[clamav-users] Clamd: how can you get emails about viruses or at least save info about found viruses in a specific file?
Dennis Peterson
dennispe at inetnw.com
Thu Mar 5 18:16:58 UTC 2015
On 3/5/15 10:05 AM, Henry Collins wrote:
> So the normal ClamAV (not daemon) is working alright and I do not have any
> complaints. However, the daemon is not working or I cannot see how it is
> working. When I write "ps ax", I can see that it is running, but the
> problem is that I cannot find any information on what it found. I tried to
> move a fake virus to different folders, but I cannot see anything in
> ClamAVs logs.
>
> How do I see what daemon has found and how do I save these results to some
> file?
>
A standard ClamAV install doesn't do anything when the clamd daemon is started.
You have to explicitly give it something to do. If you have a directory you wish
to scan then you would run clamdscan from a command line with that directory as
an argument. If the clamd user ID does not have permission to scan that
directory or its contents then you have to provide file descriptors. The
clamdscan tool communicates with the clamd daemon and is a fast means of
scanning files because all the signatures are already loaded.
See man clamdscan.
You can also scan directories without using the daemon by invoking the clamscan
command line tool. This tool has to load the signatures each time it is run and
so has greater overhead, but it does not have ownership problems when scanning
files you own. If you run it as root it will scan any file on your system. It's
probably not a good idea to run this on device files and Unix special files.
See man clamscan
The clamd daemon is most useful for scanning incoming mail in real time. That
requires an interface layer between clamd and your mail MTA or local delivery agent.
dp
More information about the clamav-users
mailing list