Jump to content
An upgrade will take place on June 18, 2024 during the midday hours (UTC). The Forum will not be accessible for a short period of time. ×

Get the quarantined file name for a scan.


Recommended Posts

On my linux machine, I am using below commands, and at last I need a specific result like file_name of the infected file. Please let me know how this can be done?

Command 1:  /opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /tmp/testscanDir/VirusCheck/Files*  --show-scan-info; echo $?;

Output:

{
 "type":0,
 "session_id":35,
 "log_name":"ndlp8EAig"
}
1

=======================================

Command 2: /opt/eset/efs/bin/lslog --ods-detections="ndlp8EAig";

Output:
Time detected  Severity       Object URI                             Detection              Detection Type         Action                 Hash
11/10/2023 ... 1              file:///tmp/testscanDir/te.....   Eicar                  Test file              Cleaned by deleting    CF8BD9DFDDF...

========================================

As in result of command 2 we can see I am unable to get the complete file name, is there any option for that?

I tried one more command from quarantine, there I can get id and complete file name, but not able to find a common command/approach where I can find some relation between id of quarantine command and id/log_name generated from odscan command, so that I may get the file name.

Command : /opt/eset/efs/bin/quar -l;
Output: id              Time                  Name                                Detection      Detection Type Reason         Size           Count   Hash           Excludable
7295727985172563435 11/10/2023 06:45:44 AM /tmp/testscanDir/testfile.txt       Eicar          Test file                     69             3       CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62 -
 

I tried to see the detections as well. But it is giving me below error:

Command: /opt/eset/efs/bin/lslog --detections;
Output ESET Server Security Error: Insufficient credentials to perform the request.
 

 

Please let me know how may I get the name of infected file and what are different approaches for that.

Link to comment
Share on other sites

  • ESET Staff

Hi Rajnish,

In command 2, simply add -c parameter and you will get output in csv format, which contains full output. 
 

user@machine:/tmp$ /opt/eset/efs/bin/lslog -c --ods-detection="ndlDMkjQb"
Time detected,Severity,Object URI,Detection,Detection Type,Action,Hash,Raw detection name
10.11.2023 13:05:27,1,file:///tmp/eicar,Eicar,Test file,Cleaned by deleting,3395856CE81F2B7382DEE72602F798B642F14140,@NAME=Eicar@TYPE=Teststring@SUSP=inf

Accessing detections needs privileged user, so to avoid error mentioned above, you need to use root. But have in mind, that detections output doesn't contain infections found by malware scan (odscan utility). 

Regards,

Kurco

Edited by kurco
Link to comment
Share on other sites

  • ESET Staff

Nothing integrated into product directly, but you can filter out names of all detections by piping it into awk. 

user@machine:/tmp$ /opt/eset/efs/bin/lslog -c --ods-detection="ndli4bSMm" | awk -F ',' 'NR>1 {print $3}'
file:///tmp/eicar
file:///tmp/eicar.1
file:///tmp/eicar.2
file:///tmp/eicar.4
file:///tmp/eicar.3

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...