Hi Ged,
in fact, my issue is that when scanning folders recursively with
clamdscan, I merely receive an aggregated result on the entire folder
via STDOUT and the detailed per-file information is logged to
/var/log/clamd.scan. In contrast, when scanning folders recursively
with clamscan, I receive the per-file information on STDOUT directly.
I tried to illustrate with the example below, listing a directory
structure of directory "lynis" and then scanning it with clamdscan.
[foo@bar ~]$ ls -lst lynis/
total 304
132 -rw-r--r-- 1 root root 135100 Jul 22 2021 CHANGELOG.md
4 -rw-r--r-- 1 root root 3214 Jul 22 2021 CODE_OF_CONDUCT.md
4 -rw-r--r-- 1 root root 2709 Jul 22 2021 CONTRIBUTING.md
4 -rw-r--r-- 1 root root 2559 Jul 22 2021 CONTRIBUTORS.md
0 drwxr-xr-x 3 root root 173 Jul 22 2021 db
24 -rw-r--r-- 1 root root 21405 Jul 22 2021 default.prf
4 -rw-r--r-- 1 root root 172 Jul 22 2021 developer.prf
0 drwxr-xr-x 6 root root 171 Jul 22 2021 extras
8 -rw-r--r-- 1 root root 4489 Jul 22 2021 FAQ
4 -rw-r--r-- 1 root root 1094 Jul 22 2021 HAPPY_USERS.md
4 drwxr-xr-x 2 root root 4096 Jul 22 2021 include
4 -rw-r--r-- 1 root root 1528 Jul 22 2021 INSTALL
36 -rw-r--r-- 1 root root 35146 Jul 22 2021 LICENSE
52 -rwxr-xr-x 1 root root 51936 Jul 22 2021 lynis
8 -rw-r--r-- 1 root root 5746 Jul 22 2021 lynis.8
0 drwxr-xr-x 2 root root 50 Jul 22 2021 plugins
8 -rw-r--r-- 1 root root 4657 Jul 22 2021 README
4 -rw-r--r-- 1 root root 539 Jul 22 2021 SECURITY.md
4 -rw-r--r-- 1 root root 792 Jul 22 2021 TODO.md
[foo@bar ~]$ sudo clamdscan lynis/
/home/foo/lynis: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.026 sec (0 m 0 s)
Start Date: 2022:02:18 09:05:39
End Date: 2022:02:18 09:05:39
[foo@bar ~]$ sudo tail -n20 /var/log/clamd.scan
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_mail_messaging: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/consts: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_memory_processes: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_ldap: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_malware: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_crypto: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/report: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_configure: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_printers_spoolers: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_dns: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_snmp: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_shells: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_audit_dockerfile: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_show: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_hardening: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_mac_frameworks: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_firewalls: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_nameservices: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_boot_services: OK
Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_kernel: OK
My aim is to log the per-file information to a configurable log file.
Maybe my undertaking becomes a bit clearer now.
Thanks
Am Do., 17. Feb. 2022 um 18:17 Uhr schrieb Paul Kosinski via
clamav-users <clamav-users@lists.clamav.net>:
>
> On Thu, 17 Feb 2022 14:08:45 +0100
> An Schall via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> > When using clamdscan, I would like to have verbose output logged to a
> > file. Specifically, the timestamp, file path and file name as well as
> > the scan results should be logged to a specified file.
> >
> > In comparison, clamscan outputs this information to STDOUT per default
> > and I could simply pipe it to "tee -a $LOG_FILE".
> >
> > Unfortunately, clamdscan does not output this information but logs
> > this kind of information to /var/log/clamd.scan. However, given that I
> > would like to use it within a script, I would like to log this kind of
> > output to a configurable file.
> >
> > While there is a -L switch, it does not include such detailed
> > information (only the summary). Also, there seems to be a --stdout
> > switch but it seems it does not help either.
> >
> > How can I get verbose information from /var/log/clamd.scan to a
> > configurable file in the first place?
> >
> > Thanks in advance!
>
>
> Just off the top of my head, maybe a symlink, or, if you have to make it dynamic (e.g., for each clamdscan execution), a pipe/FIFO to a listener process? I've never tried this with clamd, so details would need to be filled in (and it might not even be practical).
>
> You still would be limited to what clamd is willing to report, of course.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml