Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Scan and remove if file infected using bash
Top Forums Shell Programming and Scripting Scan and remove if file infected using bash Post 302990266 by rbatte1 on Tuesday 24th of January 2017 09:01:48 AM
Old 01-24-2017
I'm not sure why you have the loop for for FILE in "$DIR"/* when you follow it up with clamscan -r "$FILE"

The -r flag asks clamscan to recursively search. This will call clamscan once for each item in the directory. Can you not just clamscan -r "$DIR" instead? I find that running clamscan has a several second overhead as it loads up the definitions. You could be scanning for hours just on calling the process repeatedly. An alternate might be to list the files into another file and use that as input with the -f flag, e.g. clamscan -if /tmp/file_list.txt

I've added the -i flag to only list infected files, which might make reading the output easier.

You have the basis of some good code here though, keep going Smilie

Do you have a virus signature to test this with?


Robin
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

File Scan

Hi everyone , i m working on Sun solaris and i have a file "smsapp.cur" which has information like this paragraph given below , there are millions of such paragraphs From:923212802736 To:923222326807 logMessage: 07-04-08 17:34:29 Getting message topup from code page default in language English... (2 Replies)
Discussion started by: Dastard
2 Replies

2. Shell Programming and Scripting

how can i remove comments in random positions in a file?(bash)

Suppose i have a file like this: #bla bla #bla bla bla bla bla Bla BLA BLA BLA #bla bla .... .... how can i remove all comments from every line,even if they are behind commands or strngs that are not comments? any idea how i could do that using awk? (2 Replies)
Discussion started by: bashuser2
2 Replies

3. Windows & DOS: Issues & Discussions

Internet Explorer is infected - small windows keep popping up

hello, I have an annoying problem on my Internet Explorer. When I open that browser, after some time advertisement windows just pop up, even if I am not browsing anything, or when the browser is running at the background. That is, the pop-ups don't come from the websites I visit, rather, I... (17 Replies)
Discussion started by: milhan
17 Replies

4. Shell Programming and Scripting

How to get rid of cannot remove file error in bash script?

Hi Guys, I am creating a couple of temp. files in a script. After completing the script, I am using the rm command to delete these files. The files are getting deleted but I am getting "filename - cannot find file;no such file or directory" error in my bash shell terminal window. I am using... (3 Replies)
Discussion started by: npatwardhan
3 Replies

5. What is on Your Mind?

iPad infected with virus

What to say nothing is no more secure Apple's new iPad has been taken down by malware within a few weeks of it being in the shops. It is an article of faith amongst Apple fanboys that Jobs' Mob gear is super secure and malware only exists on Windows machines. Despite the fact that Apple gear... (1 Reply)
Discussion started by: solaris_user
1 Replies

6. Shell Programming and Scripting

scan and edit in bash

so assume I have a dozen files in local directory and half of them are .txt and I only want to scan these text files and go inside each of them and replace absolute paths (e.g. C:\blabla\more blahblah\myfile.txt) with just the name of that file (myfile.txt) and then go to next line and look if... (6 Replies)
Discussion started by: Jaymz
6 Replies

7. Shell Programming and Scripting

How to remove '^[[00m' in bash file?

Hi, This should be a simple one: I run the following commands in bash and ksh respectively but got differenant results: # ls -l /var/log > /tmp/a # vi /tmp/a In bash shell, I got: ^ In ksh, I got: total 828552 -rw-r----- 1 root root 189 Aug 9 00:00 acpid -rw-r----- 1 root... (7 Replies)
Discussion started by: aixlover
7 Replies

8. Shell Programming and Scripting

Remove original file from directory after bash executes

The below bash works great, except I can not seem to delete the original file $f from the directory. Thank you :) For example, after the bash executes there are 8 files in the directory: 123.txt (original file) 123_remove.txt 123_index.txt 123_final.txt 456.txt (original file)... (11 Replies)
Discussion started by: cmccabe
11 Replies

9. Shell Programming and Scripting

Create automated scan of specific directory using bash

I am trying to use bash to automate the scan of a specific directory using clamav. Having this in place is a network requirement. The below is an attempt to: 1. count the extensions (.txt, .jpeg) in a directory and write them to a virus-scan.log (section in bold) 2. scan each folder in the... (6 Replies)
Discussion started by: cmccabe
6 Replies

10. UNIX for Beginners Questions & Answers

Bash to remove find and remove specific extension

The bash below executes and does find all the .bam files in each R_2019 folder. However set -x shows that the .bam extension only gets removed from one .bam file in each folder (appears to be the last in each). Why is it not removing the extension from each (this is $SAMPLE)? Thank you :). set... (4 Replies)
Discussion started by: cmccabe
4 Replies

LEARN ABOUT SUSE

clamscan

clamscan(1)							  Clam AntiVirus						       clamscan(1)

NAME

       clamscan - scan files and directories for viruses

SYNOPSIS

       clamscan [options] [file/directory/-]

DESCRIPTION

       clamscan is a command line anti-virus scanner.

OPTIONS

       Most  of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed
       by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting
       for a given option.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version number and exit.

       -v, --verbose
	      Be verbose.

       --debug
	      Display debug messages from libclamav.

       --quiet
	      Be quiet (only print error messages).

       --stdout
	      Write all messages (except for libclamav output) to the standard output (stdout).

       -d FILE/DIR, --database=FILE/DIR
	      Load virus database from FILE or load all virus database files from DIR.

       --official-db-only=[yes/no(*)]
	      Only load the official signatures published by the ClamAV project.

       -l FILE, --log=FILE
	      Save scan report to FILE.

       --tempdir=DIRECTORY
	      Create temporary files in DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

       --leave-temps
	      Do not remove temporary files.

       -f FILE, --file-list=FILE
	      Scan files listed line by line in FILE.

       -r, --recursive
	      Scan directories recursively. All the subdirectories in the given directory will be scanned.

       --cross-fs=[yes(*)/no]
	      Scan files and directories on other filesystems.

       --bell Sound bell on virus detection.

       --no-summary
	      Do not display summary at the end of scanning.

       --exclude=REGEX, --exclude-dir=REGEX
	      Don't scan file/directory names matching regular expression. These options can be used multiple times.

       --include=REGEX, --include-dir=REGEX
	      Only scan file/directory matching regular expression. These options can be used multiple times.

       -i, --infected
	      Only print infected files.

       --remove[=yes/no(*)]
	      Remove infected files. Be careful.

       --move=DIRECTORY
	      Move infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

       --copy=DIRECTORY
	      Copy infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

       --bytecode[=yes(*)/no]
	      With  this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, oth-
	      erwise you may miss detections for many new viruses.

       --bytecode-trust-all[=yes/no(*)]
	      This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging.

       --bytecode-timeout=N
	      Set bytecode timeout in milliseconds (default: 60000 = 60s)

       --detect-pua[=yes/no(*)]
	      Detect Possibly Unwanted Applications.

       --exclude-pua=CATEGORY
	      Exclude a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list
	      of PUA

       --include-pua=CATEGORY
	      Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete
	      list of PUA

       --detect-structured[=yes/no(*)]
	      Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.

       --structured-ssn-format=X
	      X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted  as  xxxyyzzzz  (stripped);  X=2:
	      search for both formats. Default is 0.

       --structured-ssn-count=#n
	      This option sets the lowest number of Social Security Numbers found in a file to generate a detect (default: 3).

       --structured-cc-count=#n
	      This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).

       --scan-mail[=yes(*)/no]
	      Scan mail files.

       --phishing-sigs[=yes(*)/no]
	      Use the signature-based phishing detection.

       --phishing-scan-urls[=yes(*)/no]
	      Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)

       --heuristic-scan-precedence[=yes/no(*)]
	      Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it
	      will stop scan immediately. Recommended, saves CPU scan-time. When  disabled,  virus/phish  detected  by	heuristic  scans  will	be
	      reported	only at the end of a scan. If an archive contains both a heuristically detected  virus/phish, and a real malware, the real
	      malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses  differently from "real" malware. If  a
	      non-heuristically-detected  virus  (signature-based) is found first,  the scan is interrupted immediately, regardless of this config
	      option.

       --phishing-ssl[=yes/no(*)]
	      Block SSL mismatches in URLs (might lead to false positives!).

       --phishing-cloak[=yes/no(*)]
	      Block cloaked URLs (might lead to some false positives).

       --algorithmic-detection[=yes(*)/no]
	      In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV  uses	special  algorithms  to  provide  accurate
	      detection. This option can be used to control the algorithmic detection.

       --scan-pe[=yes(*)/no]
	      PE  stands  for  Portable  Executable  - it's an executable file format used in all 32-bit versions of Windows operating systems. By
	      default ClamAV performs deeper analysis of executable files and attempts to decompress  popular  executable  packers  such  as  UPX,
	      Petite, and FSG.

       --scan-elf[=yes(*)/no]
	      Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.

       --scan-ole2[=yes(*)/no]
	      Scan Microsoft Office documents and .msi files.

       --scan-pdf[=yes(*)/no]
	      Scan within PDF files.

       --scan-html[=yes(*)/no]
	      Detect, normalize/decrypt and scan HTML files and embedded scripts.

       --scan-archive[=yes(*)/no]
	      Scan archives supported by libclamav.

       --detect-broken[=yes/no(*)]
	      Mark broken executables as viruses (Broken.Executable).

       --block-encrypted[=yes/no(*)]
	      Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

       --max-files=#n
	      Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option pro-
	      tects your system against DoS attacks (default: 10000)

       --max-filesize=#n
	      Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is  a  num-
	      ber. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)

       --max-scansize=#n
	      Extract  and  scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a
	      number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)

       --max-recursion=#n
	      Set archive recursion level limit. This option protects your system against DoS attacks (default: 16).

       --max-dir-recursion=#n
	      Maximum depth directories are scanned at (default: 15).

EXAMPLES

       (0) Scan a single file:

	      clamscan file

       (1) Scan a current working directory:

	      clamscan

       (2) Scan all files (and subdirectories) in /home:

	      clamscan -r /home

       (3) Load database from a file:

	      clamscan -d /tmp/newclamdb -r /tmp

       (4) Scan a data stream:

	      cat testfile | clamscan -

       (5) Scan a mail spool directory:

	      clamscan -r /var/spool/mail

RETURN CODES

       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

CREDITS

       Please check the full documentation for credits.

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamdscan(1), freshclam(1), freshclam.conf(5)

ClamAV 0.96.1							 December 30, 2008						       clamscan(1)
All times are GMT -4. The time now is 06:49 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy