Hi,
If I use INSTREAM (which I already use for other scanning task) I need to
open every file manually and send the contents to clamd.
This is a recursive scanning with about 5000 files.
Using INSTREAM is slower than the performance I get using MULTISCAN.
Thank you
El lun, 14 mar 2022 a las 10:35, G.W. Haywood via clamav-users (<
clamav-users@lists.clamav.net>) escribió:
> Hi there,
>
> On Mon, 14 Mar 2022, Jorge Elissalde via clamav-users wrote:
>
> > I'm trying to get the scanning "file OK" result in the socket connection
> > when scanning multiple files using SCAN/CONTSCAN/MULTISCAN commands.
> >
> > The command is: nSCAN c:\folder\n
> > (same for CONTSCAN and MULTISCAN)
> >
> > Scanning works fine, several files are recursively scanned.
> > The lines I receive from clamd in the *socket connection are only
> > detections and errors*.
> > The "file OK" resulting lines are logged to the log file (clamav.log),
> > that's fine, but I need them in the socket connection.
> > Is there a way to get these lines in the socket connection?
>
> Use the INSTREAM command.
>
> 8<----------------------------------------------------------------------
> #!/usr/bin/perl
> # Send a file to clamd.
> # usage: tempscan.pl <filename>
> # Change IP address and port number to suit your clamd setup.
> use strict;
> use IO::Socket;
> use File::Slurp;
> my $peer_addr = 'xxx.xxx.xxx.xxx';
> my $peer_port = 'xxxx';
> my $filename = $ARGV[0];
> printf( "filename=[$filename]\n" );
> my $clam1;
> if( ! ($clam1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
> $peer_addr, PeerPort => $peer_port )))
> {
> printf( 'Failed to connect to ClamAV daemon on [%s:%s]', $peer_addr,
> $peer_port );
> exit;
> }
> my $remaining = read_file( $filename );
> my $part_length = length($remaining);
> print $clam1 "nINSTREAM\n";
> while( $remaining ) # Send in chunks,
> maximum 65535 bytes per chunk.
> {
> my $chunk = substr( $remaining, 0, 65_535, '' ) ;
> my $chunk_length = pack( 'N', length( $chunk ) );
> print( $clam1 $chunk_length . $chunk );
> printf( "Sent [%d] bytes to clamd...\n", length($chunk) );
> }
> my $terminator = pack( 'N', 0 );
> print $clam1 $terminator,"\n"; # The terminating
> null for the data.
> my $reply_timeout = 10_000;
> my $reply = '';
> while( !$reply && $reply_timeout )
> {
> if( ! ($reply = <$clam1>) )
> {
> usleep(1_000_000);
> $reply_timeout--;
> if( ! $reply_timeout )
> {
> print( "TIMEOUT waiting for response from clamd\n" );
> $reply = 'TIMEOUT';
> }
> }
> }
> close $clam1;
> chomp $reply;
> print "REPLY IS [$reply]\n";
> 8<----------------------------------------------------------------------
>
> $ ./tempscan.pl piece_5-a949de
> filename=[piece_5-a949de]
> Sent [65535] bytes to clamd...
> Sent [12583] bytes to clamd...
> REPLY IS [stream: OK]
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
