[clamav-users] Can clamscan report the file extension?

Arnaud Jacques / SecuriteInfo.com webmaster at securiteinfo.com
Mon Mar 16 06:24:05 EDT 2015


Hello Rishabh,

> root at fwuser-virtual-machine:/home/fwuser# clamscan electricity\ bill.pdf
> --debug 2>&1 | grep "Recognized"
> LibClamAV debug: Recognized PDF document file
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> 
> In this case, should I rely on the first line of output?

Short answer : Yes !

Long answer :
PDF are containers like zip, rar, tar, etc... Different kind of files are 
emmbedded wintin.
So the first ligne is the real file format (=file extension)

-- 
Best regards,

Arnaud Jacques
SecuriteInfo.com

https://www.facebook.com/pages/SecuriteInfocom/132872523492286



More information about the clamav-users mailing list