[clamav-users] Run script on file scanned but no virus found

[Chris Johnson]

I have on access scanning configured and we successfully run a script
when a virus is found.  This script allows us to make a log that the
file was scanned and a virus found.  However we'd also like to run a
script to make a log when the file has been scanned and no virus has
been found

there are 2 goals (and I accept there may be a different way of
achieving these.)

1) Script are too fast
The files we're scanning get uploaded through a web form
On access scanning checks the file once uploaded
If there's a virus in the file the script creates a new file with the
same name but with (deleted) appended to the filename indicating that
there is a virus.
PHP checks for the existence for the file with (deleted) in the file
name, blocks the addition of this file to our records and deletes it.
Clam AV typically creates this additional file within 0.025 seconds
when testing with the eicar test file.
However the PHP script was quicker and would more often than not allow
the file to be uploaded and added to our records.
We put a 1 second pause in before checking for the (deleted) file and
this now works.  However the file might take longer than 1 second to
scan if its big or the server is busy.  If we could run a  script on
no virus found to create a file with (safe) in the filename then we
could put the php in a loop until it finds (deleted) or (safe) files
and then proceed from there.

2) per client logs
The second reason is that we have to show that the files are being
scanned but we cannot release the whole log to all clients as some of
their users put personal information in the filenames.  Running a
script on a scan that creates the (safe) file allows us to create a
record of the user that uploaded each file so that we can filter the
logs per client.

Is there a way of getting clamd to run a script when a virus is not found?


Chris Johnson