[clamav-users] Can clamscan report the file extension?
Arnaud Jacques / SecuriteInfo.com
webmaster at securiteinfo.com
Mon Mar 16 10:24:05 UTC 2015
Hello Rishabh,
> root at fwuser-virtual-machine:/home/fwuser# clamscan electricity\ bill.pdf
> --debug 2>&1 | grep "Recognized"
> LibClamAV debug: Recognized PDF document file
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
>
> In this case, should I rely on the first line of output?
Short answer : Yes !
Long answer :
PDF are containers like zip, rar, tar, etc... Different kind of files are
emmbedded wintin.
So the first ligne is the real file format (=file extension)
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
https://www.facebook.com/pages/SecuriteInfocom/132872523492286
More information about the clamav-users
mailing list