[clamav-users] No filenames listed by clamscan.

J. W. Andersen jwa at fasytek.dk
Tue Mar 4 11:55:22 EST 2014


Hi Alex - thanks for the tip. I followed your suggestions to generate 
the huge logfile, and helped by a good
editor (Uedit) I could search for the LibClamAV message directly, and 
then point out the preceeding
filename. It was all stuff, that was obsolete long ago, and could be 
deleted without further ado.

Thanks again,  Joern.-

############################################################

Den 04-03-2014 10:13, mcmurchy1917-clamav at yahoo.co.uk skrev:
> Ignore the asterisks in my previous note they just encapsulate the highlighted parts of the note.
>
> Alex
>
>
> On Tuesday 04 Mar 2014 09:08:15 mcmurchy1917-clamav at yahoo.co.uk wrote:
>> I too see these messages on the the console and have found no way of identifying the files by using any of the clamav flags.
>>
>> This is what I would do
>>
>> *sudo /usr/bin/clamscan -r / > /tmp/clamav.log 2>&1*
>>
>> The file */tmp/clamav.libreoffice.log *will contain details of ALL files irrespective of whether they are OK or not, the file will also contain those messages seen on the console. It will be a large file containing at least one line per file in your directory structure. My example above scans the entire file system.
>>
>> then
>>
>> *egrep -A1 "^LibClamAV"  /tmp/clamav.libreoffice.log  *
>>
>> The above extracts all the line in the log file that start with LibClamAV and also the line after the line that starts with LibClamAV.
>>
>> In the log file I can see this -
>>
>> */home/libreoffice/.ccache/5/d/fb7e4c82bbc0acf0664b9ab2a1ba71-3509238.o: OK*
>> */home/libreoffice/.ccache/5/d/5a1b00240f63278ef298dceb98523b-1546320.o: OK*
>> */home/libreoffice/.ccache/5/d/7641441f2a6a73eabe5bd3eab04695-4826.manifest: OK*
>> *LibClamAV info: scancws: Error decompressing SWF file*
>> */home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d: OK*
>> */home/libreoffice/.ccache/5/d/485a27796c31ee597839897d86cc30-4847808.o: OK*
>> */home/libreoffice/.ccache/5/d/cf47c848fe7a19f06675314689d095-3470256.d: OK*
>>
>>
>> running the grep against it I get this
>>
>> *LibClamAV info: scancws: Error decompressing SWF file*
>> */home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d: OK*
>>
>> Running a clamav against just this invidual file I get this
>>
>> *$ clamscan /home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d*
>> *LibClamAV info: scancws: Error decompressing SWF file*
>> */home/libreoffice/.ccache/5/d/e9c2480dc82b1ac2fd541728fdd3fa-1003231.d: OK*
>>
>> *----------- SCAN SUMMARY -----------*
>> *Known viruses: 3138993*
>> *Engine version: 0.98.1*
>> *Scanned directories: 0*
>> *Scanned files: 1*
>> *Infected files: 0*
>> *Data scanned: 0.02 MB*
>> *Data read: 0.02 MB (ratio 1.00:1)*
>> *Time: 21.493 sec (0 m 21 s)*
>>
>>
>> I hope this helps.
>>
>> Alex
>>
>>
>>
>>
>>
>>
>> Alex
>>
>>
>>
>>
>>
>>
>> On Saturday 01 Mar 2014 17:01:20 J. W. Andersen wrote:
>>> After upgrading from 0.97.6  to 0.98.1 I get the following messages on
>>> the console:
>>>
>>> LibClamAV: Warning: SWF: Invalid tag length.
>>> LibClamAV: Warning: SWF: Invalid tag length.
>>> LibClamAV: Warning: SWF: Invalid tag length.
>>> LibClamAV: Warning: SWF: Invalid tag length.
>>> LibClamAV: Warning: fmap:  map allocation failed.
>>> LibClamAV: Error: CRITICAL: fmap () failed.
>>> LibClamAV: Warning: SWF: Invalid tag length.
>>>
>>> upon scanning a large linux directory (some 60 GB) with clamscan.
>>>
>>> The real problem is, that clamscan does not tell me which scanned files
>>> it is actually complaining about, not in sysout and not in syserr. With some
>>> 10,000 files in the directory it is impossible for me to find out which
>>> files to correct or get rid of. I can prevent the "Invalid tag length" by
>>> setting the --scan-archives to no, but that is hardly a solution if I want
>>> the archives thoroughly scanned.
>>>
>>> Can anyone tell me, what I shall do to retrieve the name of the
>>> problematic files ?
>>>
>>> Regards, Joern W. Andersen
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml

-- 


More information about the clamav-users mailing list