Have been banging my head on this for a while now. Logwatch kept reporting in his daily summary something along the lines of what below:
——————— clam-update Begin ————————
No updates detected in the log for the freshclam daemon (the
ClamAV update process). If the freshclam daemon is not running,
you may need to restart it. Other options:
A. If you no longer wish to run freshclam, deleting the log file
(default is freshclam.log) will suppress this error message.
B. If you use a different log file, update the appropriate
configuration file. For example:
echo “LogFile = log_file” >> /etc/logwatch/conf/logfiles/clam-update.conf
where log_file is the filename of the freshclam log file.
C. If you are logging using syslog, you need to indicate that your
log file uses the syslog format. For example:
echo “*OnlyService = freshclam” >> /etc/logwatch/conf/logfiles/clam-update.conf
echo “*RemoveHeaders” >> /etc/logwatch/conf/logfiles/clam-update.conf
———————- clam-update End ————————-
suggesting that either clam-update was not running or the log file location was misconfigured.
Checked all that a number of times, made sure the permissions were correct, no difference.
Finally I realized that there is an error in the date detection of the freshclam related script which comes with Logwatch 7.3.6, and the solution comes down to editing the file:
and at around line 89 (this on CentOS 6.5) replace:
$ThisLine =~ s/ $//;
$ThisLine = substr($ThisLine, 28);