 freshclam[12157]: Database updated (55549 signatures) from db.local.clamav.net (IP: 213.92.8.5) May 15 13:01:08 clamd[27017]: SelfCheck: Database modification detected. Forcing reload. May 15 13:01:08 clamd[27017]: Reading databases from /usr/share/clamav May 15 13:01:08 freshclam[12157]: Clamd successfully notified about the update. May 15 13:01:08 clamd[27017]: Database correctly reloaded (55549 viruses)
As the log lines show you, after the download of the new signaturefile daily.cvd, the update daemon freshclam notifies the antivirus daemon clamd about the modification who immediatly reloads all its virus signatures.
Note
Each line shows you process information after the timestamp. This is the name of the process and the Process ID in square brackets.