Friday, May 17, 2024
Homepage · command-line
 Popular · Latest · Hot · Upcoming
1
rated 0 times [  1] [ 0]  / answers: 1 / hits: 886  / 2 Years ago, tue, october 25, 2022, 7:11:47

How can I get the file path of the returned infected files list from a clamscan -ri?



right now I am seeing this:



/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: copied to '/folder/infections//HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt'

/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: copied to '/folder/infections//Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt'

/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: copied to '/folder/infections//HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt'

/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: copied to '/folder/infections//HG010_Hyaloglide_product_overview_training_RevC.ppt'


what I'd like is the file path only. for instance /home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt



Maybe a simple sed command to grab everything before the :? I don't know the pattern I should use tho


More From » command-line
 Answers
5

Another solution using awk + readarray;



To process the output of clamscan -ri:



clamscan -ri | awk -F ':' '/FOUND/ {print $1}'



  • -F ':': sets awk's field separator to :;

  • /FOUND/: pattern; executes the following action only if the record matches the FOUND string;

  • {print $1}: prints the first field;



To read the processed output of clamscan -ti into an array $x:



mapfile -t x < <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}')



  • -t: removes the trailing newline at the end of each line before reading it into the array;

  • < <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}'): redirects the output of the process substitution <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}') to readarray's stdin



ubuntu@ubuntu:~/tmp$ cat infile

/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: copied to '/folder/infections//HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt'

/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: copied to '/folder/infections//Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt'

/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: copied to '/folder/infections//HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt'

/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: Doc.Exploit.CVE_2015_2341 FOUND

/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: copied to '/folder/infections//HG010_Hyaloglide_product_overview_training_RevC.ppt'

ubuntu@ubuntu:~/tmp$ cat infile | awk -F ':' '/FOUND/ {print $1}'

/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt

/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt

/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt

/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt

ubuntu@ubuntu:~/tmp$ mapfile -t x < <(awk -F ':' '/FOUND/ {print $1}' infile)

ubuntu@ubuntu:~/tmp$ echo "${x[@]}"

/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt /home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt /home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt /home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt

[#18418] Wednesday, October 26, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
percol
Add To Favorites
Follow
Total Points: 493
Total Questions: 116
Total Answers: 107
Location: Taiwan
Member since Mon, Sep 6, 2021
3 Years ago
;