LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-29-2010, 08:23 AM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 77
Locating Infected Files in Logs


I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:

Code:
----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2
Data scanned: 178014.89 MB
Data read: 66031.46 MB (ratio 2.70:1)
Time: 36618.184 sec (610 m 18 s)
My question is where or how can I see what the location of the two infected files are? I looked at /var/log/clamav/freshclam.log & didn't see anything there when grep'ing for the word "infected".

Can anyone please help me understand how I can locate the directory / files that were infected?

Thanks!
 
Old 10-29-2010, 12:13 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,196

Rep: Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676
Hi,

clamscan does not use any logs, so you can't find what the infected files were.
Next time you run clamscan in such an amount of files, you can add the "-l scan-results.txt" option, so you'll get the scan summary along with the infected files, if any.

Regards
 
1 members found this post helpful.
Old 10-29-2010, 12:16 PM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 77
Quote:
Originally Posted by bathory View Post
Hi,

clamscan does not use any logs, so you can't find what the infected files were.
Next time you run clamscan in such an amount of files, you can add the "-l scan-results.txt" option, so you'll get the scan summary along with the infected files, if any.

Regards
Oh man that stinks. Thanks for the heads up. Very helpful!
 
Old 10-29-2010, 12:29 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,196

Rep: Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676
If you want to have virus scan logs, you should run clamd and use clamdscan for virus scanning. You can configure clamd to use its own logfile, or use syslog to write in system logs. Take a look at clamd.conf for details.
In my opinion running clamd as a daemon is only useful in case you run a mailserver and want to scan mail for viruses, because it's faster. For occasional use it's better to use clamscan.

Regards
 
Old 10-29-2010, 01:21 PM   #5
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 77
I am running a mail server but never knew I could scan manually with 'clamdscan' versus 'clamscan'.

So you're saying I should continue to manually scan my mail server with 'clamscan' and let it automatically scan incoming mail itself using 'clamdscan', right?
 
Old 10-29-2010, 01:42 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,196

Rep: Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676Reputation: 1676
Quote:
So you're saying I should continue to manually scan my mail server with 'clamscan' and let it automatically scan incoming mail itself using 'clamdscan', right?
What I said is that you can use clamdscan vs clamscan if you want to have scan logs, but you need the clamd daemon running for this. But I don't think it's necessary running a daemon for occasional use.

Regarding mail, you have to configure your mailserver to use clamdscan to pass mail through clamd in order to check for viruses.

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible for media files such as ogg mp3 avi files to be infected with a virus? christianunix Linux - Newbie 1 03-21-2009 05:15 AM
How can I know which of my files is infected after scanning with clamscan? glore2002 Slackware 3 09-25-2008 11:03 AM
Why don't search ClamAV infected files dawidson Linux - Newbie 2 11-24-2005 12:03 PM
clamav: infected files provkitir Linux - Security 2 12-20-2004 01:19 AM
1st ClamAV scan.. 48 files infected... What??!! sh1ft Linux - Security 2 06-29-2004 10:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration