Locating Infected Files in Logs
 

I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:

My question is where or how can I see what the location of the two infected files are? I looked at /var/log/clamav/freshclam.log & didn't see anything there when grep'ing for the word "infected".

Can anyone please help me understand how I can locate the directory / files that were infected?

Thanks!

Hi,

clamscan does not use any logs, so you can't find what the infected files were.
Next time you run clamscan in such an amount of files, you can add the "-l scan-results.txt" option, so you'll get the scan summary along with the infected files, if any.

Regards

Oh man that stinks. Thanks for the heads up. Very helpful!

If you want to have virus scan logs, you should run clamd and use clamdscan for virus scanning. You can configure clamd to use its own logfile, or use syslog to write in system logs. Take a look at clamd.conf for details.
In my opinion running clamd as a daemon is only useful in case you run a mailserver and want to scan mail for viruses, because it's faster. For occasional use it's better to use clamscan.

Regards

I am running a mail server but never knew I could scan manually with 'clamdscan' versus 'clamscan'.

So you're saying I should continue to manually scan my mail server with 'clamscan' and let it automatically scan incoming mail itself using 'clamdscan', right?

What I said is that you can use clamdscan vs clamscan if you want to have scan logs, but you need the clamd daemon running for this. But I don't think it's necessary running a daemon for occasional use.

Regarding mail, you have to configure your mailserver to use clamdscan to pass mail through clamd in order to check for viruses.

Regards