#!/bin/bash #: Title : string limits
IFS=''
#read line output of 'clamscan -r'
while read command_output; do
printf "%s
" ${command_output}
done < <(clamscan -r /)
unset IFS
With this, I found that strings were being cut off at 128 characters. Using IFS field splitting makes my code far more complex. With IFS, string length can still be exceeded.
I’ve found nothing on internet searches to make strings bigger. string_size=128 to string_size=2000.
Can you make string length maximum larger? Through syntax or bash system variables.
It’d be helpful to see the output you get, as well as the output you expect.
Using the following I easily get lines longer than 128 characters. I
would guess something about your clamav output is breaking the line.
Maybe try ‘read -r’ instead of just ‘read’:
#!/bin/bash
IFS='';
while read command_output; do
printf "%s
" ${command_output}
done < <(openssl rand -hex 256)
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
This is likely the interactive input buffer which I’ve run into in the past.
I ran into this awhile back following the original SDB Java (Oracle SE JDK 7) instructions,
If you simply copied the original code comprising well over a hundred individual commands into a console, you’d run into that error (limiting number of characters in a command).
The alternative at that time was to paste only a single or at most a few commands at a time into a console.
My guess is that your output is being sent to a command for input in a new command.
Solution which I implemented in the scripts I wrote…
Change the commands from interactive to non-interactive.
Then, all the commands can be run at once.
I would guess that your problem is “printing” the string is the problem and might be resolved by simply piping or redirecting the text stream directly to file.
In another thread (IIRC it’s also likely authored by you) I suggested writing all your code as non-interactive instead of invoking interactive commands. I would repeat that recommendation, I would guess there should also be performance benefits.
I’ll try piping the output and see if that fixed the problem.
I’ll post the complete code section, same basic idea. This has the output bug. It prints only if ‘found’ or ‘moved’. This cuts the string short and outputs.
See below for the piped version.
#!/bin/bash
IFS=':'
while read -ra command_output_filescan
do
#delete line
echo -en "\E[2K\r"
Max_Words=${#command_output_filescan
[li]} Last_Word=${command_output_filescan[Max_Words]}
let START=0
let END=Max_Words-1
#print string
Index=0
for index_word in "${command_output_filescan@]}"
do
printf "%s" $index_word
if $Index != $END ];then
printf ":"
fi
((Index +=1))
done
Scanfile_Result=${command_output_filescan[END]}
if "$Scanfile_Result" == *"FOUND"* ]] || "$Scanfile_Result" == *"moved to"* ]];then
printf "
"
fi
done < <(clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0)
… end
/home/username/Downloads/How to Enable or Disable_Turn off Fast boot or Fast Startup in Windows 10 and Windows 8.1 « SillyCodes_files/postmessageRelay.ht
/home/username/Downloads/How to Enable or Disable_Turn off Fast boot or Fast Startup in Windows 10 and Windows 8.1 « SillyCodes_files/comment-iframe.html
/home/username/Downloads/How to Enable or Disable_Turn off Fast boot or Fast Startup in Windows 10 and Windows 8.1 « SillyCodes_files/tweet_button.html:
/home/username/Downloads/How to Enable or Disable_Turn off Fast boot or Fast Startup in Windows 10 and Windows 8.1 « SillyCodes_files/TlA_zCeMkxl_002.htm
/home/username/Downloads/How to Enable or Disable_Turn off Fast boot or Fast Startup in Windows 10 and Windows 8.1 « SillyCodes_files/TlA_zCeMkxl.html: O
/home/username/.mozilla/firefox/0ywv6puy.default/datareporting/archived/2015-12/1450591995453.a420be3a-5bb9-4866-9b88-24f13bfebe0d.main.jsonlz4: Empty fi
/home/username/bin/scanvirus: line 242: command_output_filescan: bad array subscript
Am interested, but unable to understand <exactly> what you are trying to accomplish.
Looks like you’re running a clamscan scan, and you’ve generated an output file.
But, after that I’m uncertain what you are trying to do,
You’ve decided you want to modify the IFS to a full colon (
But can’t see what you’re trying to do…
You suggest you are deleting a line (unknown why)
Then you seem to be trying to identify a “last word” which is probably the last field determined by your custom IFS instead of the usual space character.
I don’t know what the following is supposed to mean, do you believe this is the line that causes your error?
Also, there seems to be a lot of functionality that’s not described… particularly “command_output_filescan.”
Don’t know if any of that functionality is relevant to your error.
In any case, there seems to be a large number of hits if you Google “bad array subscript” (there can be many causes) but in your case at least I don’t see enough information to troubleshoot.
The bad array subscript is because of blank lines in clamscan output. Before the scan results at the end, there shouldn’t be any blank lines. So, I check for them. I managed to find some programing errors and fix them. This generally what it does.
send clamscan output to while loop
delete line: printline
As each line is printed it erases the previous line. If ‘found’ is in the line it prints a newline so it doesn’t get deleted. So, the printout only shows if a virus is found. scanvirus - linux scan
It works now, but I’v not had a chance to test it more with test it more with long lines and fake virus lines. It’s usable by itself, but scan results don’t show up. The last array field holds the scan results, after the last ‘:’. I just added a check for blank lines and this.
clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 | while read -r -a command_output_filescan -n 120
This should do a double field split read up to 120 characters at a time and split that field based on IFS=":".
As I stated, you didn’t describe what you’re actually trying to do to the data, but you should investigate processing the raw data stream non-interactively instead of using interactive commands.
The alternative approach which would be greatly non-performant might be to break pre-process the raw data into chunks that would fit into your buffer restrictions.
Yes, take into account the buffer size. I’m not sure if it’s the total length of the string array or buffer limit on each array element. It’s still cutting it off.
I thought about reading the line one character at a time. It might be the easier way to process it.
I’v broken it up into a function.
Scan_Results_Filter()
{
IFS=':'
scan_results_flag=false
while read -r -a command_output_filescan
do
#command_output_filescan='/run/media/root/Temp_Storage/installer programs/Game mods/cnc generals/winrar/winrar-x64-521.exe: Win.Trojan.Ardamax-3714 FOUND'
Max_Words=${#command_output_filescan
[li]}[/li] if [[ "$Max_Words" -le 0 ]];then
#printf "blank line
"
continue
fi
if [ "${command_output_filescan[0]}" = '----------- SCAN SUMMARY -----------' ];then
#delete line
echo -en "\E[2K\r"
printf "
"
scan_results_flag=true
fi
if [ "$scan_results_flag" = 'false' ]; then
#print "delete line..."
#delete line
echo -en "\E[2K\r"
fi
let START=0
let END=Max_Words-1
Index=0
for index_word in "${command_output_filescan[@]}"
do
#strlength=${#index_word}
#if [ $strlength == 120 ];then
# printf "String length= 120
"
#fi
#print ':' if not last word
#printf "(%s)" $Index
echo -En "$index_word"
if [ $Index != $END ];then
printf ":"
fi
((Index +=1))
done
Scanfile_Result=${command_output_filescan[END]}
if [ "$scan_results_flag" = 'true' ]; then
printf "
"
elif [[ "$Scanfile_Result" == *"FOUND"* ]] || [[ "$Scanfile_Result" == *"moved to"* ]];then
printf "
"
fi
#break
done
#done < <(clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0)
unset IFS
}
/run/media/root/MSWIN764/Program Files (x86)/Common Files/InstallShield/Professional/RunTime/09/01/Intel32/iscript.dll: Win.Trojan.Ramnit-7533 FOUND
/run/media/root/Temp_Storage/installer programs/Game mods/cnc generals/winrar/winrar-x64-521.exe: Win.Trojan.Ardamax-3714 FOUND
(0)/run/media/root/MSWIN764/Users/AlexRogan1984beta/AppData/Local/NVIDIA/NvBackend/Packages/00006f64/vops-metro_last_light_redux.19300156.exe1) Win.Trojan.FakeAV-75137 FOUND
(0)/run/media/root/MSWIN764/Users/AlexRogan1984beta/AppData/Local/NVIDIA/NvBackend/Packages/00008244/DRS update.20141060.exe1) Win.Trojan.FakeAV-75137 FOUND
(0)/run/media/root/MSWIN764/Users/AlexRogan1984beta/AppData/Local/NVIDIA/NvBackend/Packages/000083ee/CoProc update.20259690.exe1) Win.Trojan.FakeAV-75137 FOUND
(0)/run/media/root/MSWIN764/Users/AlexRogan1984beta/AppData/Local/NVIDIA/NvBackend/Packages/000083f0/DAO.20259995.exe1) Win.Trojan.FakeAV-75137 FOUND
(0)/run/media/root/MSWIN764/Users/AlexRogan1984beta/AppData/Local/NVIDIA/NvBackend/Packages/000085f9/DAO.20425439.exe1) Win.Trojan.FakeAV-75137 FOUND
A couple years ago I took a few steps in the direction you’ve been working on.
I don’t remember exactly what prompted me to look into doing a virus scan then, it probably was an article of some sort and I don’t remember the exact research I did and it was very brief because it was only to briefly look at the issues related to some topic.
But, I do remember that I spent some brief time looking at what Kali provides, and I recommend you see whether some pen testing suite/app already can do what you’re writing from scratch… Re-inventing the wheel is an educational experience but if you’re more interested in creating something that works for your scenarios, you should see what already exists.
The idea is that pen testing suite/apps are generally more configurable than simple, installed apps. When an app is installed in an OS like clamscan on openSUSE, it’s configured for general use. If you want more advanced use, you can hack the code all you want but as you’ve found may run into issues, and my guess is that the issues you’re seeing probably have been addressed by others… You just need to find those apps.
I’ve also generally found that if you run into a problem, if you can be descriptive enough you’ll find the solution either written up in a blog (use Google) or in a gist on Github.
As I’ve also described,
If you read up on what streaming data is, and how to process streaming data, it’s a basic approach many apps use to process large amounts of data. But, how it might be implemented depends very much on the nature of the data so I can’t give you a complete instructional on how it would be done in your case… But, back to looking at various scanning apps (and you need to understand you should look beyond virus scanning, you want to consider scanning any kind of text or binary data for patterns), I’m sure there are many ways others have addressed your issue(s).
I’v not found anything like scanvirus as a command line shell. I’v found many people who have haven’t gotten nearly as far. This shell program is far less hassle then clamscan or any GUI shell. When A GUI clamscan is no longer supported, I go back to the command line anyway. It’s just makes clamscan far easier with shell script over it. I’m going to release version beta2 soon.
Clamscan has caught many viruses that mswin virus scanner have missed. Everything (scanvirus) automatic and easy to read, I love it!
I can fix the problem or work around, if I knew what it was. If I don’t know what’s causing it, I can’t fix it.
