For the scanvirus script which uses clamscan, the extended debug output gives this. I need help identifying which partitions in MSWIN I should ignore and which should be scanned. An overview of what they do will be helpful. One entry has an NTFS file system and no files. It’s confusing. This scan is ‘windows 10’ OS.
.....scanvirus mswin.....
Device_Label= '/dev/sda2'
File_System = 'swap'
Drive_Label = 'primary'
Mount_Point = '[SWAP]'
Device_Label= '/dev/sda3'
File_System = 'btrfs'
Drive_Label = 'primary'
Mount_Point = '/var/cache'
Device_Label= '/dev/sda4'
File_System = 'xfs'
Drive_Label = 'primary'
Mount_Point = '/home'
Device_Label= '/dev/sdb1'
File_System = 'ntfs'
Drive_Label = 'Basic data partition'
Mount_Point = ''
__________________________________________________
Mounted /dev/sdb1 at /run/media/root/Recovery
Partition_Log=Recovery;
scanning: Basic data partition /run/media/root/Recovery
Scan only
----------- SCAN SUMMARY -----------
Known viruses: 6356028
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.426 sec (0 m 17 s)
Unmounted /dev/sdb1
__________________________________________________
Device_Label= '/dev/sdb2'
File_System = 'vfat'
Drive_Label = 'EFI system partition'
Mount_Point = ''
__________________________________________________
Mounted /dev/sdb2 at /run/media/root/3E7D-6A49
Partition_Log=Recovery;EFI system partition;
scanning: EFI system partition /run/media/root/3E7D-6A49
Scan only
----------- SCAN SUMMARY -----------
Known viruses: 6356028
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.510 sec (0 m 17 s)
Unmounted /dev/sdb2
__________________________________________________
Device_Label= '/dev/sdb4'
File_System = 'ntfs'
Drive_Label = 'Basic data partition'
Mount_Point = ''
__________________________________________________
Mounted /dev/sdb4 at /run/media/root/MSWIN6410
Partition_Log=Recovery;EFI system partition;MSWIN6410;
scanning: Basic data partition /run/media/root/MSWIN6410
Scan only
----------- SCAN SUMMARY -----------
Known viruses: 6356028
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 30
Infected files: 0
Data scanned: 10.62 MB
Data read: 18210.72 MB (ratio 0.00:1)
Time: 22.044 sec (0 m 22 s)
Unmounted /dev/sdb4
__________________________________________________
Device_Label= '/dev/sdb5'
File_System = 'ntfs'
Drive_Label = ''
Mount_Point = ''
__________________________________________________
Mounted /dev/sdb5 at /run/media/root/861EFAEC1EFAD461
Partition_Log=Recovery;EFI system partition;MSWIN6410;;
scanning: /run/media/root/861EFAEC1EFAD461
Scan only
----------- SCAN SUMMARY -----------
Known viruses: 6356028
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.600 sec (0 m 17 s)
Unmounted /dev/sdb5
__________________________________________________
Device_Label= '/dev/sdb6'
File_System = 'ntfs'
Drive_Label = 'Basic data partition'
Mount_Point = ''
__________________________________________________
Mounted /dev/sdb6 at /run/media/root/Backups
Partition_Log=Recovery;EFI system partition;MSWIN6410;;Backups;
scanning: Basic data partition /run/media/root/Backups
Scan only
----------- SCAN SUMMARY -----------
Known viruses: 6356028
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.547 sec (0 m 17 s)
Unmounted /dev/sdb6
__________________________________________________
Device_Label= '/dev/sr1'
File_System = 'udf"'
Drive_Label = 'DVDVIDEO'
Mount_Point = ' '
Device_Label= '/dev/sdc1'
File_System = 'ntfs'
Drive_Label = 'KINGSTON_16GB'
Mount_Point = ''
__________________________________________________
Mounted /dev/sdc1 at /run/media/root/KINGSTON_16GB
Partition_Log=Recovery;EFI system partition;MSWIN6410;;Backups;KINGSTON_16GB;
scanning: KINGSTON_16GB /run/media/root/KINGSTON_16GB
Scan only
----------- SCAN SUMMARY -----------
Known viruses: 6356028
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 9
Infected files: 0
Data scanned: 30.30 MB
Data read: 15.04 MB (ratio 2.02:1)
Time: 19.984 sec (0 m 19 s)
Unmounted /dev/sdc1
__________________________________________________
Device_Label= '/dev/sda1'
File_System = ''
Drive_Label = 'primary'
Mount_Point = ''
Device_Label= '/dev/sdb3'
File_System = ''
Drive_Label = 'Microsoft reserved partition'
Mount_Point = ''
On Sun 03 Dec 2017 09:46:01 PM CST, lord valarian wrote:
For the scanvirus script which uses clamscan, the extended debug output
gives this. I need help identifying which partitions in MSWIN I should
ignore and which should be scanned. An overview of what they do will be
helpful. One entry has an NTFS file system and no files. It’s confusing.
This scan is ‘windows 10’ OS.
Hi
Perhaps target the partition type rather than filesystem on that
partition type…?
eg;
Type 0700 for Microsoft basic data
Type EF00 for EFI System
Are you using the -r flag for recursive directories?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.2|GNOME 3.20.2|4.4.92-18.36-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
It passed the full -r full field test with no errors, partly. I’m still getting ‘;;’ meaning the scanvirus is not grabbing the right label. For speed testing, I turn that off, no -r. All I need is to test is the correct output.
For stuff like this, I’d recommend avoiding re-inventing the wheel…
Do a search on “antivirus open source” and inspect the source code of whatever exists out there… There is even a ClamWin and other scanners that use ClamAV as the scanner engine.
Then, what you do shouldn’t be any worse than the others you compare against, and may be better if you come up with a better idea.
If were creating a graphical interface, it would be. What if the graphical interface wasn’t working or a virus damaged it? Nothing like it existed when I first created it. No complex menus to go through. A simple command to make it easier to use clamscan with only two dependencies, clamav and udisks both NON-GFX.
I have enough programming experience that I don’t need to look at source code. I see it in mind.
It’s a matter of finding the command(s) that do the job, not programming it.
Been there, done that.
Lots of projects I’ve taken over because some Developer thought that they “just knew” what was best without ever looking at, or considering that other commonly used similar apps had already worked out the whole idea and are commonly used <because> they’d already gone through the whole debugging process of testing what was originally conceived, and fixed and improved on that.
Is why I never rely on original conception immediately. I always start off by researching existing code to see if anything is available “off the shelf” before I authorize original code. Original code isn’t always bad, it’s just that the odds that it can be better in all aspects compared to what already may be available isn’t likely(assuming that what is available is also well written).
Well, I looked and didn’t see anything like a clamscan wrapper. Nothing that was non-gfx, more features, better logging, only two dependencies, very few commands, and easier to use than clamscan. I’m also the user. This has found viruses that windows scans missed. I released it so others could benefit from it’s simplicity.
If others can benefit from it, why not? I use it constantly. Clamscan can focus on anti-virus detection. I can focus on a simple command line that is very user friendly and for command line beginners.
It’s handled via udisks and the desktop environment. Which DE are you using? For example, the KDE device notifier allows users to configure automatic mounting if desired.
I’m using KDE. ‘scanvirus’ can be with run with no xwin system. It auto-mounts and unmounts as needed. It doesn’t need one, the whole point of it. I’ll work around this.
Thanks for the assist all. I’m ready to move on to the nice and renice functions.
This has enabled me to release ‘scanvirus beta5’. This one partition design flaw can wait till later. GREP i’m getting better at using AWK i’m still learning bash. I’m always tweaking modifying scanvirus. The ‘j’ option of lsblk, i’ll check that out.