It appears that clamdscan with --multiscan and --allmatch together does not report multiple matches. Running without --multiscan reports all matches and then subsequent runs with both options together continues to report all matches until next restart.
Example:
# clamdscan test-file.zip --multiscan --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
# clamdscan test-file.zip --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
/tmp/test-file.zip: Win.Test.EICAR_HDB-1 FOUND
# clamdscan test-file.zip --multiscan --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
/tmp/test-file.zip: Win.Test.EICAR_HDB-1 FOUND
# systemctl restart clamd
# clamdscan test-file.zip --multiscan --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
--
Mehmet Tolga Avcioglu
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Example:
# clamdscan test-file.zip --multiscan --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
# clamdscan test-file.zip --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
/tmp/test-file.zip: Win.Test.EICAR_HDB-1 FOUND
# clamdscan test-file.zip --multiscan --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
/tmp/test-file.zip: Win.Test.EICAR_HDB-1 FOUND
# systemctl restart clamd
# clamdscan test-file.zip --multiscan --allmatch
/tmp/test-file.zip: ExeInZip.UNOFFICIAL FOUND
--
Mehmet Tolga Avcioglu
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat