On-demand scanner (fsav) exit codes

This discussion has a more recent version.
Jali Posts: 1,769 F-Secure Employee

This article describes the exit codes of fsav(3), the command line scanner module included in the Security Platform and F-Secure Linux Security.

FSAV has the following exit codes:

  • 0 - Normal exit; no viruses or suspicious files found.
  • 1 - Fatal error; unrecoverable error. (Usually a missing or corrupted file.)
  • 3 - A boot virus or file virus found.
  • 4 - Riskware (potential spyware) found.
  • 6 - At least one virus was removed and no infected files left.
  • 7 - Out of memory.
  • 8 - Suspicious files found; these are not necessarily infected by a virus.
  • 9 - Scan error, at least one file scan failed.
  • 130 - Program was terminated by pressing CTRL-C, or by a sigterm or suspend event.

FSAV reports the exit codes in the following priority order: 130, 7, 1, 3, 4, 8, 6, 9, 0.

If the evaluation version has expired, launching FSAV returns exit code 1 (fatal error). If you scan a file larger than 2GB with the default setting ("skiplarge" not enabled), exit code is 9 (scan error). With "skiplarge" enabled, exit code is 0 (normal exit).

To view the exit code generated when scanning a particular file, use the following approach:

# fsav <name-and-path-of-file-to-scan>
# echo $?

In the above example, the file was clean (exit code is 0). If the Exit code is larger than 128, normally this means the process was killed by a signal and the signal number is "exit-code" - 128. To give an example, if the exit code was 143, the process was killed by SIGTERM(15).