Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] SCAN folder does not send OK result via socket?
clamav-users at lists
Mar 14, 2022, 5:58 AM
Post #1 of 5 (533 views)
Permalink
Hi,

I'm trying to get the scanning "file OK" result in the socket connection
when scanning multiple files using SCAN/CONTSCAN/MULTISCAN commands.

The command is: nSCAN c:\folder\n
(same for CONTSCAN and MULTISCAN)

Scanning works fine, several files are recursively scanned.
The lines I receive from clamd in the *socket connection are only
detections and errors*.
The "file OK" resulting lines are logged to the log file (clamav.log),
that's fine, but I need them in the socket connection.
Is there a way to get these lines in the socket connection?

Thank you very much!

Jorge
Re: [clamav-users] SCAN folder does not send OK result via socket? [ In reply to ]
clamav-users at lists
Mar 14, 2022, 6:34 AM
Post #2 of 5 (533 views)
Permalink
Hi there,

On Mon, 14 Mar 2022, Jorge Elissalde via clamav-users wrote:

> I'm trying to get the scanning "file OK" result in the socket connection
> when scanning multiple files using SCAN/CONTSCAN/MULTISCAN commands.
>
> The command is: nSCAN c:\folder\n
> (same for CONTSCAN and MULTISCAN)
>
> Scanning works fine, several files are recursively scanned.
> The lines I receive from clamd in the *socket connection are only
> detections and errors*.
> The "file OK" resulting lines are logged to the log file (clamav.log),
> that's fine, but I need them in the socket connection.
> Is there a way to get these lines in the socket connection?

Use the INSTREAM command.

8<----------------------------------------------------------------------
#!/usr/bin/perl
# Send a file to clamd.
# usage: tempscan.pl <filename>
# Change IP address and port number to suit your clamd setup.
use strict;
use IO::Socket;
use File::Slurp;
my $peer_addr = 'xxx.xxx.xxx.xxx';
my $peer_port = 'xxxx';
my $filename = $ARGV[0];
printf( "filename=[$filename]\n" );
my $clam1;
if( ! ($clam1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $peer_addr, PeerPort => $peer_port )))
{
printf( 'Failed to connect to ClamAV daemon on [%s:%s]', $peer_addr, $peer_port );
exit;
}
my $remaining = read_file( $filename );
my $part_length = length($remaining);
print $clam1 "nINSTREAM\n";
while( $remaining ) # Send in chunks, maximum 65535 bytes per chunk.
{
my $chunk = substr( $remaining, 0, 65_535, '' ) ;
my $chunk_length = pack( 'N', length( $chunk ) );
print( $clam1 $chunk_length . $chunk );
printf( "Sent [%d] bytes to clamd...\n", length($chunk) );
}
my $terminator = pack( 'N', 0 );
print $clam1 $terminator,"\n"; # The terminating null for the data.
my $reply_timeout = 10_000;
my $reply = '';
while( !$reply && $reply_timeout )
{
if( ! ($reply = <$clam1>) )
{
usleep(1_000_000);
$reply_timeout--;
if( ! $reply_timeout )
{
print( "TIMEOUT waiting for response from clamd\n" );
$reply = 'TIMEOUT';
}
}
}
close $clam1;
chomp $reply;
print "REPLY IS [$reply]\n";
8<----------------------------------------------------------------------

$ ./tempscan.pl piece_5-a949de
filename=[piece_5-a949de]
Sent [65535] bytes to clamd...
Sent [12583] bytes to clamd...
REPLY IS [stream: OK]

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] SCAN folder does not send OK result via socket? [ In reply to ]
clamav-users at lists
Mar 14, 2022, 6:39 AM
Post #3 of 5 (533 views)
Permalink
Hi,

If I use INSTREAM (which I already use for other scanning task) I need to
open every file manually and send the contents to clamd.
This is a recursive scanning with about 5000 files.
Using INSTREAM is slower than the performance I get using MULTISCAN.

Thank you


El lun, 14 mar 2022 a las 10:35, G.W. Haywood via clamav-users (<
clamav-users@lists.clamav.net>) escribió:

> Hi there,
>
> On Mon, 14 Mar 2022, Jorge Elissalde via clamav-users wrote:
>
> > I'm trying to get the scanning "file OK" result in the socket connection
> > when scanning multiple files using SCAN/CONTSCAN/MULTISCAN commands.
> >
> > The command is: nSCAN c:\folder\n
> > (same for CONTSCAN and MULTISCAN)
> >
> > Scanning works fine, several files are recursively scanned.
> > The lines I receive from clamd in the *socket connection are only
> > detections and errors*.
> > The "file OK" resulting lines are logged to the log file (clamav.log),
> > that's fine, but I need them in the socket connection.
> > Is there a way to get these lines in the socket connection?
>
> Use the INSTREAM command.
>
> 8<----------------------------------------------------------------------
> #!/usr/bin/perl
> # Send a file to clamd.
> # usage: tempscan.pl <filename>
> # Change IP address and port number to suit your clamd setup.
> use strict;
> use IO::Socket;
> use File::Slurp;
> my $peer_addr = 'xxx.xxx.xxx.xxx';
> my $peer_port = 'xxxx';
> my $filename = $ARGV[0];
> printf( "filename=[$filename]\n" );
> my $clam1;
> if( ! ($clam1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
> $peer_addr, PeerPort => $peer_port )))
> {
> printf( 'Failed to connect to ClamAV daemon on [%s:%s]', $peer_addr,
> $peer_port );
> exit;
> }
> my $remaining = read_file( $filename );
> my $part_length = length($remaining);
> print $clam1 "nINSTREAM\n";
> while( $remaining ) # Send in chunks,
> maximum 65535 bytes per chunk.
> {
> my $chunk = substr( $remaining, 0, 65_535, '' ) ;
> my $chunk_length = pack( 'N', length( $chunk ) );
> print( $clam1 $chunk_length . $chunk );
> printf( "Sent [%d] bytes to clamd...\n", length($chunk) );
> }
> my $terminator = pack( 'N', 0 );
> print $clam1 $terminator,"\n"; # The terminating
> null for the data.
> my $reply_timeout = 10_000;
> my $reply = '';
> while( !$reply && $reply_timeout )
> {
> if( ! ($reply = <$clam1>) )
> {
> usleep(1_000_000);
> $reply_timeout--;
> if( ! $reply_timeout )
> {
> print( "TIMEOUT waiting for response from clamd\n" );
> $reply = 'TIMEOUT';
> }
> }
> }
> close $clam1;
> chomp $reply;
> print "REPLY IS [$reply]\n";
> 8<----------------------------------------------------------------------
>
> $ ./tempscan.pl piece_5-a949de
> filename=[piece_5-a949de]
> Sent [65535] bytes to clamd...
> Sent [12583] bytes to clamd...
> REPLY IS [stream: OK]
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] SCAN folder does not send OK result via socket? [ In reply to ]
clamav-users at lists
Mar 14, 2022, 9:47 AM
Post #4 of 5 (531 views)
Permalink
Hello again,

On Mon, 14 Mar 2022, Jorge Elissalde via clamav-users wrote:

> If I use INSTREAM (which I already use for other scanning task) I need to
> open every file manually and send the contents to clamd.
> This is a recursive scanning with about 5000 files.
> Using INSTREAM is slower than the performance I get using MULTISCAN.

You need to be more specific about your requirements. :)

Maybe what you're looking for is IDSESSION?

I've never used it I'm afraid so I don't have a test harness for you.

Perhaps you can modify what you have and let us see it, I'm sure it
would be very useful.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] SCAN folder does not send OK result via socket? [ In reply to ]
clamav-users at lists
Mar 14, 2022, 10:16 AM
Post #5 of 5 (531 views)
Permalink
The whole message is:


Hi,

I'm trying to get the scanning "file OK" result in the socket connection
when scanning multiple files using SCAN/CONTSCAN/MULTISCAN commands.

The command is: nSCAN c:\folder\n
(same for CONTSCAN and MULTISCAN)

Scanning works fine, several files are recursively scanned.
The lines I receive from clamd in the socket connection are only detections
and errors.
The "file OK" resulting lines are logged to the log file (clamav.log),
that's fine, but I need them in the socket connection.
Is there a way to get these lines in the socket connection?

Thank you very much!

Jorge




El lun, 14 mar 2022 a las 13:48, G.W. Haywood via clamav-users (<
clamav-users@lists.clamav.net>) escribió:

> Hello again,
>
> On Mon, 14 Mar 2022, Jorge Elissalde via clamav-users wrote:
>
> > If I use INSTREAM (which I already use for other scanning task) I need to
> > open every file manually and send the contents to clamd.
> > This is a recursive scanning with about 5000 files.
> > Using INSTREAM is slower than the performance I get using MULTISCAN.
>
> You need to be more specific about your requirements. :)
>
> Maybe what you're looking for is IDSESSION?
>
> I've never used it I'm afraid so I don't have a test harness for you.
>
> Perhaps you can modify what you have and let us see it, I'm sure it
> would be very useful.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal