Jump to content

Get the quarantined file name for a scan.

Recommended Posts

On my linux machine, I am using below commands, and at last I need a specific result like file_name of the infected file. Please let me know how this can be done?

Command 1:  /opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /tmp/testscanDir/VirusCheck/Files*  --show-scan-info; echo $?;




Command 2: /opt/eset/efs/bin/lslog --ods-detections="ndlp8EAig";

Time detected  Severity       Object URI                             Detection              Detection Type         Action                 Hash
11/10/2023 ... 1              file:///tmp/testscanDir/te.....   Eicar                  Test file              Cleaned by deleting    CF8BD9DFDDF...


As in result of command 2 we can see I am unable to get the complete file name, is there any option for that?

I tried one more command from quarantine, there I can get id and complete file name, but not able to find a common command/approach where I can find some relation between id of quarantine command and id/log_name generated from odscan command, so that I may get the file name.

Command : /opt/eset/efs/bin/quar -l;
Output: id              Time                  Name                                Detection      Detection Type Reason         Size           Count   Hash           Excludable
7295727985172563435 11/10/2023 06:45:44 AM /tmp/testscanDir/testfile.txt       Eicar          Test file                     69             3       CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62 -

I tried to see the detections as well. But it is giving me below error:

Command: /opt/eset/efs/bin/lslog --detections;
Output ESET Server Security Error: Insufficient credentials to perform the request.


Please let me know how may I get the name of infected file and what are different approaches for that.

Link to comment
Share on other sites

  • ESET Staff

Hi Rajnish,

In command 2, simply add -c parameter and you will get output in csv format, which contains full output. 

user@machine:/tmp$ /opt/eset/efs/bin/lslog -c --ods-detection="ndlDMkjQb"
Time detected,Severity,Object URI,Detection,Detection Type,Action,Hash,Raw detection name
10.11.2023 13:05:27,1,file:///tmp/eicar,Eicar,Test file,Cleaned by deleting,3395856CE81F2B7382DEE72602F798B642F14140,@NAME=Eicar@TYPE=Teststring@SUSP=inf

Accessing detections needs privileged user, so to avoid error mentioned above, you need to use root. But have in mind, that detections output doesn't contain infections found by malware scan (odscan utility). 



Edited by kurco
Link to comment
Share on other sites

In this format we may have to filter our data through some script. Is there any command which may specifically give us the file name of all the detections for a particular odscan?

Link to comment
Share on other sites

  • ESET Staff

Nothing integrated into product directly, but you can filter out names of all detections by piping it into awk. 

user@machine:/tmp$ /opt/eset/efs/bin/lslog -c --ods-detection="ndli4bSMm" | awk -F ',' 'NR>1 {print $3}'


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...