Capture and filter output of a command

I need to filter the output of clamscan. So far, I get a background clamscan and the output isn’t coming out right.

while read -ra command_output_filescan; do                        #read output of clamscan into string array command_output_filescan
#two entries per line
#[/dir1L/dir2L/dir3L/dirx/filename:] [ok]

    printf "%s%s
" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
    echo `expr index "$command_output_filescan" "/MSWINXX/"`                  #find the beginning of drive_label and print

    #/MSWINXX/toplevel/
    #I need to extract the 'toplevel' from the output string. Only print command_output_filescan[1]= 'virus found'.
    #print the top level directory and delete the line when the directory changes then reprint.
    /dira1L/ [delete line] /dirb1L/ [delete line] /dirc1L/

    break  #stop here just first line only.

done < <(clamscan  -r "/media/MSWINXX/")



Again it is a bit difficult to understand this. While almost nobody here knows the program clamscan or has it installed, we have no example of it’s output. Thus a piece of real data with an explanation of what lines (parts of lines) should trigger what action might be helpful. E.g., when you want to read a line into variables (or an aray), the first thing to determine is what the sepaarator between the parts should be (th IFS variable). By choosing it carefully, things can be made easier.

Also you only present the script, but do not present us with any problem it gives you. Does it run? Does it give errors? Does it produce output, but different from what you hoped for?

In any case:

< <(clamscan  -r "/media/MSWINXX/")

I do not understand this at all.

The best training and best way for finding bugs is explaining the code, what he should do and what he is doing in every line (without comments).
TO: Can you explain your code, please?

http://linux.die.net/man/1/clamscan

I won’t have access to my computer for a while, some unrelated issues. Using another person’s computer at the moment.

hcvv: Again it is a bit difficult to understand this. While almost nobody here knows the program clamscan or has it installed, we have no example of it’s output. Thus a piece of real data with an explanation of what lines (parts of lines) should trigger what action might be helpful. E.g., when you want to read a line into variables (or an array), the first thing to determine is what the separator between the parts should be (the IFS variable). By choosing it carefully, things can be made easier.

IFS=’ ’ #The default right?

Also you only present the script, but do not present us with any problem it gives you. Does it run? Does it give errors? Does it produce output, but different from what you hoped for?

The last code produced no output at all and clamscan became background task. I want to display the current top level directory being scan. I’v having trouble with extracting strings from the output.

Here’s an example of typical clamscan output:

[FONT=Verdana][size=2]#Virus found

/var/lib/rpm/Packages: UNIX.Exploit.CVE_2010_3301 FOUND

[FONT=Verdana][size=2][FONT=Verdana][size=2][directory tree]: [virus found]

#Virus not found

/var/lib/rpm/Packages: OK

[/size][/size][/FONT][/FONT][/size][/FONT]
[FONT=Verdana][size=2][FONT=Verdana][size=2][FONT=Verdana][size=2][FONT=Verdana][size=2][FONT=Verdana][size=2][FONT=Verdana][size=2][FONT=Verdana][size=2][directory tree]: [virus not found][/size][/size][/size][/size][/size][/size][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/size][/FONT]

Here’s one method.


DriveLabel="MSWINXX"
IFS=' '
while read -ra command_output_filescan; do                        #read output of clamscan into string array command_output_filescan

#Process clamscan output

    printf "%s%s
" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result

    echo `expr index "$command_output_filescan" $DriveLabel`                  #find the beginning of drive_label and print

    break  #stop here just first line only.

#end

#Do a recursive scan of an ntfs windows directory and capture the output.
done < <(clamscan  -r "/mounted/MSWINXX/")

Another method, send the scan to ‘clamav.log’

#Do a recursive scan of an ntfs windows directory and capture the output.
clamscan  -r "/media/MSWINXX/" -l clamav.log

DriveLabel="MSWINXX"
IFS=' '
while read -ra command_output_filescan; do
#Process clamscan output

    printf "%s%s
" $command_output_filescan[0] $command_output_filescan[1]   #print drive directory tree and virus scan result
    
    echo `expr index "$command_output_filescan" $DriveLabel`                  #find the beginning of drive_label and print
    
    break  #stop here just first line only.

#end

done < < "clamav.log"

I am realy not going to study clamscan.

What you typed there is realy not interpretable (because we can not see what white space character(s) you typed there). But the man page says:

IFS
The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is ``‘’.

Looking in the man page yourself first and then asking when you need more clarification is allright. But quessing what the default might be is not…

What do you mean with “the last code”?

Your story about what you want with such lines is vague, but do I understand that you want to isolate the first item in the directory tree there? When that is the case, I would do something like:

echo "/var/lib/rpm/Packages: UNIX.Exploit.CVE_2010_3301" | IFS='/' read X DIR X

and then the variable DIR will contain the value var.

Again we have to do this step by step. And you should explain for every step why you coded this as we see it. Else we can not tell you if you coded it correct. And again I start with one item, what is after the last “done”

done < <(clamscan  -r "/mounted/MSWINXX/")

and

done < < "clamav.log"

Both are incorrect syntax (and thus should give you an error message), but you do not report any error message. So please what do you think this should do?