Re: [clamav-users] Scanning result in socket connection for each file under a folder?
I don't think it's possible unless you send each file to be scanned instead of
scanning the directory. clamd only sends back FOUND for files, or else OK for
the directory.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: clamav-users on behalf of Jorge
Elissalde via clamav-users
Sent: Tuesday, January 10, 2023 10:24 AM
To: newcome...@posteo.de ; ClamAV users ML
Cc: Jorge Elissalde
Subject: Re: [clamav-users] Scanning result in socket connection for each file
under a folder?
Hi,
I'm trying to avoid log reading.
What I wish to have is the scanning status sent back for every scanned file
using the clamd socket connection; the same socket I've used to send the SCAN
[folder] command.
Thanks
Jorge
El mar, 10 ene 2023 a las 15:14, newcomer01 via clamav-users
(mailto:clamav-users@lists.clamav.net>>)
escribió:
you can do tis on a similar way:
> #!/bin/sh
> #
> # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
> #
> # report on which clamav signatures have matched, and how many times
> # each have matched from the latest maillog file (or the file(s) named
> # as argument(s).
>
> PATH=/usr/local/bin:/usr/bin:/bin
> #
> IFS="
> "
> export PATH;
> export IFS;
> umask 022
>
> # if we have no arguments, we'll default to the current maillog file;
> # else the arguments are the list;
> if [ "$*" ]; then
> MAILLOG=$*
> else
> MAILLOG="/var/log/maillog"
> fi
>
> # That's it ...
> grep -w FOUND ${MAILLOG} |\
> awk '{print $(NF-1)}' |\
> sort -h |\
> uniq -c |\
> sort -rh |\
> awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
Von / From: Clamav User Mailinglist
<mailto:clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
An / To: Newcomer01 <mailto:newcome...@posteo.de<mailto:newcome...@posteo.de>>
CC / CC: Jorge Elissalde
<mailto:elissalde....@gmail.com<mailto:elissalde@gmail.com>>
Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
Betreff / Subject: [clamav-users] Scanning result in socket connection for each
file under a folder?
> Hi,
>
> When I scan a folder using socket connection to clamd (SCAN [folder]) I don't
> get an individual result for each file in the connection.
> For example, if I send to scan the folder c:\testme, I will get (if
> everything goes ok) only the line: c:\testme: OK
> Individual files scanned and result are stored in the log file, like this one:
>
> LOG> c:\testme\file1: OK
> LOG> c:\testme\file2: OK
> SOCKET> c:\testme: OK
>
> Is there a chance to get every individual scanned file result also reported
> in the socket connection?
>
> Thank you
>
> Jorge
>
> ___
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Scanning result in socket connection for each file under a folder?
Hi,
I'm trying to avoid log reading.
What I wish to have is the scanning status sent back for every scanned file
using the clamd socket connection; the same socket I've used to send the
SCAN [folder] command.
Thanks
Jorge
El mar, 10 ene 2023 a las 15:14, newcomer01 via clamav-users (<
clamav-users@lists.clamav.net>) escribió:
> you can do tis on a similar way:
>
> > #!/bin/sh
> > #
> > # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain
> Robitaille
> > #
> > # report on which clamav signatures have matched, and how many times
> > # each have matched from the latest maillog file (or the file(s)
> named
> > # as argument(s).
> >
> > PATH=/usr/local/bin:/usr/bin:/bin
> > #
> > IFS="
> > "
> > export PATH;
> > export IFS;
> > umask 022
> >
> > # if we have no arguments, we'll default to the current maillog
> file;
> > # else the arguments are the list;
> > if [ "$*" ]; then
> > MAILLOG=$*
> > else
> > MAILLOG="/var/log/maillog"
> > fi
> >
> > # That's it ...
> > grep -w FOUND ${MAILLOG} |\
> > awk '{print $(NF-1)}' |\
> > sort -h |\
> > uniq -c |\
> > sort -rh |\
> > awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
>
>
>
> Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> CC / CC: Jorge Elissalde <mailto:elissalde@gmail.com>
> Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
> Betreff / Subject: [clamav-users] Scanning result in socket connection for
> each file under a folder?
> > Hi,
> >
> > When I scan a folder using socket connection to clamd (SCAN [folder]) I
> don't get an individual result for each file in the connection.
> > For example, if I send to scan the folder c:\testme, I will get (if
> everything goes ok) only the line: c:\testme: OK
> > Individual files scanned and result are stored in the log file, like
> this one:
> >
> > LOG> c:\testme\file1: OK
> > LOG> c:\testme\file2: OK
> > SOCKET> c:\testme: OK
> >
> > Is there a chance to get every individual scanned file result also
> reported in the socket connection?
> >
> > Thank you
> >
> > Jorge
> >
> > ___
> >
> > Manage your clamav-users mailing list subscription / unsubscribe:
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/Cisco-Talos/clamav-documentation
> >
> > https://docs.clamav.net/#mailing-lists-and-chat
>
> ___
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Scanning result in socket connection for each file under a folder?
you can do tis on a similar way:
#!/bin/sh
#
# @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
#
# report on which clamav signatures have matched, and how many times
# each have matched from the latest maillog file (or the file(s) named
# as argument(s).
PATH=/usr/local/bin:/usr/bin:/bin
#
IFS="
"
export PATH;
export IFS;
umask 022
# if we have no arguments, we'll default to the current maillog file;
# else the arguments are the list;
if [ "$*" ]; then
MAILLOG=$*
else
MAILLOG="/var/log/maillog"
fi
# That's it ...
grep -w FOUND ${MAILLOG} |\
awk '{print $(NF-1)}' |\
sort -h |\
uniq -c |\
sort -rh |\
awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Jorge Elissalde <mailto:elissalde@gmail.com>
Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
Betreff / Subject: [clamav-users] Scanning result in socket connection for each
file under a folder?
Hi,
When I scan a folder using socket connection to clamd (SCAN [folder]) I don't
get an individual result for each file in the connection.
For example, if I send to scan the folder c:\testme, I will get (if everything
goes ok) only the line: c:\testme: OK
Individual files scanned and result are stored in the log file, like this one:
LOG> c:\testme\file1: OK
LOG> c:\testme\file2: OK
SOCKET> c:\testme: OK
Is there a chance to get every individual scanned file result also reported in
the socket connection?
Thank you
Jorge
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Scanning result in socket connection for each file under a folder?
Hi, When I scan a folder using socket connection to clamd (SCAN [folder]) I don't get an individual result for each file in the connection. For example, if I send to scan the folder c:\testme, I will get (if everything goes ok) only the line: c:\testme: OK Individual files scanned and result are stored in the log file, like this one: LOG> c:\testme\file1: OK LOG> c:\testme\file2: OK SOCKET> c:\testme: OK Is there a chance to get every individual scanned file result also reported in the socket connection? Thank you Jorge ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
