Mailing List Archive

Scanning result in socket connection for each file under a folder?
Hi,

When I scan a folder using socket connection to clamd (SCAN [folder]) I
don't get an individual result for each file in the connection.
For example, if I send to scan the folder c:\testme, I will get (if
everything goes ok) only the line: c:\testme: OK
Individual files scanned and result are stored in the log file, like this
one:

LOG> c:\testme\file1: OK
LOG> c:\testme\file2: OK
SOCKET> c:\testme: OK

Is there a chance to get every individual scanned file result also reported
in the socket connection?

Thank you

Jorge
Re: Scanning result in socket connection for each file under a folder? [ In reply to ]
you can do tis on a similar way:

> #!/bin/sh
> #
> # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
> #
> # report on which clamav signatures have matched, and how many times
> # each have matched from the latest maillog file (or the file(s) named
> # as argument(s).
>
> PATH=/usr/local/bin:/usr/bin:/bin
> # <space><tab><newline>
> IFS="
> "
> export PATH;
> export IFS;
> umask 022
>
> # if we have no arguments, we'll default to the current maillog file;
> # else the arguments are the list;
> if [ "$*" ]; then
> MAILLOG=$*
> else
> MAILLOG="/var/log/maillog"
> fi
>
> # That's it ...
> grep -w FOUND ${MAILLOG} |\
> awk '{print $(NF-1)}' |\
> sort -h |\
> uniq -c |\
> sort -rh |\
> awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'



Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Jorge Elissalde <mailto:elissalde.j.e@gmail.com>
Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
Betreff / Subject: [clamav-users] Scanning result in socket connection for each file under a folder?
> Hi,
>
> When I scan a folder using socket connection to clamd (SCAN [folder]) I don't get an individual result for each file in the connection.
> For example, if I send to scan the folder c:\testme, I will get (if everything goes ok) only the line: c:\testme: OK
> Individual files scanned and result are stored in the log file, like this one:
>
> LOG> c:\testme\file1: OK
> LOG> c:\testme\file2: OK
> SOCKET> c:\testme: OK
>
> Is there a chance to get every individual scanned file result also reported in the socket connection?
>
> Thank you
>
> Jorge
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Scanning result in socket connection for each file under a folder? [ In reply to ]
Hi,

I'm trying to avoid log reading.
What I wish to have is the scanning status sent back for every scanned file
using the clamd socket connection; the same socket I've used to send the
SCAN [folder] command.
Thanks

Jorge

El mar, 10 ene 2023 a las 15:14, newcomer01 via clamav-users (<
clamav-users@lists.clamav.net>) escribió:

> you can do tis on a similar way:
>
> > #!/bin/sh
> > #
> > # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain
> Robitaille
> > #
> > # report on which clamav signatures have matched, and how many times
> > # each have matched from the latest maillog file (or the file(s)
> named
> > # as argument(s).
> >
> > PATH=/usr/local/bin:/usr/bin:/bin
> > # <space><tab><newline>
> > IFS="
> > "
> > export PATH;
> > export IFS;
> > umask 022
> >
> > # if we have no arguments, we'll default to the current maillog
> file;
> > # else the arguments are the list;
> > if [ "$*" ]; then
> > MAILLOG=$*
> > else
> > MAILLOG="/var/log/maillog"
> > fi
> >
> > # That's it ...
> > grep -w FOUND ${MAILLOG} |\
> > awk '{print $(NF-1)}' |\
> > sort -h |\
> > uniq -c |\
> > sort -rh |\
> > awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
>
>
>
> Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
> CC / CC: Jorge Elissalde <mailto:elissalde.j.e@gmail.com>
> Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
> Betreff / Subject: [clamav-users] Scanning result in socket connection for
> each file under a folder?
> > Hi,
> >
> > When I scan a folder using socket connection to clamd (SCAN [folder]) I
> don't get an individual result for each file in the connection.
> > For example, if I send to scan the folder c:\testme, I will get (if
> everything goes ok) only the line: c:\testme: OK
> > Individual files scanned and result are stored in the log file, like
> this one:
> >
> > LOG> c:\testme\file1: OK
> > LOG> c:\testme\file2: OK
> > SOCKET> c:\testme: OK
> >
> > Is there a chance to get every individual scanned file result also
> reported in the socket connection?
> >
> > Thank you
> >
> > Jorge
> >
> > _______________________________________________
> >
> > Manage your clamav-users mailing list subscription / unsubscribe:
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/Cisco-Talos/clamav-documentation
> >
> > https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
Re: Scanning result in socket connection for each file under a folder? [ In reply to ]
I don't think it's possible unless you send each file to be scanned instead of scanning the directory. clamd only sends back FOUND for files, or else OK for the directory.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Jorge Elissalde via clamav-users <clamav-users@lists.clamav.net>
Sent: Tuesday, January 10, 2023 10:24 AM
To: newcomer01@posteo.de <newcomer01@posteo.de>; ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Jorge Elissalde <elissalde.j.e@gmail.com>
Subject: Re: [clamav-users] Scanning result in socket connection for each file under a folder?

Hi,

I'm trying to avoid log reading.
What I wish to have is the scanning status sent back for every scanned file using the clamd socket connection; the same socket I've used to send the SCAN [folder] command.
Thanks

Jorge

El mar, 10 ene 2023 a las 15:14, newcomer01 via clamav-users (<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>) escribi?:
you can do tis on a similar way:

> #!/bin/sh
> #
> # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
> #
> # report on which clamav signatures have matched, and how many times
> # each have matched from the latest maillog file (or the file(s) named
> # as argument(s).
>
> PATH=/usr/local/bin:/usr/bin:/bin
> # <space><tab><newline>
> IFS="
> "
> export PATH;
> export IFS;
> umask 022
>
> # if we have no arguments, we'll default to the current maillog file;
> # else the arguments are the list;
> if [ "$*" ]; then
> MAILLOG=$*
> else
> MAILLOG="/var/log/maillog"
> fi
>
> # That's it ...
> grep -w FOUND ${MAILLOG} |\
> awk '{print $(NF-1)}' |\
> sort -h |\
> uniq -c |\
> sort -rh |\
> awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'



Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
An / To: Newcomer01 <mailto:newcomer01@posteo.de<mailto:newcomer01@posteo.de>>
CC / CC: Jorge Elissalde <mailto:elissalde.j.e@gmail.com<mailto:elissalde.j.e@gmail.com>>
Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
Betreff / Subject: [clamav-users] Scanning result in socket connection for each file under a folder?
> Hi,
>
> When I scan a folder using socket connection to clamd (SCAN [folder]) I don't get an individual result for each file in the connection.
> For example, if I send to scan the folder c:\testme, I will get (if everything goes ok) only the line: c:\testme: OK
> Individual files scanned and result are stored in the log file, like this one:
>
> LOG> c:\testme\file1: OK
> LOG> c:\testme\file2: OK
> SOCKET> c:\testme: OK
>
> Is there a chance to get every individual scanned file result also reported in the socket connection?
>
> Thank you
>
> Jorge
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat