[clamav-users] No filenames listed by clamscan.

mcmurchy1917-clamav at yahoo.co.uk mcmurchy1917-clamav at yahoo.co.uk
Tue Mar 4 09:13:56 UTC 2014 

Ignore the asterisks in my previous note they just encapsulate the highlighted parts of the note.

Alex


On Tuesday 04 Mar 2014 09:08:15 mcmurchy1917-clamav at yahoo.co.uk wrote:
> I too see these messages on the the console and have found no way of identifying the files by using any of the clamav flags.
> 
> This is what I would do 
> 
> *sudo /usr/bin/clamscan -r / > /tmp/clamav.log 2>&1*
> 
> The file */tmp/clamav.libreoffice.log *will contain details of ALL files irrespective of whether they are OK or not, the file will also contain those messages seen on the console. It will be a large file containing at least one line per file in your directory structure. My example above scans the entire file system.
> 
> then 
> 
> *egrep -A1 "^LibClamAV"  /tmp/clamav.libreoffice.log  *
> 
> The above extracts all the line in the log file that start with LibClamAV and also the line after the line that starts with LibClamAV.
> 
> In the log file I can see this -
> 
> */home/libreoffice/.ccache/5/d/fb7e4c82bbc0acf0664b9ab2a1ba71-3509238.o: OK*
> */home/libreoffice/.ccache/5/d/5a1b00240f63278ef298dceb98523b-1546320.o: OK*
> */home/libreoffice/.ccache/5/d/7641441f2a6a73eabe5bd3eab04695-4826.manifest: OK*
> *LibClamAV info: scancws: Error decompressing SWF file*
> */home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d: OK*
> */home/libreoffice/.ccache/5/d/485a27796c31ee597839897d86cc30-4847808.o: OK*
> */home/libreoffice/.ccache/5/d/cf47c848fe7a19f06675314689d095-3470256.d: OK*
> 
> 
> running the grep against it I get this 
> 
> *LibClamAV info: scancws: Error decompressing SWF file*
> */home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d: OK*
> 
> Running a clamav against just this invidual file I get this 
> 
> *$ clamscan /home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d*
> *LibClamAV info: scancws: Error decompressing SWF file*
> */home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d: OK*
> 
> *----------- SCAN SUMMARY -----------*
> *Known viruses: 3138993*
> *Engine version: 0.98.1*
> *Scanned directories: 0*
> *Scanned files: 1*
> *Infected files: 0*
> *Data scanned: 0.02 MB*
> *Data read: 0.02 MB (ratio 1.00:1)*
> *Time: 21.493 sec (0 m 21 s)*
> 
> 
> I hope this helps.
> 
> Alex
> 
> 
> 
> 
> 
> 
> Alex
> 
> 
> 
> 
> 
> 
> On Saturday 01 Mar 2014 17:01:20 J. W. Andersen wrote:
> > After upgrading from 0.97.6  to 0.98.1 I get the following messages on 
> > the console:
> > 
> > LibClamAV: Warning: SWF: Invalid tag length.
> > LibClamAV: Warning: SWF: Invalid tag length.
> > LibClamAV: Warning: SWF: Invalid tag length.
> > LibClamAV: Warning: SWF: Invalid tag length.
> > LibClamAV: Warning: fmap:  map allocation failed.
> > LibClamAV: Error: CRITICAL: fmap () failed.
> > LibClamAV: Warning: SWF: Invalid tag length.
> > 
> > upon scanning a large linux directory (some 60 GB) with clamscan.
> > 
> > The real problem is, that clamscan does not tell me which scanned files
> > it is actually complaining about, not in sysout and not in syserr. With some
> > 10,000 files in the directory it is impossible for me to find out which
> > files to correct or get rid of. I can prevent the "Invalid tag length" by
> > setting the --scan-archives to no, but that is hardly a solution if I want
> > the archives thoroughly scanned.
> > 
> > Can anyone tell me, what I shall do to retrieve the name of the 
> > problematic files ?
> > 
> > Regards, Joern W. Andersen
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml

More information about the clamav-users mailing list