| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-29-2010, 08:23 AM
|
#1
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905
Rep: 
|
Locating Infected Files in Logs
I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
Code:
----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2
Data scanned: 178014.89 MB
Data read: 66031.46 MB (ratio 2.70:1)
Time: 36618.184 sec (610 m 18 s)
My question is where or how can I see what the location of the two infected files are? I looked at /var/log/clamav/freshclam.log & didn't see anything there when grep'ing for the word "infected".
Can anyone please help me understand how I can locate the directory / files that were infected?
Thanks! |
|
|
|
|
10-29-2010, 12:13 PM
|
#2
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Hi,
clamscan does not use any logs, so you can't find what the infected files were.
Next time you run clamscan in such an amount of files, you can add the "-l scan-results.txt" option, so you'll get the scan summary along with the infected files, if any.
Regards
|
|
|
1 members found this post helpful.
|
|
10-29-2010, 12:16 PM
|
#3
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Hi,
clamscan does not use any logs, so you can't find what the infected files were.
Next time you run clamscan in such an amount of files, you can add the "-l scan-results.txt" option, so you'll get the scan summary along with the infected files, if any.
Regards
|
Oh man that stinks. Thanks for the heads up. Very helpful! |
|
|
|
|
10-29-2010, 12:29 PM
|
#4
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
If you want to have virus scan logs, you should run clamd and use clamdscan for virus scanning. You can configure clamd to use its own logfile, or use syslog to write in system logs. Take a look at clamd.conf for details.
In my opinion running clamd as a daemon is only useful in case you run a mailserver and want to scan mail for viruses, because it's faster. For occasional use it's better to use clamscan.
Regards
|
|
|
|
|
10-29-2010, 01:21 PM
|
#5
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905
Original Poster
Rep:
|
I am running a mail server but never knew I could scan manually with 'clamdscan' versus 'clamscan'.
So you're saying I should continue to manually scan my mail server with 'clamscan' and let it automatically scan incoming mail itself using 'clamdscan', right?
|
|
|
|
|
10-29-2010, 01:42 PM
|
#6
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Quote:
|
So you're saying I should continue to manually scan my mail server with 'clamscan' and let it automatically scan incoming mail itself using 'clamdscan', right?
|
What I said is that you can use clamdscan vs clamscan if you want to have scan logs, but you need the clamd daemon running for this. But I don't think it's necessary running a daemon for occasional use.
Regarding mail, you have to configure your mailserver to use clamdscan to pass mail through clamd in order to check for viruses.
Regards |
|
|
|
All times are GMT -5. The time now is 11:27 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
