Hi Ged, in fact, my issue is that when scanning folders recursively with clamdscan, I merely receive an aggregated result on the entire folder via STDOUT and the detailed per-file information is logged to /var/log/clamd.scan. In contrast, when scanning folders recursively with clamscan, I receive the per-file information on STDOUT directly. I tried to illustrate with the example below, listing a directory structure of directory "lynis" and then scanning it with clamdscan.
[foo@bar ~]$ ls -lst lynis/ total 304 132 -rw-r--r-- 1 root root 135100 Jul 22 2021 CHANGELOG.md 4 -rw-r--r-- 1 root root 3214 Jul 22 2021 CODE_OF_CONDUCT.md 4 -rw-r--r-- 1 root root 2709 Jul 22 2021 CONTRIBUTING.md 4 -rw-r--r-- 1 root root 2559 Jul 22 2021 CONTRIBUTORS.md 0 drwxr-xr-x 3 root root 173 Jul 22 2021 db 24 -rw-r--r-- 1 root root 21405 Jul 22 2021 default.prf 4 -rw-r--r-- 1 root root 172 Jul 22 2021 developer.prf 0 drwxr-xr-x 6 root root 171 Jul 22 2021 extras 8 -rw-r--r-- 1 root root 4489 Jul 22 2021 FAQ 4 -rw-r--r-- 1 root root 1094 Jul 22 2021 HAPPY_USERS.md 4 drwxr-xr-x 2 root root 4096 Jul 22 2021 include 4 -rw-r--r-- 1 root root 1528 Jul 22 2021 INSTALL 36 -rw-r--r-- 1 root root 35146 Jul 22 2021 LICENSE 52 -rwxr-xr-x 1 root root 51936 Jul 22 2021 lynis 8 -rw-r--r-- 1 root root 5746 Jul 22 2021 lynis.8 0 drwxr-xr-x 2 root root 50 Jul 22 2021 plugins 8 -rw-r--r-- 1 root root 4657 Jul 22 2021 README 4 -rw-r--r-- 1 root root 539 Jul 22 2021 SECURITY.md 4 -rw-r--r-- 1 root root 792 Jul 22 2021 TODO.md [foo@bar ~]$ sudo clamdscan lynis/ /home/foo/lynis: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.026 sec (0 m 0 s) Start Date: 2022:02:18 09:05:39 End Date: 2022:02:18 09:05:39 [foo@bar ~]$ sudo tail -n20 /var/log/clamd.scan Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_mail_messaging: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/consts: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_memory_processes: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_ldap: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_malware: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_crypto: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/report: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_configure: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_printers_spoolers: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_dns: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_snmp: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_shells: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_audit_dockerfile: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/helper_show: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_hardening: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_mac_frameworks: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_firewalls: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_nameservices: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_boot_services: OK Fri Feb 18 09:05:39 2022 -> /home/foo/lynis/include/tests_kernel: OK My aim is to log the per-file information to a configurable log file. Maybe my undertaking becomes a bit clearer now. Thanks Am Do., 17. Feb. 2022 um 18:17 Uhr schrieb Paul Kosinski via clamav-users <clamav-users@lists.clamav.net>: > > On Thu, 17 Feb 2022 14:08:45 +0100 > An Schall via clamav-users <clamav-users@lists.clamav.net> wrote: > > > When using clamdscan, I would like to have verbose output logged to a > > file. Specifically, the timestamp, file path and file name as well as > > the scan results should be logged to a specified file. > > > > In comparison, clamscan outputs this information to STDOUT per default > > and I could simply pipe it to "tee -a $LOG_FILE". > > > > Unfortunately, clamdscan does not output this information but logs > > this kind of information to /var/log/clamd.scan. However, given that I > > would like to use it within a script, I would like to log this kind of > > output to a configurable file. > > > > While there is a -L switch, it does not include such detailed > > information (only the summary). Also, there seems to be a --stdout > > switch but it seems it does not help either. > > > > How can I get verbose information from /var/log/clamd.scan to a > > configurable file in the first place? > > > > Thanks in advance! > > > Just off the top of my head, maybe a symlink, or, if you have to make it > dynamic (e.g., for each clamdscan execution), a pipe/FIFO to a listener > process? I've never tried this with clamd, so details would need to be filled > in (and it might not even be practical). > > You still would be limited to what clamd is willing to report, of course. > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
