Mailing List Archive

[clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file?
When using clamdscan, I would like to have verbose output logged to a
file. Specifically, the timestamp, file path and file name as well as
the scan results should be logged to a specified file.

In comparison, clamscan outputs this information to STDOUT per default
and I could simply pipe it to "tee -a $LOG_FILE".

Unfortunately, clamdscan does not output this information but logs
this kind of information to /var/log/clamd.scan. However, given that I
would like to use it within a script, I would like to log this kind of
output to a configurable file.

While there is a -L switch, it does not include such detailed
information (only the summary). Also, there seems to be a --stdout
switch but it seems it does not help either.

How can I get verbose information from /var/log/clamd.scan to a
configurable file in the first place?

Thanks in advance!

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Hi there,

On Thu, 17 Feb 2022, An Schall via clamav-users wrote:

> When using clamdscan, I would like to have verbose output logged to a
> file. Specifically, the timestamp, file path and file name as well as
> the scan results should be logged to a specified file.
>
> In comparison, clamscan outputs this information to STDOUT per default
> and I could simply pipe it to "tee -a $LOG_FILE".
>
> Unfortunately, clamdscan does not output this information but logs
> this kind of information to /var/log/clamd.scan. However, given that I
> would like to use it within a script, I would like to log this kind of
> output to a configurable file.

Be aware that clamscan and clamdscan don't report the same information
about the things that they scan. I think that's for several reasons;
partly by design, partly because of what's availble at the time of the
scan, and partly because there are change requests in the development
pipeline which have not yet been addressed. Having said that what you
want doesn't seem to be a problem.

> While there is a -L switch, it does not include such detailed
> information (only the summary). Also, there seems to be a --stdout
> switch but it seems it does not help either.

AFAIK there's no -L switch for clamdscan. Do you mean -l ?

8<----------------------------------------------------------------------
ged:~ $ clamdscan -L format_*
clamdscan: illegal option -- L
ERROR: Unknown option passed
ERROR: Can't parse command line options
8<----------------------------------------------------------------------

> How can I get verbose information from /var/log/clamd.scan to a
> configurable file in the first place?

I'm not quite sure if I understand what you want to do. It might help
to know why you want to do it. I can think of several ways of doing
this sort of thing but simple redirection of stdout would work for me.
Here's a scan of a couple of files in my home directory on my scanning
server:

8<----------------------------------------------------------------------
ged:~ $ clamdscan format_*
/home/ged/format_16.spec_for_hexdump: OK
/home/ged/format_64.spec_for_hexdump: OK
...
...
8<----------------------------------------------------------------------

To get that sent to a file it's just

8<----------------------------------------------------------------------
ged:~ $ clamdscan format_* > logfile.$(date +'%F')
ged:~ $ cat logfile.2022-02-17
/home/ged/format_16.spec_for_hexdump: OK
/home/ged/format_64.spec_for_hexdump: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 1.954 sec (0 m 1 s)
Start Date: 2022:02:17 13:41:50
End Date: 2022:02:17 13:41:52
8<----------------------------------------------------------------------

Would that do what you need?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
On Thu, 17 Feb 2022 14:08:45 +0100
An Schall via clamav-users <clamav-users@lists.clamav.net> wrote:

> When using clamdscan, I would like to have verbose output logged to a
> file. Specifically, the timestamp, file path and file name as well as
> the scan results should be logged to a specified file.
>
> In comparison, clamscan outputs this information to STDOUT per default
> and I could simply pipe it to "tee -a $LOG_FILE".
>
> Unfortunately, clamdscan does not output this information but logs
> this kind of information to /var/log/clamd.scan. However, given that I
> would like to use it within a script, I would like to log this kind of
> output to a configurable file.
>
> While there is a -L switch, it does not include such detailed
> information (only the summary). Also, there seems to be a --stdout
> switch but it seems it does not help either.
>
> How can I get verbose information from /var/log/clamd.scan to a
> configurable file in the first place?
>
> Thanks in advance!


Just off the top of my head, maybe a symlink, or, if you have to make it dynamic (e.g., for each clamdscan execution), a pipe/FIFO to a listener process? I've never tried this with clamd, so details would need to be filled in (and it might not even be practical).

You still would be limited to what clamd is willing to report, of course.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Hi Ged,

in fact, my issue is that when scanning folders recursively with
clamdscan, I merely receive an aggregated result on the entire folder
via STDOUT and the detailed per-file information is logged to
/var/log/clamd.scan. In contrast, when scanning folders recursively
with clamscan, I receive the per-file information on STDOUT directly.
I tried to illustrate with the example below, listing a directory
structure of directory "lynis" and then scanning it with clamdscan.

[foo@bar ~]$ ls -lst lynis/
total 304
132 -rw-r--r-- 1 root root 135100 Jul 22 2021 CHANGELOG.md
4 -rw-r--r-- 1 root root 3214 Jul 22 2021 CODE_OF_CONDUCT.md
4 -rw-r--r-- 1 root root 2709 Jul 22 2021 CONTRIBUTING.md
4 -rw-r--r-- 1 root root 2559 Jul 22 2021 CONTRIBUTORS.md
0 drwxr-xr-x 3 root root 173 Jul 22 2021 db
24 -rw-r--r-- 1 root root 21405 Jul 22 2021 default.prf
4 -rw-r--r-- 1 root root 172 Jul 22 2021 developer.prf
0 drwxr-xr-x 6 root root 171 Jul 22 2021 extras
8 -rw-r--r-- 1 root root 4489 Jul 22 2021 FAQ
4 -rw-r--r-- 1 root root 1094 Jul 22 2021 HAPPY_USERS.md
4 drwxr-xr-x 2 root root 4096 Jul 22 2021 include
4 -rw-r--r-- 1 root root 1528 Jul 22 2021 INSTALL
36 -rw-r--r-- 1 root root 35146 Jul 22 2021 LICENSE
52 -rwxr-xr-x 1 root root 51936 Jul 22 2021 lynis
8 -rw-r--r-- 1 root root 5746 Jul 22 2021 lynis.8
0 drwxr-xr-x 2 root root 50 Jul 22 2021 plugins
8 -rw-r--r-- 1 root root 4657 Jul 22 2021 README
4 -rw-r--r-- 1 root root 539 Jul 22 2021 SECURITY.md
4 -rw-r--r-- 1 root root 792 Jul 22 2021 TODO.md

[foo@bar ~]$ sudo clamdscan lynis/
/home/foo/lynis: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.026 sec (0 m 0 s)
Start Date: 2022:02:18 09:05:39
End Date: 2022:02:18 09:05:39

[foo@bar ~]$ sudo tail -n20 /var/log/clamd.scan
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_mail_messaging: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/consts: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_memory_processes: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_ldap: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_malware: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_crypto: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/report: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_configure: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_printers_spoolers: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_dns: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_snmp: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_shells: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_audit_dockerfile: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_show: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_hardening: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_mac_frameworks: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_firewalls: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_nameservices: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_boot_services: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_kernel: OK

My aim is to log the per-file information to a configurable log file.
Maybe my undertaking becomes a bit clearer now.

Thanks

Am Do., 17. Feb. 2022 um 18:17 Uhr schrieb Paul Kosinski via
clamav-users <clamav-users@lists.clamav.net>:
>
> On Thu, 17 Feb 2022 14:08:45 +0100
> An Schall via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> > When using clamdscan, I would like to have verbose output logged to a
> > file. Specifically, the timestamp, file path and file name as well as
> > the scan results should be logged to a specified file.
> >
> > In comparison, clamscan outputs this information to STDOUT per default
> > and I could simply pipe it to "tee -a $LOG_FILE".
> >
> > Unfortunately, clamdscan does not output this information but logs
> > this kind of information to /var/log/clamd.scan. However, given that I
> > would like to use it within a script, I would like to log this kind of
> > output to a configurable file.
> >
> > While there is a -L switch, it does not include such detailed
> > information (only the summary). Also, there seems to be a --stdout
> > switch but it seems it does not help either.
> >
> > How can I get verbose information from /var/log/clamd.scan to a
> > configurable file in the first place?
> >
> > Thanks in advance!
>
>
> Just off the top of my head, maybe a symlink, or, if you have to make it dynamic (e.g., for each clamdscan execution), a pipe/FIFO to a listener process? I've never tried this with clamd, so details would need to be filled in (and it might not even be practical).
>
> You still would be limited to what clamd is willing to report, of course.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Hi there,

On Mon, 21 Feb 2022, An Schall via clamav-users wrote:

> ... my issue is that when scanning folders recursively with
> clamdscan, I merely receive an aggregated result on the entire folder
> ...
> My aim is to log the per-file information to a configurable log file.

You could use the system logging facilities (syslog, rsyslog, ...) to
duplicate or redirect information which they already log somewhere to
an additional log file, or a different one. I use syslog-ng. I guess
it's not to everyone's taste but it's quite flexible. You might need
to script something to change the logfile name to whatever you need.

There are plenty of alternatives. For example the 'find' utility:

8<----------------------------------------------------------------------
$ find /home/ged/hexdump_formats -type f | xargs clamdscan
/home/ged/hexdump_formats/format_16.spec_for_hexdump: OK
/home/ged/hexdump_formats/format_64.spec_for_hexdump: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 2.825 sec (0 m 2 s)
Start Date: 2022:02:21 09:17:23
End Date: 2022:02:21 09:17:26
8<----------------------------------------------------------------------

The 'find' utility can sometimes feel a bit like a cornered rat but it
does the job well. You might need to consider how many arguments are
passed and how they are passed; filenames with spaces etc. could be an
issue unless you use the right 'find' and 'xargs' options. Efficiency
can never be taken for granted but if you're running a clamd daemon at
least you aren't reloading the database for every file scanned.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Thanks for the response. The main reason why I use clamdscan is
performance: I need to scan in a multi-threaded manner (in contrast to
clamscan). I guess using 'find' will go against this aim.

Ok, I guess this answers the questions that there is no built-in
support for verbose logging in clamdscan.

Thanks anyway!

Am Mo., 21. Feb. 2022 um 10:34 Uhr schrieb G.W. Haywood via
clamav-users <clamav-users@lists.clamav.net>:
>
> Hi there,
>
> On Mon, 21 Feb 2022, An Schall via clamav-users wrote:
>
> > ... my issue is that when scanning folders recursively with
> > clamdscan, I merely receive an aggregated result on the entire folder
> > ...
> > My aim is to log the per-file information to a configurable log file.
>
> You could use the system logging facilities (syslog, rsyslog, ...) to
> duplicate or redirect information which they already log somewhere to
> an additional log file, or a different one. I use syslog-ng. I guess
> it's not to everyone's taste but it's quite flexible. You might need
> to script something to change the logfile name to whatever you need.
>
> There are plenty of alternatives. For example the 'find' utility:
>
> 8<----------------------------------------------------------------------
> $ find /home/ged/hexdump_formats -type f | xargs clamdscan
> /home/ged/hexdump_formats/format_16.spec_for_hexdump: OK
> /home/ged/hexdump_formats/format_64.spec_for_hexdump: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 2.825 sec (0 m 2 s)
> Start Date: 2022:02:21 09:17:23
> End Date: 2022:02:21 09:17:26
> 8<----------------------------------------------------------------------
>
> The 'find' utility can sometimes feel a bit like a cornered rat but it
> does the job well. You might need to consider how many arguments are
> passed and how they are passed; filenames with spaces etc. could be an
> issue unless you use the right 'find' and 'xargs' options. Efficiency
> can never be taken for granted but if you're running a clamd daemon at
> least you aren't reloading the database for every file scanned.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Hi there,

On Mon, 21 Feb 2022, An Schall via clamav-users wrote:

> Thanks for the response. The main reason why I use clamdscan is
> performance: I need to scan in a multi-threaded manner (in contrast to
> clamscan). I guess using 'find' will go against this aim.

It was just one suggestion. If you have a utility capable of handling
more load, then the system utilities are capable of loading it more.

> Ok, I guess this answers the questions that there is no built-in
> support for verbose logging in clamdscan.

8<----------------------------------------------------------------------
# grep Verbose /etc/mail/clamav/clamd_tcp3.conf
LogVerbose yes
8<----------------------------------------------------------------------
$ clamdscan -v hexdump_formats/
/home/ged/hexdump_formats: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.847 sec (0 m 0 s)
Start Date: 2022:02:21 10:17:34
End Date: 2022:02:21 10:17:35
8<----------------------------------------------------------------------
# tail -n20 /var/log/clamav.log
Mon Feb 21 10:17:34 2022 -> Received POLLIN|POLLHUP on fd 5
Mon Feb 21 10:17:34 2022 -> Got new connection, FD 10
Mon Feb 21 10:17:34 2022 -> Received POLLIN|POLLHUP on fd 6
Mon Feb 21 10:17:34 2022 -> fds_poll_recv: timeout after 30 seconds
Mon Feb 21 10:17:34 2022 -> Received POLLIN|POLLHUP on fd 10
Mon Feb 21 10:17:34 2022 -> got command CONTSCAN /home/ged/hexdump_formats (35, 7), argument: /home/ged/hexdump_formats
Mon Feb 21 10:17:34 2022 -> mode -> MODE_WAITREPLY
Mon Feb 21 10:17:34 2022 -> Breaking command loop, mode is no longer MODE_COMMAND
Mon Feb 21 10:17:35 2022 -> Consumed entire command
Mon Feb 21 10:17:35 2022 -> Number of file descriptors polled: 1 fds
Mon Feb 21 10:17:35 2022 -> fds_poll_recv: timeout after 9996 seconds
Mon Feb 21 10:17:35 2022 -> THRMGR: queue (single) crossed low threshold -> signaling
Mon Feb 21 10:17:35 2022 -> THRMGR: queue (bulk) crossed low threshold -> signaling
Mon Feb 21 10:17:35 2022 -> /home/ged/hexdump_formats/format_64.spec_for_hexdump: OK
Mon Feb 21 10:17:35 2022 -> /home/ged/hexdump_formats/format_16.spec_for_hexdump: OK
Mon Feb 21 10:17:35 2022 -> Finished scanthread
Mon Feb 21 10:17:35 2022 -> Scanthread: connection shut down (FD 10)
Mon Feb 21 10:17:35 2022 -> THRMGR: queue (single) crossed low threshold -> signaling
Mon Feb 21 10:17:35 2022 -> THRMGR: queue (bulk) crossed low threshold -> signaling
8<----------------------------------------------------------------------

?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Yes, I am using exactly this approach at the moment. However, I
execute clamdscan from within a custom bash script. This bash script
logs several messages to a defined log file. As part of this
information the verbose clamdscan logs should also be captured in this
log file.

With clamscan it was easy to simply pipe the verbose output to tee and
append the custom log file. Now I have to use "cat" and it seems like
this introduces some error.

Am Mo., 21. Feb. 2022 um 11:23 Uhr schrieb G.W. Haywood via
clamav-users <clamav-users@lists.clamav.net>:
>
> Hi there,
>
> On Mon, 21 Feb 2022, An Schall via clamav-users wrote:
>
> > Thanks for the response. The main reason why I use clamdscan is
> > performance: I need to scan in a multi-threaded manner (in contrast to
> > clamscan). I guess using 'find' will go against this aim.
>
> It was just one suggestion. If you have a utility capable of handling
> more load, then the system utilities are capable of loading it more.
>
> > Ok, I guess this answers the questions that there is no built-in
> > support for verbose logging in clamdscan.
>
> 8<----------------------------------------------------------------------
> # grep Verbose /etc/mail/clamav/clamd_tcp3.conf
> LogVerbose yes
> 8<----------------------------------------------------------------------
> $ clamdscan -v hexdump_formats/
> /home/ged/hexdump_formats: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.847 sec (0 m 0 s)
> Start Date: 2022:02:21 10:17:34
> End Date: 2022:02:21 10:17:35
> 8<----------------------------------------------------------------------
> # tail -n20 /var/log/clamav.log
> Mon Feb 21 10:17:34 2022 -> Received POLLIN|POLLHUP on fd 5
> Mon Feb 21 10:17:34 2022 -> Got new connection, FD 10
> Mon Feb 21 10:17:34 2022 -> Received POLLIN|POLLHUP on fd 6
> Mon Feb 21 10:17:34 2022 -> fds_poll_recv: timeout after 30 seconds
> Mon Feb 21 10:17:34 2022 -> Received POLLIN|POLLHUP on fd 10
> Mon Feb 21 10:17:34 2022 -> got command CONTSCAN /home/ged/hexdump_formats (35, 7), argument: /home/ged/hexdump_formats
> Mon Feb 21 10:17:34 2022 -> mode -> MODE_WAITREPLY
> Mon Feb 21 10:17:34 2022 -> Breaking command loop, mode is no longer MODE_COMMAND
> Mon Feb 21 10:17:35 2022 -> Consumed entire command
> Mon Feb 21 10:17:35 2022 -> Number of file descriptors polled: 1 fds
> Mon Feb 21 10:17:35 2022 -> fds_poll_recv: timeout after 9996 seconds
> Mon Feb 21 10:17:35 2022 -> THRMGR: queue (single) crossed low threshold -> signaling
> Mon Feb 21 10:17:35 2022 -> THRMGR: queue (bulk) crossed low threshold -> signaling
> Mon Feb 21 10:17:35 2022 -> /home/ged/hexdump_formats/format_64.spec_for_hexdump: OK
> Mon Feb 21 10:17:35 2022 -> /home/ged/hexdump_formats/format_16.spec_for_hexdump: OK
> Mon Feb 21 10:17:35 2022 -> Finished scanthread
> Mon Feb 21 10:17:35 2022 -> Scanthread: connection shut down (FD 10)
> Mon Feb 21 10:17:35 2022 -> THRMGR: queue (single) crossed low threshold -> signaling
> Mon Feb 21 10:17:35 2022 -> THRMGR: queue (bulk) crossed low threshold -> signaling
> 8<----------------------------------------------------------------------
>
> ?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
Hi there,

On Mon, 21 Feb 2022, An Schall via clamav-users wrote:

> Yes, I am using exactly this approach at the moment. However, I
> execute clamdscan from within a custom bash script. This bash script
> logs several messages to a defined log file. As part of this
> information the verbose clamdscan logs should also be captured in this
> log file.
>
> With clamscan it was easy to simply pipe the verbose output to tee and
> append the custom log file. Now I have to use "cat" and it seems like
> this introduces some error.

As I've already said, by design clamscan and clamdscan do produce
different information in their output streams. Having said that, I
can't imagine what "error" might be introduced by 'cat' but I'm sure
you don't have to use it. The Unix system logging facilities are very
flexible. I'd be very surprised if you could not use them to do what
you want, and if it isn't possible I'd probably wonder what on Earth
you want to do and why you want to do it. Apart from a couple of cron
jobs, even for the odd one-liner (using 'logger') I use syslog-style
logging for more or less everything. This includes logging by clamd:

8<--------------------------
# grep Syslog .../clamd.conf
LogSyslog yes
8<--------------------------

You can pipe log messages through scripts, modify them on the fly, add
system-generated flags and timestamps (or not, as you choose), filter
them in many ways, send them to multiple files and/or remote systems,
... the list goes on. Take a look, for example, at the man pages for
syslog-ng and syslog-ng.conf. However I generally don't do anything
like that for clamd, I don't feel the need. I only use ClamAV to scan
mail, and the logging and reporting that I need is handled separately
by a suite of homebrew reporting tools.

On a multi-user multi-tasking system like Linux you always need to be
aware that more than one process may need to log to any particular log
file, and this can present issues which are not present if you just
have a single process logging directly to a file to which only it has
write access. Perhaps you're facing this sort of issue?

Little of this is specific to ClamAV. I suggest that you spend some
quality time with the syslog documentation and if you still can't do
what you want then please by all means get back to us with a precise
description of what you want to do and why you think you can't do it.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan: Output detailed scan results to STDOUT or to configurable file? [ In reply to ]
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml