@DustinB3403 said in ClamAV not showing infected files in logs:
I found this
Which says specifically:
Infected files reporting
In case you are recursively scanning the whole /home folder (or even the whole system) from a terminal emulator on your GUI, possibly there will be lots of files. In that case, as the output you will get is not infinite, it probably will help to generate a report containing the paths to all infected files. In that case you can do the following:
sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/report/file.txt
Be patient if you run that command and it doesn't seem to be working because even if you don't see the complete output it is really scanning the files. When you see the prompt again, that will mean the scan is finished and that you can open the file it has created to check any infected file detected in your system.
As Clamav doesn't disinfect the files, sometimes will be better to just know what are the infected files before putting it on quarantine or removing it. For example, you could be using Wine and by deleting an infected file you could break a program without having saved some data.
Got this so I just need only include "FOUND" with grep
/etc/suricata/rules/emerging-deleted.rules: Html.Trojan.Blackhole-65 FOUND