On Sat, 03 Jul 2010 14:32:38 -0400 Richard Geddes <[email protected]> wrote:
> Hello, > > Using Ubuntu/Debian package install with the test files from > clamavscan-testfiles package > > Set the logging on and most everything seems to work correctly. > > When I execute: > > clamdscan --fdpass -m /usr/share/ If you use --fdpass, then ... > Jul 3 14:08:05 flanker clamd[25264]: fd[51]: ClamAV-Test-File FOUND > Is there a way to get better diags on the logged detections? The answer is no for clamd. This is by design: clamd only gets a file descriptor to scan, it doesn't know the filename. Sure you could look at /proc/self/fd on Linux and figure out the filename, but that is very system specific and defeats the purpose of using fdpass in the first place. > Jul 3 14:08:05 flanker clamd[25264]: fd[50]: ClamAV-Test-File FOUND > Jul 3 14:08:05 flanker clamd[25264]: fd[19]: ClamAV-Test-File FOUND > Jul 3 14:08:05 flanker clamd[25264]: fd[56]: ClamAV-Test-File FOUND > Jul 3 14:08:05 flanker clamd[25264]: fd[65]: ClamAV-Test-File FOUND > Jul 3 14:08:05 flanker clamd[25264]: fd[52]: ClamAV-Test-File FOUND > Jul 3 14:08:05 flanker clamd[25264]: fd[57]: ClamAV-Test-File FOUND > Jul 3 14:08:05 flanker clamd[25264]: fd[66]: ClamAV-Test-File FOUND > > --- snip > > I assume this is clamav detecting the test files. I'd like to get > more data on these detections... like which file triggered the > detection. Sure, look at the clamdscan output, not clamd's logs. If clamdscan's output scroll's off your screen, then clamdscan can create a logfile too. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
