[clamav-users] Scanning result in socket connection for each file under a folder?
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Jan 10 18:41:10 UTC 2023
I don't think it's possible unless you send each file to be scanned instead of scanning the directory. clamd only sends back FOUND for files, or else OK for the directory.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Jorge Elissalde via clamav-users <clamav-users at lists.clamav.net>
Sent: Tuesday, January 10, 2023 10:24 AM
To: newcomer01 at posteo.de <newcomer01 at posteo.de>; ClamAV users ML <clamav-users at lists.clamav.net>
Cc: Jorge Elissalde <elissalde.j.e at gmail.com>
Subject: Re: [clamav-users] Scanning result in socket connection for each file under a folder?
Hi,
I'm trying to avoid log reading.
What I wish to have is the scanning status sent back for every scanned file using the clamd socket connection; the same socket I've used to send the SCAN [folder] command.
Thanks
Jorge
El mar, 10 ene 2023 a las 15:14, newcomer01 via clamav-users (<clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>) escribió:
you can do tis on a similar way:
> #!/bin/sh
> #
> # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
> #
> # report on which clamav signatures have matched, and how many times
> # each have matched from the latest maillog file (or the file(s) named
> # as argument(s).
>
> PATH=/usr/local/bin:/usr/bin:/bin
> # <space><tab><newline>
> IFS="
> "
> export PATH;
> export IFS;
> umask 022
>
> # if we have no arguments, we'll default to the current maillog file;
> # else the arguments are the list;
> if [ "$*" ]; then
> MAILLOG=$*
> else
> MAILLOG="/var/log/maillog"
> fi
>
> # That's it ...
> grep -w FOUND ${MAILLOG} |\
> awk '{print $(NF-1)}' |\
> sort -h |\
> uniq -c |\
> sort -rh |\
> awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
Von / From: Clamav User Mailinglist <mailto:clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
An / To: Newcomer01 <mailto:newcomer01 at posteo.de<mailto:newcomer01 at posteo.de>>
CC / CC: Jorge Elissalde <mailto:elissalde.j.e at gmail.com<mailto:elissalde.j.e at gmail.com>>
Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
Betreff / Subject: [clamav-users] Scanning result in socket connection for each file under a folder?
> Hi,
>
> When I scan a folder using socket connection to clamd (SCAN [folder]) I don't get an individual result for each file in the connection.
> For example, if I send to scan the folder c:\testme, I will get (if everything goes ok) only the line: c:\testme: OK
> Individual files scanned and result are stored in the log file, like this one:
>
> LOG> c:\testme\file1: OK
> LOG> c:\testme\file2: OK
> SOCKET> c:\testme: OK
>
> Is there a chance to get every individual scanned file result also reported in the socket connection?
>
> Thank you
>
> Jorge
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230110/9d5a2e56/attachment.htm>
More information about the clamav-users
mailing list