clamscan - scan files and directories against viruses
SYNOPSIS
clamscan [options] [file/directory/-]
DESCRIPTION
clamscan is a command line anti-virus scanner. It's a part
of the Clam AntiVirus package.
OPTIONS
-h, --help
Print help information and exit.
-V, --version
Print version number and exit.
-v, --verbose
Be verbose.
--debug
Enable debug messages (from libclamav).
--quiet
Be quiet (only print error messages).
--stdout
Write all messages (except for libclamav output) to
the standard output (stdout).
-d FILE/DIR, --database=FILE/DIR
Load virus database from FILE or load all virus
database files from DIR.
-l FILE, --log=FILE
Save scan report to FILE.
--tempdir=DIRECTORY
Create temporary files in DIRECTORY. Directory must
be writeable for the 'clamav' user or unprivileged
user running clamscan.
--leave-temps
Do not remove temporary files.
-r, --recursive
Scan directories recursively. All the subdirecto-
ries in the given directory will be scanned.
--bell Sound bell on virus detection.
--no-summary
Do not display summary at the end of scanning.
Don't scan file/directory names containing PATT. It
may be used multiple times.
--include=PATT, --include-dir=PATT
Only scan file/directory names containing PATT. It
may be used multiple times.
-i, --infected
Only print infected files.
--remove
Remove infected files. Be careful.
--move=DIRECTORY
Move infected files into DIRECTORY. Directory must
be writeable for the 'clamav' user or unprivileged
user running clamscan.
--no-mail
Disable scanning of mail files.
--no-pe
PE stands for Portable Executable - it's an exe-
cutable file format used in all 32-bit versions of
Windows operating systems. By default ClamAV per-
forms deeper analysis of executable files and
attempts to decompress popular executable packers
such as UPX, Petite, and FSG. This option disables
PE support and should be used with care!
--no-ole2
Disable support for Microsoft Office document
files.
--no-html
Disable support for HTML detection and normalisa-
tion.
--no-archive
Disable archive support built in libclamav.
--detect-broken
Mark broken executables as viruses (Broken.Exe-
cutable).
--block-encrypted
Mark encrypted archives as viruses (Encrypted.Zip,
Encrypted.RAR).
--block-max
Mark archives as viruses (e.g. RAR.ExceededFile-
Size, Zip.ExceededFilesLimit) if max-files,
If an email contains URLs ClamAV can download and
scan them. WARNING: This option may open your sys-
tem to a DoS attack. Never use it on loaded
servers.
--max-files=#n
Extract first #n files from each archive. This
option protects your system against DoS attacks
(default: 500)
--max-space=#n
Extract first #n kilobytes from each archive. You
may give the number in megabytes in format xM or
xm, where x is a number. This option protects your
system against DoS attacks (default: 10 MB)
--max-recursion=#n
Set archive recursion level limit. This option pro-
tects your system against DoS attacks (default: 8).
--max-ratio=#n
Set maximum archive compression ratio limit. This
option protects your system against DoS attacks
(default: 250).
--max-dir-recurion=#n
Maximum depth directories are scanned at (default:
15).
--unzip[=FULLPATH]
In most cases you don't need this option - the
built-in unarchiver will do extract Zip archives.
This option however may be used as a backup for
internal unpacker - see the full documentation for
more information. When enabled without an argument,
unzip program will be searched in $PATH. If unzip
cannot be found in $PATH, you must force it with
=pathname. Remember about '=' between the option
and an argument.
--unrar[=FULLPATH]
Scan .rar files.
--unarj[=FULLPATH]
Scan .arj files.
--unzoo[=FULLPATH]
Scan .zoo files.
--lha[=FULLPATH]
Scan .lzh files.
clamscan uses unzip for .jar files, so optionally
eventually you will need to pass a full path to
unzip.
--deb[=FULLPATH]
This option supports debian binary packages.
Implies --tgz, but doesn't conflict with
--tgz=FULLPATH. It requires ar utility.
--tar[=FULLPATH]
This option supports non-compressed archives.
--tgz[=FULLPATH]
This option supports tar.gz and .tgz files. You
need GNU tar, on non-Linux system you probably have
it installed as gtar. If it's in $PATH, please use
--tgz=gtar in other case please pass a full path.
EXAMPLES
(0) Scan selected file:
clamscan file
(1) Scan current working directory:
clamscan
(2) Scan all files (and subdirectories) in /home:
clamscan -r /home
(3) Load database from selected file and limit disk
usage to 50 Mb:
clamscan -d /tmp/newclamdb --max-space=50m -r /tmp
(4) Scan data stream:
cat testfile | clamscan -
(5) Scan mail spool directory:
clamscan -r /var/spool/mail
RETURN CODES
Note: some return codes may only appear in a one file mode
(clamscan is started with file argument). Those are marked
with (ofm).
0 : No virus found.
1 : Virus(es) found.
50: Database initialization error.
52: Not supported file type.
53: Can't open directory.
54: Can't open file. (ofm)
55: Error reading file. (ofm)
56: Can't stat input file / directory.
57: Can't get absolute path name of current working direc-
tory.
58: I/O error, please check your filesystem.
59: Can't get information about current user from
/etc/passwd.
60: Can't get information about user 'clamav' (default
name) from /etc/passwd.
61: Can't fork.
62: Can't initialize logger.
63: Can't create temporary files/directories (check per-
missions).
64: Can't write to temporary directory (please specify
another one).
70: Can't allocate and clear memory (calloc).
71: Can't allocate memory (malloc).
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamdscan(1), freshclam(1)
Man(1) output converted with
man2html