I Was running like this: clamdscan /home/ --infected --multiscan --fdpass After some testing I noticed that if I remove the --fdpass the filepath is correctly logged
Thu Sep 19 18:27:22 2019 -> /home/test/eicar.txt: Eicar-Test-Signature(69630e4574ec6798239b091cda43dca0:69) FOUND I really don't understand why, even reading the description on the --fdpass to me doesn't seam to indicate the the filepath will not be logged, could be a bug or is it expected? Thank you G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> escreveu no dia quinta, 19/09/2019 à(s) 18:24: > Hi there, > > On Thu, 19 Sep 2019, Jorge Martins wrote: > > > I have ClamAV Daemon installed, and if clamdscan detects something I get > an > > entry log on the /var/log/clamav/clamav.log file, but that entry does not > > identify the infected file, it only shows something like this: > > > > Thu Sep 19 16:42:24 2019 -> fd[12]: > > Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND > > > > Is it possible to make it show the filepath of the infected file? > > There are two tools. One is clamd, which is a daemon and once started > it sits there waiting to be told what to scan. If nothing tells it to > scan something, it does nothing. The other is clamdscan. It doesn't > know how to scan anything, but it can climb around your directory tree > looking for files and it can pass pointers to the files to the clamd > daemon (this tells the daemon to scan them) and await clamd's replies. > There are other ways of scanning files, it's all in the documentation. > > You are asking for clamdscan to do what it normally does. You seem to > have given an example of something else (of what clamd does when it is > scanning a stream of data sent to the socket on which it is listening). > This is for example what happens when you use clamav-milter to scan > incoming mail; the incoming message is passed to the clamd daemon on > its socket. When clamd scans a stream of data there is no file name, > it's just a stream of data, so clamd can't give you any name. On the > other hand clamdscan knows the names of the files which it passes to > clamd to scan; when clamd tells clamdscan a file matches a signature, > clamdscan can tell you which file it was, and which signature. > > Here's the command I gave to scan a directory full of spam emails this > morning: > > $ clamdscan /var/lib/SUBMISSIONS/messages > > Here's the result in the log - some of the emails were flagged. I've > edited it for brevity but you can see the pathnames and signature IDs. > The paths are in /var/ and the filenames are all Sendmail message IDs. > > 8<---------------------------------------------------------------------- > Sep 19 10:01:09 clamd[4665]: /var/.../x8EGYHK0009933: 58172 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8HABuOb007396: 58175 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8EIlecT023326: 58171 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8FAjoDx020771: 27775 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8GFcxQs001950: 58174 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8H6Z8UR026649: 58170 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8GJbwD8019380: 27774 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8HE4bQf007238: 58173 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8HHfcPh021663: 58169 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8HN3mEf025577: 58167 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8I1Avox028331: 58168 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8I98tXw019474: 5eb86d FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8I9N3iW025511: 4810c4 FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8I9QUY9025837: 5eb86d FOUND > Sep 19 10:01:09 clamd[4665]: /var/.../x8IA3Zpb004800: 5eb86d FOUND > 8<---------------------------------------------------------------------- > > Exactly how are you telling clamd/clamdscan to scan the files? > It might also be useful to see your clamd.conf. > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Com os melhores cumprimentos Jorge Martins - WeMake, Tecnologias de Informação, Lda. Tel. 223744827 Tel. 932942004
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
