2

I'm trying to connect to ClamAV daemon clamd on localhost 3310 port via telnet comand in terminal:telnet 127.0.0.1 3310

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
nIDSESSION [pressed ENTER button on keyboard]
nPING      [pressed ENTER]

But it gives error:

1: Only nCMDS\n and zCMDS\0 are accepted inside IDSESSION. ERROR
1: Error processing command. ERROR
Connection closed by foreign host.

Entered zPING\0 [pressed ENTER] or nPING\n useless, prompts that error again.

Can you suggest anything?

elgolondrino
  • 123
  • 6

2 Answers2

2

A fast look at clamd man page suggests that SCAN, INSTREAM, FILDES, VERSION, STATS are maybe the only commands supported inside an IDSESSION.

Hence, you may need to move you PING command before starting a session.

Try this:

telnet 127.0.0.1 3310
nPING
nIDSESSION
nSCAN /foo/bar
nSCAN /foo/bar2
nEND

Note: Commands starting with z are for machines. As an interactive human you need to use commands starting with n. Do not type \n but hit return key instead.

A. Loiseau
  • 1,198
  • 7
  • 6
  • What is `return` key, is it `ENTER` button on keyboard? – elgolondrino Feb 18 '17 at 16:04
  • Yes it is. `\n` is a new line. – A. Loiseau Feb 18 '17 at 16:12
  • After entering a session with `nIDSESSION`, the connection is closed due to inactivity after 3 minutes (`COMMAND READ TIMED OUT`). `nPING` inside an established session is supposed to keep it open until a useful scan task is available to be sent to Clamd. At least that's what I understand from the docs: `The client can use the PING command to keep the connection alive.` What's the point in sending the `nPING` before the session? – Kos Prov Feb 05 '18 at 09:54
0

You should definitely call nPING after nIDSESSION or you will be disconnected.

I resolved this issue by using nc instead:

nc localhost 3310

nIDSESSION
nPING
1: PONG
nPING
2: PONG
nEND

yannick guenet
  • 1