[clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file?

Thu Feb 17 13:48:51 UTC 2022

Hi there,

On Thu, 17 Feb 2022, An Schall via clamav-users wrote:

> When using clamdscan, I would like to have verbose output logged to a
> file. Specifically, the timestamp, file path and file name as well as
> the scan results should be logged to a specified file.
>
> In comparison, clamscan outputs this information to STDOUT per default
> and I could simply pipe it to "tee -a $LOG_FILE".
> 
> Unfortunately, clamdscan does not output this information but logs
> this kind of information to /var/log/clamd.scan. However, given that I
> would like to use it within a script, I would like to log this kind of
> output to a configurable file.

Be aware that clamscan and clamdscan don't report the same information
about the things that they scan.  I think that's for several reasons;
partly by design, partly because of what's availble at the time of the
scan, and partly because there are change requests in the development
pipeline which have not yet been addressed.  Having said that what you
want doesn't seem to be a problem.

> While there is a -L switch, it does not include such detailed
> information (only the summary). Also, there seems to be a --stdout
> switch but it seems it does not help either.

AFAIK there's no -L switch for clamdscan.  Do you mean -l ?

8<----------------------------------------------------------------------
ged:~ $ clamdscan -L format_*
clamdscan: illegal option -- L
ERROR: Unknown option passed
ERROR: Can't parse command line options
8<----------------------------------------------------------------------

> How can I get verbose information from /var/log/clamd.scan to a
> configurable file in the first place?

I'm not quite sure if I understand what you want to do.  It might help
to know why you want to do it.  I can think of several ways of doing
this sort of thing but simple redirection of stdout would work for me.
Here's a scan of a couple of files in my home directory on my scanning
server:

8<----------------------------------------------------------------------
ged:~ $ clamdscan format_*
/home/ged/format_16.spec_for_hexdump: OK
/home/ged/format_64.spec_for_hexdump: OK
...
...
8<----------------------------------------------------------------------

To get that sent to a file it's just

8<----------------------------------------------------------------------
ged:~ $ clamdscan format_* > logfile.$(date +'%F')
ged:~ $ cat logfile.2022-02-17 
/home/ged/format_16.spec_for_hexdump: OK
/home/ged/format_64.spec_for_hexdump: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 1.954 sec (0 m 1 s)
Start Date: 2022:02:17 13:41:50
End Date:   2022:02:17 13:41:52
8<----------------------------------------------------------------------

Would that do what you need?

-- 

73,
Ged.