LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-08-2017, 04:22 PM   #16
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009

The ./ means "the current directory". The - means "direct the output to the screen".
 
Old 07-08-2017, 05:26 PM   #17
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917
Quote:
Originally Posted by AwesomeMachine View Post
The ./ means "the current directory". The - means "direct the output to the screen".
Does clamscan - not mean "scan the data stream received from stdin (standard input), in this case the output from the previous command dd if=./file" ?
 
Old 07-08-2017, 09:27 PM   #18
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
Yes, hydrurga, that is what it means.
 
Old 07-08-2017, 09:28 PM   #19
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
It's correct.

Quote:
Originally Posted by Rosika View Post
I was tempted to type
Code:
dd if=/home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3 | clamscan -
but I´m not sure whether that´s correct.
It's correct.
 
Old 07-09-2017, 05:55 AM   #20
Rosika
Member
 
Registered: Apr 2017
Distribution: Lubuntu 64 bit
Posts: 278

Original Poster
Rep: Reputation: Disabled
Thanks a lot for the information. I´m always glad if I can improve my knowledge.

As far as the command
Code:
dd if=/home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3 | clamscan -
is concerned I can say the command itself worked alright.
But: alas, the mp.3-file wasn´t scanned again.
Here´s the output:

Code:
126592+1 Datensätze ein
126592+1 Datensätze aus
64815503 bytes (65 MB, 62 MiB) copied, 10,9642 s, 5,9 MB/s
stdin: OK

----------- SCAN SUMMARY -----------
Known viruses: 6299938
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 61.81 MB (ratio 0.00:1)
Time: 11.596 sec (0 m 11 s)
It´s a real shame but it seems clamscan has its diffculties wit mp3-files.

Anyway thank you so much for your help.

Rosika
 
Old 07-10-2017, 07:31 AM   #21
Rosika
Member
 
Registered: Apr 2017
Distribution: Lubuntu 64 bit
Posts: 278

Original Poster
Rep: Reputation: Disabled
Hi again,

in the meantime I created an account for the clamav-mailing-list and posted my question there.

One member came up with this idea:

Code:
 Try compressing the file with gzip first: 
cat file | gzip | clamscan -
So for me:
Code:
cat wdr3hoerspiel_2016-12-21_sherlockholmesunddasgeheimnisdesweissenbandesteil1_wdr3.mp3 | gzip | clamscan -
This didn´t work either, probably because of filesize-limitations. But I thought: one step in the right direction.

So I typed:
Code:
cat wdr3hoerspiel_2016-12-21_sherlockholmesunddasgeheimnisdesweissenbandesteil1_wdr3.mp3 | gzip | clamscan --max-filesize=1000M --max-scansize=1000M -
And this one really worked:
Code:
stdin: OK

----------- SCAN SUMMARY -----------
Known viruses: 6299998
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 60.95 MB
Data read: 60.38 MB (ratio 1.01:1)
Time: 15.140 sec (0 m 15 s)
So there it is finally: a workaround that really seems to work.
Perhaps this might be of help to others well.

So thanks again for all the help of yours.

Greetings.
Rosika
 
Old 07-10-2017, 07:58 AM   #22
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917Reputation: 2917
Hey Rosika.

Good on you for chasing this up on the mailing list.

It's an interesting solution but my inquiring mind would still want to know why clamscan can't cope with mp3's natively without this workaround. Do they consider mp3's to be harmless as regards viral infection?

One drawback of the solution is that it's only applicable to one-off scans of single files. You can't be expected to gzip all your mp3 files for clamscan to scan them on a general scan.

Cisco Talos (https://www.talosintelligence.com/about) are the "owners" of clamav. Perhaps they might be able to answer the question if anyone in the future is reading this thread and wants to take it further.
 
Old 07-10-2017, 12:39 PM   #23
Rosika
Member
 
Registered: Apr 2017
Distribution: Lubuntu 64 bit
Posts: 278

Original Poster
Rep: Reputation: Disabled
Hi hydrurga,

Quote:
It's an interesting solution but my inquiring mind would still want to know why clamscan can't cope with mp3's natively without this workaround.
Yes, that´s exactly what I was wondering.
Anyway - even if I have to scan mp3-files one by one this should be a functional solution.
I mean normally I get hold of a single mp3-file and after a certain period of time the next one .... and so on.

Basically I´m glad we´ve found a method which works.

Thanks and greetings.
Rosika
 
Old 07-10-2017, 04:45 PM   #24
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
I forgot! There is a white list for types of files not to scan. You can probably get to it in the GUI.
 
Old 07-11-2017, 06:52 AM   #25
Rosika
Member
 
Registered: Apr 2017
Distribution: Lubuntu 64 bit
Posts: 278

Original Poster
Rep: Reputation: Disabled
Hi,

when referring to the GUI do you mean ClamTK?
Well, I looked at it but the only thing that comes close to a whitelist is "exceptions".
But this is user-defined. I can mark files or folders for being exempt from scanning.

The whiltelist-approach is a good idea though but I´m really not sure where to look for it.

Greetings.
Rosika
 
Old 07-11-2017, 10:11 PM   #26
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,424

Rep: Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054
Quote:
Originally Posted by Rosika View Post
Hi,

when referring to the GUI do you mean ClamTK?
Well, I looked at it but the only thing that comes close to a whitelist is "exceptions".
But this is user-defined. I can mark files or folders for being exempt from scanning.

The whiltelist-approach is a good idea though but I´m really not sure where to look for it.

Greetings.
Rosika
The system-wide whitelist is in /etc/mail/spamassassin/local.cf - although it doesn't appear to contain extension-based exceptions.

Quote:
Originally Posted by hydrurga View Post
Cisco Talos (https://www.talosintelligence.com/about) are the "owners" of clamav. Perhaps they might be able to answer the question if anyone in the future is reading this thread and wants to take it further.
I always go to http://www.clamav.net/ for details about the software. I think it's the same people, tho.
 
Old 07-12-2017, 07:22 AM   #27
Rosika
Member
 
Registered: Apr 2017
Distribution: Lubuntu 64 bit
Posts: 278

Original Poster
Rep: Reputation: Disabled
Hi Sean,

thanks for the hint. Yet /etc/mail/spamassassin/local.cf doesn´t seem to exist on my system.

Greetings.
Rosika
 
  


Reply

Tags
clamscan


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on "qscan" (used by "qpxtool" for scanning DVD/CD burn quality) haertig Linux - Software 1 02-10-2013 07:16 PM
ls files "larger than" a filename eulaersi Linux - General 4 11-06-2012 02:01 PM
PHP: Some problem with the exec to execute the "clamscan" jrhau520 Programming 5 06-01-2011 03:01 AM
How can I know which of my files is infected after scanning with clamscan? glore2002 Slackware 3 09-25-2008 11:03 AM
"X-MS" cant open because "x-Multimedia System" cant access files at "smb&qu ponchy5 Linux - Networking 0 03-29-2004 11:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration