Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Virus Event ?

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


nathan at cmpublishers

Nov 5, 2009, 12:14 PM

Post #1 of 8 (1226 views)
Permalink
Virus Event ?
Besides the Virus Name %v

Are there any other details from the running scanner that can be
exported to a VirusEvent Script?

Thanks

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Attachments: signature.asc (0.19 KB)


dtvo2005 at gmail

Nov 5, 2009, 12:16 PM

Post #2 of 8 (1167 views)
Permalink
Re: Virus Event ? [In reply to]
Please take me off this list.



On Thu, Nov 5, 2009 at 2:14 PM, Nathan Gibbs <nathan [at] cmpublishers> wrote:
> Besides the Virus Name %v
>
> Are there any other details from the running scanner that can be
> exported to a VirusEvent Script?
>
> Thanks
>
> --
> Sincerely,
>
> Nathan Gibbs
>
> Systems Administrator
> Christ Media
> http://www.cmpublishers.com
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


dennispe at inetnw

Nov 5, 2009, 12:30 PM

Post #3 of 8 (1165 views)
Permalink
Re: Virus Event ? [In reply to]
David Vo wrote:
> Please take me off this list.


The instructions to do this are in the headers of each message you've ever
received from this list server but which I include here:

Reply-To: ClamAV users ML <clamav-users [at] lists>
List-Id: ClamAV users ML <clamav-users.lists.clamav.net>
List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/options/clamav-users>,
<mailto:clamav-users-request [at] lists?subject=unsubscribe>
List-Post: <mailto:clamav-users [at] lists>
List-Help: <mailto:clamav-users-request [at] lists?subject=help>
List-Subscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>,
<mailto:clamav-users-request [at] lists?subject=subscribe>

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


tkojm at clamav

Nov 5, 2009, 1:56 PM

Post #4 of 8 (1169 views)
Permalink
Re: Virus Event ? [In reply to]
On Thu, 05 Nov 2009 15:14:19 -0500
Nathan Gibbs <nathan [at] cmpublishers> wrote:

> Besides the Virus Name %v
>
> Are there any other details from the running scanner that can be
> exported to a VirusEvent Script?

Inside the script itself you can access $CLAM_VIRUSEVENT_VIRUSNAME
(== %v) and $CLAM_VIRUSEVENT_FILENAME (not directly available in
the config file)

HTH,

--
oo ..... Tomasz Kojm <tkojm [at] clamav>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu Nov 5 22:55:54 CET 2009
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


nathan at cmpublishers

Nov 5, 2009, 2:39 PM

Post #5 of 8 (1166 views)
Permalink
Re: Virus Event ? [In reply to]
* Tomasz Kojm wrote:
> On Thu, 05 Nov 2009 15:14:19 -0500
> Nathan Gibbs <nathan [at] cmpublishers> wrote:
>
>> Besides the Virus Name %v
>>
>> Are there any other details from the running scanner that can be
>> exported to a VirusEvent Script?
>
> Inside the script itself you can access $CLAM_VIRUSEVENT_VIRUSNAME
> (== %v) and $CLAM_VIRUSEVENT_FILENAME (not directly available in
> the config file)
>
I can see why

$CLAM_VIRUSEVENT_FILENAME

isn't available through config.

Under clamscan the file returned is stream.
Under clamdscan/clamd, one process returns the correct filename the
other returns stream.

Is that a bug or a feature?


Also, is there anything available to the script in the On* events from
freshclam.conf?

Thanks.

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Attachments: signature.asc (0.19 KB)


nathan at cmpublishers

Nov 5, 2009, 2:49 PM

Post #6 of 8 (1166 views)
Permalink
Re: Virus Event ? [In reply to]
* Nathan Gibbs wrote:
> * Tomasz Kojm wrote:
>> On Thu, 05 Nov 2009 15:14:19 -0500
>> Nathan Gibbs <nathan [at] cmpublishers> wrote:
>>
>>> Besides the Virus Name %v
>>>
>>> Are there any other details from the running scanner that can be
>>> exported to a VirusEvent Script?
>> Inside the script itself you can access $CLAM_VIRUSEVENT_VIRUSNAME
>> (== %v) and $CLAM_VIRUSEVENT_FILENAME (not directly available in
>> the config file)
>>
> I can see why
>
> $CLAM_VIRUSEVENT_FILENAME
>
> isn't available through config.
>
> Under clamscan the file returned is stream.
> Under clamdscan/clamd, one process returns the correct filename the
> other returns stream.
>
> Is that a bug or a feature?
>
>
My bad.

clamscan doesn't return anything.
clamdscan returns the filename if it can or stream.

Our internal monitor system was bouncing a test signature off the
clamd's & sabotaging my testing.
:-)

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Attachments: signature.asc (0.19 KB)


tkojm at clamav

Nov 6, 2009, 12:45 AM

Post #7 of 8 (1151 views)
Permalink
Re: Virus Event ? [In reply to]
On Thu, 05 Nov 2009 17:39:35 -0500
Nathan Gibbs <nathan [at] cmpublishers> wrote:

> I can see why
>
> $CLAM_VIRUSEVENT_FILENAME
>
> isn't available through config.
>
> Under clamscan the file returned is stream.
> Under clamdscan/clamd, one process returns the correct filename the
> other returns stream.
>
> Is that a bug or a feature?

That's due to the way you're calling clamdscan. In the stream mode
it only sends the file data to clamd so the daemon doesn't know the
real file name.

> Also, is there anything available to the script in the On* events from
> freshclam.conf?

As mentioned in freshclam.conf(5), one can pass %v to OnOutdatedExecute
to get the version number of the latest ClamAV release

Regards,

--
oo ..... Tomasz Kojm <tkojm [at] clamav>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Nov 6 09:44:51 CET 2009
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


nathan at cmpublishers

Nov 6, 2009, 6:05 AM

Post #8 of 8 (1157 views)
Permalink
Re: Virus Event ? [In reply to]
* Tomasz Kojm wrote:
> On Thu, 05 Nov 2009 17:39:35 -0500
> Nathan Gibbs <nathan [at] cmpublishers> wrote:
>
>> Is that a bug or a feature?
>
> That's due to the way you're calling clamdscan. In the stream mode
> it only sends the file data to clamd so the daemon doesn't know the
> real file name.
>

Yeah, I figured that out eventually. :-)
Our internal monitor system was bouncing a test signature off the
clamd's & sabotaging my test runs.
:-)
Its usually funny when I'm the source of my own confusion.
:-)

>> Also, is there anything available to the script in the On* events from
>> freshclam.conf?
>
> As mentioned in freshclam.conf(5), one can pass %v to OnOutdatedExecute
> to get the version number of the latest ClamAV release

Sorry, I should have been more clear. I knew about that one. I was
trolling for anything else.

Please, seriously consider Bug#1754. Adding that functionality would
improve Clamav.

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Attachments: signature.asc (0.19 KB)

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.