Hello Rishabh, > root@fwuser-virtual-machine:/home/fwuser# clamscan electricity\ bill.pdf > --debug 2>&1 | grep "Recognized" > LibClamAV debug: Recognized PDF document file > LibClamAV debug: Recognized ASCII text > LibClamAV debug: Recognized ASCII text > LibClamAV debug: Recognized ASCII text > LibClamAV debug: Recognized binary data > LibClamAV debug: Recognized ASCII text > LibClamAV debug: Recognized binary data > LibClamAV debug: Recognized ASCII text > LibClamAV debug: Recognized binary data > LibClamAV debug: Recognized ASCII text > > In this case, should I rely on the first line of output?
Short answer : Yes ! Long answer : PDF are containers like zip, rar, tar, etc... Different kind of files are emmbedded wintin. So the first ligne is the real file format (=file extension) -- Best regards, Arnaud Jacques SecuriteInfo.com https://www.facebook.com/pages/SecuriteInfocom/132872523492286 _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
