How can I make a detailed report of ClamAv scan results (location of infected files)?

security clamav log malware scanner

I'm scanning with ClamAv and I got the following summary:

----------- SCAN SUMMARY -----------
Known viruses: 4724261
Engine version: 0.99
Scanned directories: 128878
Scanned files: 791920
Infected files: 29
Total errors: 25699
Data scanned: 187109.62 MB
Data read: 1683517.68 MB (ratio 0.11:1)
Time: 19860.535 sec (331 m 0 s)

My question is: how to find the infected files? I tried to open stdout but I know no application to do that. I tried to find a log file... couldn't


Solution 1:

I use sudo clamscan / --recursive | tee clamscan.log, so that I can both watch the results go by, and inspect the whole output afterward.

Solution 2:

Apparently you have to tell ClamAv where to put your report of infected files. Looking at wiki it appears the software isn't stellar and there might be better packages to use if security is your first concern. However ClamAV is open source and free so if budget is priority it is probably the best.

As far as seeing a report of infected files this is what I found in the Community Help Wiki:

Infected files reporting

In case you are recursively scanning the whole /home folder (or even the whole system) from a terminal emulator on your GUI, possibly there will be lots of files. In that case, as the output you will get is not infinite, it probably will help to generate a report containing the paths to all infected files. In that case you can do the following:

sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/report/file.txt

Be patient if you run that command and it doesn't seem to be working because even if you don't see the complete output it is really scanning the files. When you see the prompt again, that will mean the scan is finished and that you can open the file it has created to check any infected file detected in your system.

As Clamav doesn't disinfect the files, sometimes will be better to just know what are the infected files before putting it on quarantine or removing it. For example, you could be using Wine and by deleting an infected file you could break a program without having saved some data.

Solution 3:

If you type man clamscan in a terminal, you will see all the available options. One of them is -i which prints the infected files only. Typing clamscan -ir /folder for example would show you all the infected files in that folder and all subfolders..

Related

ls: cannot open directory: Permission denied
How to check if dpkg-architecture --list has all the architectures?
How can we replace iptables with firewalld in ubuntu 16.04?
Nautilus fails to see shares in 18.04
Can I have a swapfile on btrfs?
Why did Apport make my bug report private?
When will we get Sandy Bridge support?
Using microphone input port as headphone output
"df -h" command puts line breaks in output. How do I fix?
Neo4j Query Not Returning Desired Output
How to add two foreign keys and add values in child table with reference of parent table
Django - TypeError __init__() missing 1 required positional argument when uploading a file