Results 1 to 5 of 5

Thread: Capture and filter output of a command

  1. #1

    Default Capture and filter output of a command

    I need to filter the output of clamscan. So far, I get a background clamscan and the output isn't coming out right.


    Code:
    while read -ra command_output_filescan; do                        #read output of clamscan into string array command_output_filescan
    #two entries per line
    #[/dir1L/dir2L/dir3L/dirx/filename:] [ok]
    
        printf "%s%s\n" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
        echo `expr index "$command_output_filescan" "/MSWINXX/"`                  #find the beginning of drive_label and print
    
        #/MSWINXX/toplevel/
        #I need to extract the 'toplevel' from the output string. Only print command_output_filescan[1]= 'virus found'.
        #print the top level directory and delete the line when the directory changes then reprint.
        /dira1L/ [delete line] /dirb1L/ [delete line] /dirc1L/
    
        break  #stop here just first line only.
    
    done < <(clamscan  -r "/media/MSWINXX/")

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,155

    Default Re: Capture and filter output of a command

    Again it is a bit difficult to understand this. While almost nobody here knows the program clamscan or has it installed, we have no example of it's output. Thus a piece of real data with an explanation of what lines (parts of lines) should trigger what action might be helpful. E.g., when you want to read a line into variables (or an aray), the first thing to determine is what the sepaarator between the parts should be (th IFS variable). By choosing it carefully, things can be made easier.

    Also you only present the script, but do not present us with any problem it gives you. Does it run? Does it give errors? Does it produce output, but different from what you hoped for?

    In any case:
    Code:
    < <(clamscan  -r "/media/MSWINXX/")
    I do not understand this at all.
    Henk van Velden

  3. #3
    Join Date
    Jan 2013
    Location
    Germany
    Posts
    289

    Default Re: Capture and filter output of a command

    The best training and best way for finding bugs is explaining the code, what he should do and what he is doing in every line (without comments).
    TO: Can you explain your code, please?

  4. #4

    Default Capture and filter output of a command

    http://linux.die.net/man/1/clamscan

    I won't have access to my computer for a while, some unrelated issues. Using another person's computer at the moment.

    hcvv: Again it is a bit difficult to understand this. While almost nobody here knows the program clamscan or has it installed, we have no example of it's output. Thus a piece of real data with an explanation of what lines (parts of lines) should trigger what action might be helpful. E.g., when you want to read a line into variables (or an array), the first thing to determine is what the separator between the parts should be (the IFS variable). By choosing it carefully, things can be made easier.
    IFS=' ' #The default right?

    Also you only present the script, but do not present us with any problem it gives you. Does it run? Does it give errors? Does it produce output, but different from what you hoped for?
    The last code produced no output at all and clamscan became background task. I want to display the current top level directory being scan. I'v having trouble with extracting strings from the output.

    Here's an example of typical clamscan output:


    #Virus found
    Code:
    /var/lib/rpm/Packages: UNIX.Exploit.CVE_2010_3301 FOUND
    [directory tree]: [virus found]

    #Virus not found
    Code:
    /var/lib/rpm/Packages: OK

    [directory tree]: [virus not found]


    Here's one method.

    Code:
    DriveLabel="MSWINXX"
    IFS=' '
    while read -ra command_output_filescan; do                        #read output of clamscan into string array command_output_filescan
    
    #Process clamscan output
    
        printf "%s%s\n" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
    
        echo `expr index "$command_output_filescan" $DriveLabel`                  #find the beginning of drive_label and print
    
        break  #stop here just first line only.
    
    #end
    
    #Do a recursive scan of an ntfs windows directory and capture the output.
    done < <(clamscan  -r "/mounted/MSWINXX/")

    Another method, send the scan to 'clamav.log'

    Code:
    #Do a recursive scan of an ntfs windows directory and capture the output.
    clamscan  -r "/media/MSWINXX/" -l clamav.log
    
    DriveLabel="MSWINXX"
    IFS=' '
    while read -ra command_output_filescan; do
    #Process clamscan output
    
        printf "%s%s\n" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
        
        echo `expr index "$command_output_filescan" $DriveLabel`                  #find the beginning of drive_label and print
        
        break  #stop here just first line only.
    
    #end
    
    done < < "clamav.log"

  5. #5
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,155

    Default Re: Capture and filter output of a command

    Quote Originally Posted by lord_valarian View Post
    I am realy not going to study clamscan.
    Quote Originally Posted by lord_valarian View Post
    IFS=' ' #The default right?
    What you typed there is realy not interpretable (because we can not see what white space character(s) you typed there). But the man page says:
    IFS
    The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is ``<space><tab><newline>''.
    Looking in the man page yourself first and then asking when you need more clarification is allright. But quessing what the default might be is not..

    Quote Originally Posted by lord_valarian View Post
    The last code produced no output at all and clamscan became background task. I want to display the current top level directory being scan. I'v having trouble with extracting strings from the output.
    What do you mean with "the last code"?
    Quote Originally Posted by lord_valarian View Post
    Here's an example of typical clamscan output:


    #Virus found
    Code:
    /var/lib/rpm/Packages: UNIX.Exploit.CVE_2010_3301 FOUND
    [directory tree]: [virus found]

    #Virus not found
    Code:
    /var/lib/rpm/Packages: OK

    [directory tree]: [virus not found]
    Your story about what you want with such lines is vague, but do I understand that you want to isolate the first item in the directory tree there? When that is the case, I would do something like:
    Code:
    echo "/var/lib/rpm/Packages: UNIX.Exploit.CVE_2010_3301" | IFS='/' read X DIR X
    and then the variable DIR will contain the value var.
    Quote Originally Posted by lord_valarian View Post
    Here's one method.

    Code:
    DriveLabel="MSWINXX"
    IFS=' '
    while read -ra command_output_filescan; do                        #read output of clamscan into string array command_output_filescan
    
    #Process clamscan output
    
        printf "%s%s\n" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
    
        echo `expr index "$command_output_filescan" $DriveLabel`                  #find the beginning of drive_label and print
    
        break  #stop here just first line only.
    
    #end
    
    #Do a recursive scan of an ntfs windows directory and capture the output.
    done < <(clamscan  -r "/mounted/MSWINXX/")

    Another method, send the scan to 'clamav.log'

    Code:
    #Do a recursive scan of an ntfs windows directory and capture the output.
    clamscan  -r "/media/MSWINXX/" -l clamav.log
    
    DriveLabel="MSWINXX"
    IFS=' '
    while read -ra command_output_filescan; do
    #Process clamscan output
    
        printf "%s%s\n" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
        
        echo `expr index "$command_output_filescan" $DriveLabel`                  #find the beginning of drive_label and print
        
        break  #stop here just first line only.
    
    #end
    
    done < < "clamav.log"
    Again we have to do this step by step. And you should explain for every step why you coded this as we see it. Else we can not tell you if you coded it correct. And again I start with one item, what is after the last "done"
    Code:
    done < <(clamscan  -r "/mounted/MSWINXX/")
    and
    Code:
    done < < "clamav.log"
    Both are incorrect syntax (and thus should give you an error message), but you do not report any error message. So please what do you think this should do?
    Henk van Velden

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •