Running --verbose --debug would be too expensive on a server with millions of files.
We analyzed the logs and learned that when there is a warning log message, the affected file is the one whose name is logged immediately after the warning (counterintuitively logged with OK despite the warning). We discovered this during a normal run without --infected, --verbose or --debug flags. We only log infected files hence the use of --infected. Since the scan likely already has the file in scope, it might be a nice enhancement to include the filename directly in the warning/error message rather than requiring log correlation. The SWF-related warnings we're seeing are caused by link files containing short random character sequences that trigger clamscan's SWF detection (possibly due to magic cookies like "ZWS"). On Mon, Jun 16, 2025 at 1:08 PM Newcomer01 via clamav-users < [email protected]> wrote: > run clamscan with params --verbose --debug and check the log whats going > on > > Von / From: Callum.dommett100--- Via Clamav-Users > <[email protected]> > An / To: Newcomer01 <[email protected]> > CC / CC: Abraham Chavez <[email protected]> > Gesendet / Sent: Montag, Juni 16, 2025 um 21:56 (at 09:56 PM) +0200 > Betreff / Subject: [clamav-users] General usage question about warnings > and errors > > Hi, > > We periodically run clamscan on one of our servers and it is producing a > warning and an error log message for a certain file but the log messages do > not contain the file name. How can I find out which file causes the warning > and the error? I tried removing `--infected` and this causes the names of > all OK files to be printed, but the name of the file that causes the > warning/error is not logged. > > The specific log messages are as follows: > > LibClamAV Warning: SWF: declared input length != compressed stream size, > 893472074 != 9 > LibClamAV Error: scanzws: LzmaInit() failed > > We think the file type magic wrongly detects a SWF file but without > knowing which file we can not address this in any way. > > Thanks in advance, > > - Abraham > -- > > Abraham Chavez > > Software Engineer > > Computational Genomics Platform (CGP) > <https://cgp.genomics.ucsc.edu/team/> > > Revealing life’s code. > > _______________________________________________ > > Manage your clamav-users mailing list subscription / > unsubscribe:https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV > guide:https://github.com/Cisco-Talos/clamav-documentation > https://docs.clamav.net/#mailing-lists-and-chat > > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat > -- Abraham Chavez Software Engineer Computational Genomics Platform (CGP) <https://cgp.genomics.ucsc.edu/team/> Revealing life’s code.
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
