Hi there, On Thu, 19 Sep 2019, Jorge Martins wrote:
I have ClamAV Daemon installed, and if clamdscan detects something I get an entry log on the /var/log/clamav/clamav.log file, but that entry does not identify the infected file, it only shows something like this: Thu Sep 19 16:42:24 2019 -> fd[12]: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND Is it possible to make it show the filepath of the infected file?
There are two tools. One is clamd, which is a daemon and once started it sits there waiting to be told what to scan. If nothing tells it to scan something, it does nothing. The other is clamdscan. It doesn't know how to scan anything, but it can climb around your directory tree looking for files and it can pass pointers to the files to the clamd daemon (this tells the daemon to scan them) and await clamd's replies. There are other ways of scanning files, it's all in the documentation. You are asking for clamdscan to do what it normally does. You seem to have given an example of something else (of what clamd does when it is scanning a stream of data sent to the socket on which it is listening). This is for example what happens when you use clamav-milter to scan incoming mail; the incoming message is passed to the clamd daemon on its socket. When clamd scans a stream of data there is no file name, it's just a stream of data, so clamd can't give you any name. On the other hand clamdscan knows the names of the files which it passes to clamd to scan; when clamd tells clamdscan a file matches a signature, clamdscan can tell you which file it was, and which signature. Here's the command I gave to scan a directory full of spam emails this morning: $ clamdscan /var/lib/SUBMISSIONS/messages Here's the result in the log - some of the emails were flagged. I've edited it for brevity but you can see the pathnames and signature IDs. The paths are in /var/ and the filenames are all Sendmail message IDs. 8<---------------------------------------------------------------------- Sep 19 10:01:09 clamd[4665]: /var/.../x8EGYHK0009933: 58172 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8HABuOb007396: 58175 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8EIlecT023326: 58171 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8FAjoDx020771: 27775 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8GFcxQs001950: 58174 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8H6Z8UR026649: 58170 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8GJbwD8019380: 27774 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8HE4bQf007238: 58173 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8HHfcPh021663: 58169 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8HN3mEf025577: 58167 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8I1Avox028331: 58168 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8I98tXw019474: 5eb86d FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8I9N3iW025511: 4810c4 FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8I9QUY9025837: 5eb86d FOUND Sep 19 10:01:09 clamd[4665]: /var/.../x8IA3Zpb004800: 5eb86d FOUND 8<---------------------------------------------------------------------- Exactly how are you telling clamd/clamdscan to scan the files? It might also be useful to see your clamd.conf. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
