Mailing List Archive

ClamAV logs JAVA System
Hi,
After a long time we were able to successfully install clamav on our
systems , on our ABAP systems we were able to use a script to allow us to
be notified whenever a virus was found on the system,the latter was
reported in a log that was then sent by mail to us, but now we are trying
to create something similar on a JAVA system, on the JAVA system we have
already located the log where the virus is reported by the ClamAV, now we
would similarly like to create a script for the java that does the same as
the script on the Abap systems, the biggest problem for now is that the log
on which the Java writes is always the same,meaning that if we used the
script we wouldn't be sure if it is a new virus or an old virus that has
been on that log since forever, so my question is,do you know if there is
some clamav setting to allow us to write different logs every time a virus
is found? I’ll write the script we used on the abap system hoping it can
help (if it can help you we are on clamav 0.103.7-3.21.2 and clamsap
0.104.3-3.12.1 Thanks! : #!/bin/bash LOGFILE="/var/log/clamd-$(date
+'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="clamav-daily@zambongroup.com"; EMAIL_TO="
antonio.galdieri@techedgegroup.com"; DIRTOSCAN="/tmp"; for S in
${DIRTOSCAN}; do DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1); echo
"Starting a daily scan of "$S" directory. Amount of data to be scanned is
"$DIRSIZE"."; clamscan -ri "$S" >> "$LOGFILE"; # get the value of "Infected
lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the
value is not equal to zero, send an email with the log file attached if [
"$MALWARE" -ne "0" ];then # using heirloom-mailx below echo
"$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM"
"$EMAIL_TO" -v .; fi done exit 0
Re: ClamAV logs JAVA System [ In reply to ]
mybe you can rename the original log name (clamscan.log) with the needed one after the scan process is done


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Antonio Galdieri <mailto:antonio.galdieri@techedgegroup.com>
Gesendet / Sent: Montag, Januar 30, 2023 um 15:00 (at 03:00 PM) +0100
Betreff / Subject: [clamav-users] ClamAV logs JAVA System
>
> Hi, After a long time we were able to successfully install clamav on our systems , on our ABAP systems we were able to use a script to allow us to be notified whenever a virus was found on the system,the latter was reported in a log that was then sent by mail to us, but now we are trying to create something similar on a JAVA system, on the JAVA system we have already located the log where the virus is reported by the ClamAV, now we would similarly like to create a script for the java that does the same as the script on the Abap systems, the biggest problem for now is that the log on which the Java writes is always the same,meaning that if we used the script we wouldn't be sure if it is a new virus or an old virus that has been on that log since forever, so my question is,do you know if there is some clamav setting to allow us to write different logs every time a virus is found? I’ll write the script we used on the abap system hoping itcan help (if it can help you we are on
> clamav 0.103.7-3.21.2 and clamsap 0.104.3-3.12.1 Thanks!: #!/bin/bash LOGFILE="/var/log/clamd-$(date +'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached."; EMAIL_FROM="clamav-daily@zambongroup.com"; EMAIL_TO="antonio.galdieri@techedgegroup.com"; DIRTOSCAN="/tmp"; for S in ${DIRTOSCAN}; do DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1); echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE"."; clamscan -ri "$S" >> "$LOGFILE"; # get the value of "Infected lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then # using heirloom-mailx below echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO" -v .; fi done exit 0
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: ClamAV logs JAVA System [ In reply to ]
i'am not trained in java but i can explain what you can do in UNIX Systems:

for example:

> if [ "VAR" = "VAL" ]; then
>
>     # create new clamscan.conf
>
>     # unlink "old" clamscan.conf
>     unlink /etc/clamav/clamscan.conf
>
>     # check retval from unlink
>     RETVAL_ULI="$?"
>
>     if [ "$RETVAL_ULI" -eq = "0" ]; then
>
>         # if no error occur write your new conf file
>
>         # reate
>         exec 3> /etc/clamav/clamscan.conf
>
>         # write this
>         echo 1>&3 "all your needed stats comes in"
>         echo 1>&3 "LogFile /var/log/clamav/YOUR_NAME_FOR_LOG.log
>
>         # close
>         exec 3>&-
>
>     fi
>
>
>     # run clamcsan
>
>     /usr/bib/clamascan
>
>     HERE YOUR SCAN OPTONS
>
> fi
>
> an other way can be:
>
> comment out in your clamscan.conf
> LogFile /var/log/clamav/clamscan.log
>
> # run clamscan
>
> /usr/bin/clamscan
>
> --log="/var/log/clamav/HERE_YOUR_NAME.log"
>
> but you must find an solution for JAVA, here i can't help - sorry.


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Antonio Galdieri <mailto:antonio.galdieri@techedgegroup.com>
Gesendet / Sent: Montag, Januar 30, 2023 um 15:00 (at 03:00 PM) +0100
Betreff / Subject: [clamav-users] ClamAV logs JAVA System
>
> Hi, After a long time we were able to successfully install clamav on our systems , on our ABAP systems we were able to use a script to allow us to be notified whenever a virus was found on the system,the latter was reported in a log that was then sent by mail to us, but now we are trying to create something similar on a JAVA system, on the JAVA system we have already located the log where the virus is reported by the ClamAV, now we would similarly like to create a script for the java that does the same as the script on the Abap systems, the biggest problem for now is that the log on which the Java writes is always the same,meaning that if we used the script we wouldn't be sure if it is a new virus or an old virus that has been on that log since forever, so my question is,do you know if there is some clamav setting to allow us to write different logs every time a virus is found? I’ll write the script we used on the abap system hoping itcan help (if it can help you we are on
> clamav 0.103.7-3.21.2 and clamsap 0.104.3-3.12.1 Thanks!: #!/bin/bash LOGFILE="/var/log/clamd-$(date +'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached."; EMAIL_FROM="clamav-daily@zambongroup.com"; EMAIL_TO="antonio.galdieri@techedgegroup.com"; DIRTOSCAN="/tmp"; for S in ${DIRTOSCAN}; do DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1); echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE"."; clamscan -ri "$S" >> "$LOGFILE"; # get the value of "Infected lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then # using heirloom-mailx below echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO" -v .; fi done exit 0
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat