Ubuntu – Clamscan -ri Bash Get Filename

bashclamavcommand line

How can I get the file path of the returned infected files list from a clamscan -ri?

right now I am seeing this:

/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: copied to '/folder/infections//HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt'
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: copied to '/folder/infections//Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt'
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: copied to '/folder/infections//HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt'
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: copied to '/folder/infections//HG010_Hyaloglide_product_overview_training_RevC.ppt'

what I'd like is the file path only. for instance /home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt

Maybe a simple sed command to grab everything before the 😕 I don't know the pattern I should use tho

Best Answer

Another solution using awk + readarray;

To process the output of clamscan -ri:

clamscan -ri | awk -F ':' '/FOUND/ {print $1}'

-F ':': sets awk's field separator to :;
/FOUND/: pattern; executes the following action only if the record matches the FOUND string;
{print $1}: prints the first field;

To read the processed output of clamscan -ti into an array $x:

mapfile -t x < <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}')

-t: removes the trailing newline at the end of each line before reading it into the array;
< <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}'): redirects the output of the process substitution <(clamscan -ri | awk -F ':' '/FOUND/ {print $1}') to readarray's stdin

ubuntu@ubuntu:~/tmp$ cat infile
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt: copied to '/folder/infections//HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt'
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt: copied to '/folder/infections//Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt'
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt: copied to '/folder/infections//HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt'
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: Doc.Exploit.CVE_2015_2341 FOUND
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt: copied to '/folder/infections//HG010_Hyaloglide_product_overview_training_RevC.ppt'
ubuntu@ubuntu:~/tmp$ cat infile | awk -F ':' '/FOUND/ {print $1}'
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt
/home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt
/home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt
/home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt
ubuntu@ubuntu:~/tmp$ mapfile -t x < <(awk -F ':' '/FOUND/ {print $1}' infile)
ubuntu@ubuntu:~/tmp$ echo "${x[@]}"
/home/folder/public_html/wp-content/uploads/2015/07/HB006_Hyalobarrier-Product-training-MASTER-10-07-15.ppt /home/folder/public_html/wp-content/uploads/2015/02/Tech003_HA_HYAFF_technology_MASTER_presentation_RevB.ppt /home/folder/public_html/wp-content/uploads/2015/02/HM006_Hyalomatrix_PA_product_overview_training_RevB.ppt /home/folder/public_html/wp-content/uploads/2014/10/HG010_Hyaloglide_product_overview_training_RevC.ppt

Best Answer

Related Solutions

ClamAV – How to View Results of Last Clamscan Scan

Ubuntu – Confusion between clamscan and clamdscan

Related Question