[clamav-users] SCAN folder does not send OK result via socket?

G.W. Haywood clamav at jubileegroup.co.uk
Mon Mar 14 13:34:33 UTC 2022 

Hi there,

On Mon, 14 Mar 2022, Jorge Elissalde via clamav-users wrote:

> I'm trying to get the scanning "file OK" result in the socket connection
> when scanning multiple files using SCAN/CONTSCAN/MULTISCAN commands.
>
> The command is: nSCAN c:\folder\n
> (same for CONTSCAN and MULTISCAN)
>
> Scanning works fine, several files are recursively scanned.
> The lines I receive from clamd in the *socket connection are only
> detections and errors*.
> The "file OK" resulting lines are logged to the log file (clamav.log),
> that's fine, but I need them in the socket connection.
> Is there a way to get these lines in the socket connection?

Use the INSTREAM command.

8<----------------------------------------------------------------------
#!/usr/bin/perl
# Send a file to clamd.
# usage: tempscan.pl <filename>
# Change IP address and port number to suit your clamd setup.
use strict;
use IO::Socket;
use File::Slurp;
my $peer_addr = 'xxx.xxx.xxx.xxx';
my $peer_port = 'xxxx';
my $filename = $ARGV[0];
printf( "filename=[$filename]\n" );
my $clam1;
if( ! ($clam1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $peer_addr, PeerPort => $peer_port )))
{
     printf( 'Failed to connect to ClamAV daemon on [%s:%s]', $peer_addr, $peer_port );
     exit;
}
my $remaining = read_file( $filename );
my $part_length = length($remaining);
print $clam1 "nINSTREAM\n";
while( $remaining )                                     # Send in chunks, maximum 65535 bytes per chunk.
{
     my $chunk = substr( $remaining, 0, 65_535, '' ) ;
     my $chunk_length = pack( 'N', length( $chunk ) );
     print( $clam1 $chunk_length . $chunk );
     printf( "Sent [%d] bytes to clamd...\n", length($chunk) );
}
my $terminator = pack( 'N', 0 );
print $clam1 $terminator,"\n";                          # The terminating null for the data.
my $reply_timeout = 10_000;
my $reply = '';
while( !$reply && $reply_timeout )
{
     if( ! ($reply = <$clam1>) )
     {
         usleep(1_000_000);
         $reply_timeout--;
         if( ! $reply_timeout )
         {
             print( "TIMEOUT waiting for response from clamd\n" );
             $reply = 'TIMEOUT';
         }
     }
}
close $clam1;
chomp $reply;
print "REPLY IS [$reply]\n";
8<----------------------------------------------------------------------

$ ./tempscan.pl piece_5-a949de
filename=[piece_5-a949de]
Sent [65535] bytes to clamd...
Sent [12583] bytes to clamd...
REPLY IS [stream: OK]

-- 

73,
Ged.

More information about the clamav-users mailing list