clamscan writes all regular program messages to stdout and
errors/warnings to stderr. You can use the option --stdout
to redirect all program messages to stdout. Warnings and error
messages from libclamav are always printed to stderr.
A typical output from clamscan looks like this:
/tmp/test/removal-tool.exe: Worm.Sober FOUND /tmp/test/md5.o: OK /tmp/test/blob.c: OK /tmp/test/message.c: OK /tmp/test/error.hta: VBS.Inor.D FOUNDWhen a virus is found its name is printed between the
filename: and
FOUND strings. In case of archives the scanner depends on libclamav
and only prints the first virus found within an archive:
zolw@localhost:/tmp$ clamscan malware.zip malware.zip: Worm.Mydoom.U FOUNDTIP: You can force clamscan to list all infected files in an archive using -no-archive (this option disables transparent decompressors built into libclamav) and enabling external decompressors: -unzip -unrar....
zolw@localhost:/tmp$ clamscan --no-archive --unzip malware.zip Archive: /tmp/malware.zip inflating: test1.exe inflating: test2.exe inflating: test3.exe /tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND /tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND /tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND /tmp/malware.zip: Infected.Archive FOUND