How can I get the file path of the returned infected files list from a clamscan -ri
?
right now I am seeing this:
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: copied to '/folder/infections//HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt'
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: copied to '/folder/infections//Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt'
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: copied to '/folder/infections//HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt'
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: copied to '/folder/infections//HG010_Hyaloglide_product_overview_training_RevC.ppt'
what I'd like is the file path only. for instance /home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt
Maybe a simple sed
command to grab everything before the 😕 I don't know the pattern I should use tho
Best Answer
Another solution using
awk
+readarray
;To process the output of
clamscan -ri
:-F ':'
: setsawk
's field separator to:
;/FOUND/
: pattern; executes the following action only if the record matches theFOUND
string;{print $1}
: prints the first field;To read the processed output of
clamscan -ti
into an array$x
:-t
: removes the trailing newline at the end of each line before reading it into the array;< <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}')
: redirects the output of the process substitution<(clamscan -ri | awk -F ':' '/FOUND/ {print $1}')
toreadarray
'sstdin