Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

clamscan produces output to --log=FILE when --quiet, --no-summary and --infected are specified

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


tcooper at ucsd

Jun 27, 2013, 11:14 AM

Post #1 of 4 (131 views)
Permalink
clamscan produces output to --log=FILE when --quiet, --no-summary and --infected are specified
I'm writing an automated daily scan script and I can't seem to get NO output
from clamscan if/when nothing of interest is found. For example, executing with...

"$CLAMSCAN_BIN" --quiet --no-summary --infected --stdout --file-list="$FILE_LIST" --log="$LOG_FILE"

Produces the following in the $LOG_FILE...

-------------------------------------------------------------------------------

Once for 'each' invocation of clamscan.

Is there way to disable this?

Thanks,
Trevor


--
Trevor Cooper, M.Sc.
Data Systems Programmer / System Administrator
University of California, San Diego
Multimodal Imaging Laboratory
8950 Villa La Jolla Dr., Suite C101
La Jolla, CA 92037
Phone: (858) 822-4330
Fax: (858) 534-1078

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


draynor at sourcefire

Jun 27, 2013, 12:35 PM

Post #2 of 4 (116 views)
Permalink
Re: clamscan produces output to --log=FILE when --quiet, --no-summary and --infected are specified [In reply to]
On Thu, Jun 27, 2013 at 2:14 PM, Trevor Cooper <tcooper [at] ucsd> wrote:

> I'm writing an automated daily scan script and I can't seem to get NO
> output
> from clamscan if/when nothing of interest is found. For example, executing
> with...
>
> "$CLAMSCAN_BIN" --quiet --no-summary --infected --stdout
> --file-list="$FILE_LIST" --log="$LOG_FILE"
>
> Produces the following in the $LOG_FILE...
>
>
> -------------------------------------------------------------------------------
>
> Once for 'each' invocation of clamscan.
>
> Is there way to disable this?
>
> Thanks,
> Trevor
>
>
> --
> Trevor Cooper, M.Sc.
> Data Systems Programmer / System Administrator
> University of California, San Diego
> Multimodal Imaging Laboratory
> 8950 Villa La Jolla Dr., Suite C101
> La Jolla, CA 92037
> Phone: (858) 822-4330
> Fax: (858) 534-1078
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>

Not without changing the code. clamscan is printing that line when it
initializes the logger as an immediate confirmation that the logger is
working. clamdscan does the same.

If you want to eliminate that line, you can comment out line 136 through
140 in clamscan.c and recompile. Those lines look like this:


if(logg("#\n-------------------------------------------------------------------------------\n\n"))
{
mprintf("!Problem with internal logger.\n");
optfree(opts);
return 2;
}

Of course, this change will make logger issues harder to pin down, so
beware.

Dave R.

--
---
Dave Raynor
Sourcefire Vulnerability Research Team
draynor [at] sourcefire
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


swebb at sourcefire

Jun 27, 2013, 12:40 PM

Post #3 of 4 (119 views)
Permalink
Re: clamscan produces output to --log=FILE when --quiet, --no-summary and --infected are specified [In reply to]
On Thu, Jun 27, 2013 at 3:35 PM, David Raynor <draynor [at] sourcefire>wrote:

> On Thu, Jun 27, 2013 at 2:14 PM, Trevor Cooper <tcooper [at] ucsd> wrote:
>
> > I'm writing an automated daily scan script and I can't seem to get NO
> > output
> > from clamscan if/when nothing of interest is found. For example,
> executing
> > with...
> >
> > "$CLAMSCAN_BIN" --quiet --no-summary --infected --stdout
> > --file-list="$FILE_LIST" --log="$LOG_FILE"
> >
> > Produces the following in the $LOG_FILE...
> >
> >
> >
> -------------------------------------------------------------------------------
> >
> > Once for 'each' invocation of clamscan.
> >
> > Is there way to disable this?
> >
> > Thanks,
> > Trevor
> >
> >
> > --
> > Trevor Cooper, M.Sc.
> > Data Systems Programmer / System Administrator
> > University of California, San Diego
> > Multimodal Imaging Laboratory
> > 8950 Villa La Jolla Dr., Suite C101
> > La Jolla, CA 92037
> > Phone: (858) 822-4330
> > Fax: (858) 534-1078
> >
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > http://www.clamav.net/support/ml
> >
>
> Not without changing the code. clamscan is printing that line when it
> initializes the logger as an immediate confirmation that the logger is
> working. clamdscan does the same.
>
> If you want to eliminate that line, you can comment out line 136 through
> 140 in clamscan.c and recompile. Those lines look like this:
>
>
>
> if(logg("#\n-------------------------------------------------------------------------------\n\n"))
> {
> mprintf("!Problem with internal logger.\n");
> optfree(opts);
> return 2;
> }
>
> Of course, this change will make logger issues harder to pin down, so
> beware.


Additionally, one could output to a temporary logfile then filter the
logfile through grep to simply prevent that line from being outputted. Or
simply output to stdout and run grep on that, outputting to the normal
logfile location.

Thanks,

Shawn
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


tcooper at ucsd

Jun 27, 2013, 1:43 PM

Post #4 of 4 (120 views)
Permalink
Re: clamscan produces output to --log=FILE when --quiet, --no-summary and --infected are specified [In reply to]
On 06/27/13 11:14, Trevor Cooper wrote:
> I'm writing an automated daily scan script and I can't seem to get NO output
> from clamscan if/when nothing of interest is found. For example, executing with...
>
> "$CLAMSCAN_BIN" --quiet --no-summary --infected --stdout --file-list="$FILE_LIST" --log="$LOG_FILE"
>
> Produces the following in the $LOG_FILE...
>
> -------------------------------------------------------------------------------
>
> Once for 'each' invocation of clamscan.
>
> Is there way to disable this?
>
>
Thanks for the suggestions... The solution was to NOT use the internal logger.

"$CLAMSCAN_BIN" --no-summary --infected --stdout --file-list="$FILE_LIST" >> "$LOG_FILE"

Trevor
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.