zolw@Wierszokleta:~$ telnet localhost 3310 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SCAN /home/zolw/infected /home/zolw/infected/sobre.com: W32/Magistr.B FOUND Connection closed by foreign host.In SCAN mode it closes the connection when first virus is found. In the case of archives, the output is exactly the same as with normal files:
SCAN /home/zolw/Clam/test/test2.zip /home/zolw/Clam/test/test2.zip: ClamAV-Test-Signature FOUNDCONTSCAN displays all infected files found.
SCAN /no/such/file /no/such/file: Can't stat() the file ERRORand they can be easily parsed.
clamscan writes all messages (only help is written to stdout by default) to stderr. In some situations you may want to redirect it to stdout with -stdout. stdout in contrast to stderr is buffered, that's why clamscan flushes this buffer after each message, to prevent the creation of trashes on the output. During scanning it writes something like this:
/TEST/test: OK /TEST/Makefile: OK /TEST/getopt.c: OK /TEST/virfile: Phantom #1 FOUNDWhen a virus is found, its name is printed between filename: and FOUND. If a virus is found in an archive scanned with an external unpacker it's noticed with Infected Archive. "Infected Archives" are not counted as infected files - just files in them are. Please note the difference between an internal unarchiving - because it's realized transparently by the libclamav, clamscan doesn't even know the file is an archive.