Hi there, On Sun, 2 Sep 2012, john hutton cooper wrote:
... the return status comes back non-zero if it can't access a file, in which case I don't want to be bothered. ...
Hmmmmm. If malicious software manages to write a Trojan file and also limit the access to it you don't want to be bothered? I think I would want to be bothered. :)
... if there's both an error in the scan and also a virus is found, will it still return 1 indicating a virus, or a different error code? I don't want to miss a virus ...
The normal way to set up a return code would be to use a different bit in the return status word for each different kind of information. In that case you can mask the return codes and know all there was to know. Clamscan's return codes don't seem to meet this definition of normal, and I wouldn't know a way to distinguish for example beteen the single clamscan return value of 71: Can't allocate memory (malloc) and what might be the two values 70: Can't allocate memory (calloc) plus 1 : Virus(es) found There's hope, however. You have access to the source code. My guess is that the return codes are mutually exclusive, and you'll just have to test for all of them. The return codes for clamdscan are simpler. So is the code. A little experimentation and reading will probably tell you what you need to know. Alternatively you could use clamd directly, the interface is simple and reasonably well documented. I think in that case any error would need to be investigated but there would presumably be fewer of them as you'd be the one making them. :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
