Rajnish Kumar 0 Posted November 10 Share Posted November 10 On my linux machine, I am using below commands, and at last I need a specific result like file_name of the infected file. Please let me know how this can be done? Command 1: /opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /tmp/testscanDir/VirusCheck/Files* --show-scan-info; echo $?; Output: { "type":0, "session_id":35, "log_name":"ndlp8EAig" } 1 ======================================= Command 2: /opt/eset/efs/bin/lslog --ods-detections="ndlp8EAig"; Output: Time detected Severity Object URI Detection Detection Type Action Hash 11/10/2023 ... 1 file:///tmp/testscanDir/te..... Eicar Test file Cleaned by deleting CF8BD9DFDDF... ======================================== As in result of command 2 we can see I am unable to get the complete file name, is there any option for that? I tried one more command from quarantine, there I can get id and complete file name, but not able to find a common command/approach where I can find some relation between id of quarantine command and id/log_name generated from odscan command, so that I may get the file name. Command : /opt/eset/efs/bin/quar -l; Output: id Time Name Detection Detection Type Reason Size Count Hash Excludable 7295727985172563435 11/10/2023 06:45:44 AM /tmp/testscanDir/testfile.txt Eicar Test file 69 3 CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62 - I tried to see the detections as well. But it is giving me below error: Command: /opt/eset/efs/bin/lslog --detections; Output : ESET Server Security Error: Insufficient credentials to perform the request. Please let me know how may I get the name of infected file and what are different approaches for that. Quote Link to comment Share on other sites More sharing options...
ESET Staff kurco 10 Posted November 10 ESET Staff Share Posted November 10 (edited) Hi Rajnish, In command 2, simply add -c parameter and you will get output in csv format, which contains full output. user@machine:/tmp$ /opt/eset/efs/bin/lslog -c --ods-detection="ndlDMkjQb" Time detected,Severity,Object URI,Detection,Detection Type,Action,Hash,Raw detection name 10.11.2023 13:05:27,1,file:///tmp/eicar,Eicar,Test file,Cleaned by deleting,3395856CE81F2B7382DEE72602F798B642F14140,@NAME=Eicar@TYPE=Teststring@SUSP=inf Accessing detections needs privileged user, so to avoid error mentioned above, you need to use root. But have in mind, that detections output doesn't contain infections found by malware scan (odscan utility). Regards, Kurco Edited November 10 by kurco Quote Link to comment Share on other sites More sharing options...
Rajnish Kumar 0 Posted November 10 Author Share Posted November 10 In this format we may have to filter our data through some script. Is there any command which may specifically give us the file name of all the detections for a particular odscan? Quote Link to comment Share on other sites More sharing options...
ESET Staff kurco 10 Posted November 10 ESET Staff Share Posted November 10 Nothing integrated into product directly, but you can filter out names of all detections by piping it into awk. user@machine:/tmp$ /opt/eset/efs/bin/lslog -c --ods-detection="ndli4bSMm" | awk -F ',' 'NR>1 {print $3}' file:///tmp/eicar file:///tmp/eicar.1 file:///tmp/eicar.2 file:///tmp/eicar.4 file:///tmp/eicar.3 Quote Link to comment Share on other sites More sharing options...
ESET Staff J.J. 24 Posted November 10 ESET Staff Share Posted November 10 You can list detections of specific on-demand scan by lslog https://help.eset.com/essl/10.1/en-US/events.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.