clamscan by default writes all messages to stderr.
Run it with --stdout enabled to redirect them to the standard
output. An example of the clamscan output is:
/tmp/test/removal-tool.exe: Worm.Sober FOUND /tmp/test/md5.o: OK /tmp/test/blob.c: OK /tmp/test/message.c: OK /tmp/test/error.hta: VBS.Inor.D FOUNDWhen a virus is found its name is printed between the
filename: and
FOUND strings. In case of archives the scanner depends on libclamav
and only prints the first virus found within an archive:
zolw@localhost:/tmp$ clamscan malware.zip malware.zip: Worm.Mydoom.U FOUNDTIP: You can force clamscan to list all infected files in an archive using -no-archive (that disables transparent decompressors built into libclamav) and external decompressors: -unzip -unrar....
zolw@localhost:/tmp$ clamscan --no-archive --unzip malware.zip Archive: /tmp/malware.zip inflating: test1.exe inflating: test2.exe inflating: test3.exe /tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND /tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND /tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND /tmp/malware.zip: Infected.Archive FOUND