I am running ClamAV on RedHat 9.3 and getting some new output from our daily scan that uses the command
> LibClamAV Warning: PNG: Unexpected early end-of-file. ClamAV does not indicate which file is ending unexpectedly early. The log file (25MB) doesn't seem to record any information about these 2 PNG files either. I tried:
/bin/clamscan -r / --exclude-dir=/sys/ --log=/var/log/clamscan.log --infected --quiet:
> LibClamAV Warning: PNG: Unexpected early end-of-file.> LibClamAV Warning: PNG: Unexpected early end-of-file. ClamAV does not indicate which file is ending unexpectedly early. The log file (25MB) doesn't seem to record any information about these 2 PNG files either. I tried:
grep -i Unexpected /var/log/clamscan.loggrep -i "end-of-file" /var/log/clamscan.loggrep -i "end of file" /var/log/clamscan.log
I understand that this is just a warning and not an error, but the message outputs an email every morning, since it is via cron and mailing any output to us and I would like to figure out where this seemingly corrupt PNG file is to remove it. Only thing I can think of is that we installed the nmap package the day before this started showing up so the file might have come from the files installed by that package, but I want a more general understanding of how to handle this problem.
With "--infected" and "--quiet" set, I can't think of any other way to state that I want to receive errors that require intervention/investigation while ignoring warnings such as this.
If I can't get clamscan to give me the location of the problematic files, I may just need to use a script to regex modify the output or use something like sed to get rid of "Unexpected early end-of-file" and echo the rest so we get emailed any errors with the scan executing but can ignore this. That's the plan if I can't get any insight into this specifically.
Asked by joeyofblades
(101 rep)
Nov 29, 2023, 03:56 PM
Last activity: Sep 20, 2024, 01:26 PM
Last activity: Sep 20, 2024, 01:26 PM