How to hold session with ClamAV daemon?

1

I'm trying to connect to ClamAV daemon clamd on localhost 3310 port via telnet comand in terminal:telnet 127.0.0.1 3310

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
nIDSESSION [pressed ENTER button on keyboard]
nPING      [pressed ENTER]

But it gives error:

1: Only nCMDS\n and zCMDS\0 are accepted inside IDSESSION. ERROR
1: Error processing command. ERROR
Connection closed by foreign host.

Entered zPING\0 [pressed ENTER] or nPING\n useless, prompts that error again.

Can you suggest anything?

elgolondrino

Posted 2017-02-12T19:42:49.837

Reputation: 113

Aren't you looking for clamdscan?

– A. Loiseau – 2017-02-14T21:54:35.293

Answers

0

A fast look at clamd man page suggests that SCAN, INSTREAM, FILDES, VERSION, STATS are maybe the only commands supported inside an IDSESSION.

Hence, you may need to move you PING command before starting a session.

Try this:

telnet 127.0.0.1 3310
nPING
nIDSESSION
nSCAN /foo/bar
nSCAN /foo/bar2
nEND

Note: Commands starting with z are for machines. As an interactive human you need to use commands starting with n. Do not type \n but hit return key instead.

A. Loiseau

Posted 2017-02-12T19:42:49.837

Reputation: 1 070

What is return key, is it ENTER button on keyboard? – elgolondrino – 2017-02-18T16:04:31.347

Yes it is. \n is a new line. – A. Loiseau – 2017-02-18T16:12:56.957

After entering a session with nIDSESSION, the connection is closed due to inactivity after 3 minutes (COMMAND READ TIMED OUT). nPING inside an established session is supposed to keep it open until a useful scan task is available to be sent to Clamd. At least that's what I understand from the docs: The client can use the PING command to keep the connection alive. What's the point in sending the nPING before the session? – Kos Prov – 2018-02-05T09:54:04.287

Asked: 2017-02-12T19:42:49.837

Viewed: 682 times

Active: 2017-02-14T22:12:34.170