How can I make a detailed report of ClamAv scan results (location of infected files)?
I'm scanning with ClamAv and I got the following summary:
----------- SCAN SUMMARY -----------
Known viruses: 4724261
Engine version: 0.99
Scanned directories: 128878
Scanned files: 791920
Infected files: 29
Total errors: 25699
Data scanned: 187109.62 MB
Data read: 1683517.68 MB (ratio 0.11:1)
Time: 19860.535 sec (331 m 0 s)
My question is: how to find the infected files? I tried to open stdout but I know no application to do that. I tried to find a log file... couldn't
Solution 1:
I use sudo clamscan / --recursive | tee clamscan.log
, so that I can both watch the results go by, and inspect the whole output afterward.
Solution 2:
Apparently you have to tell ClamAv where to put your report of infected files. Looking at wiki it appears the software isn't stellar and there might be better packages to use if security is your first concern. However ClamAV is open source and free so if budget is priority it is probably the best.
As far as seeing a report of infected files this is what I found in the Community Help Wiki:
Infected files reporting
In case you are recursively scanning the whole /home folder (or even the whole system) from a terminal emulator on your GUI, possibly there will be lots of files. In that case, as the output you will get is not infinite, it probably will help to generate a report containing the paths to all infected files. In that case you can do the following:
sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/report/file.txt
Be patient if you run that command and it doesn't seem to be working because even if you don't see the complete output it is really scanning the files. When you see the prompt again, that will mean the scan is finished and that you can open the file it has created to check any infected file detected in your system.
As Clamav doesn't disinfect the files, sometimes will be better to just know what are the infected files before putting it on quarantine or removing it. For example, you could be using Wine and by deleting an infected file you could break a program without having saved some data.
Solution 3:
If you type man clamscan
in a terminal, you will see all the available options. One of them is -i
which prints the infected files only. Typing clamscan -ir /folder
for example would show you all the infected files in that folder and all subfolders..