clamscan - scan files and directories against viruses


SYNOPSIS

       clamscan [options] [file/directory/-]


DESCRIPTION

       clamscan is a command line anti-virus scanner. It's a part
       of the Clam AntiVirus package.


OPTIONS

       -h, --help
              Print help information and exit.

       -V, --version
              Print version number and exit.

       -v, --verbose
              Be verbose.

       --debug
              Enable debug messages (from libclamav).

       --quiet
              Be quiet (only print error messages).

       --stdout
              Write all messages (except for libclamav output) to
              the standard output (stdout).

       -d FILE/DIR, --database=FILE/DIR
              Load  virus  database  from  FILE or load all virus
              database files from DIR.

       -l FILE, --log=FILE
              Save scan report to FILE.

       --tempdir=DIRECTORY
              Create temporary files in DIRECTORY. Directory must
              be  writeable for the 'clamav' user or unprivileged
              user running clamscan.

       --leave-temps
              Do not remove temporary files.

       -r, --recursive
              Scan directories recursively. All  the  subdirecto-
              ries in the given directory will be scanned.

       --bell Sound bell on virus detection.

       --no-summary
              Do not display summary at the end of scanning.
              Don't scan file/directory names containing PATT. It
              may be used multiple times.

       --include=PATT, --include-dir=PATT
              Only scan file/directory names containing PATT.  It
              may be used multiple times.

       -i, --infected
              Only print infected files.

       --remove
              Remove infected files. Be careful.

       --move=DIRECTORY
              Move  infected files into DIRECTORY. Directory must
              be writeable for the 'clamav' user or  unprivileged
              user running clamscan.

       --no-mail
              Disable scanning of mail files.

       --no-pe
              PE  stands  for  Portable Executable - it's an exe-
              cutable file format used in all 32-bit versions  of
              Windows  operating  systems. By default ClamAV per-
              forms  deeper  analysis  of  executable  files  and
              attempts  to  decompress popular executable packers
              such as UPX, Petite, and FSG. This option  disables
              PE support and should be used with care!

       --no-ole2
              Disable   support  for  Microsoft  Office  document
              files.

       --no-html
              Disable support for HTML detection  and  normalisa-
              tion.

       --no-archive
              Disable archive support built in libclamav.

       --detect-broken
              Mark  broken  executables  as  viruses (Broken.Exe-
              cutable).

       --block-encrypted
              Mark encrypted archives as viruses  (Encrypted.Zip,
              Encrypted.RAR).

       --block-max
              Mark  archives  as  viruses (e.g. RAR.ExceededFile-
              Size,   Zip.ExceededFilesLimit)    if    max-files,
              If  an  email contains URLs ClamAV can download and
              scan them. WARNING: This option may open your  sys-
              tem  to  a  DoS  attack.  Never  use  it  on loaded
              servers.

       --max-files=#n
              Extract first #n  files  from  each  archive.  This
              option  protects  your  system  against DoS attacks
              (default: 500)

       --max-space=#n
              Extract first #n kilobytes from each  archive.  You
              may  give  the  number in megabytes in format xM or
              xm, where x is a number. This option protects  your
              system against DoS attacks (default: 10 MB)

       --max-recursion=#n
              Set archive recursion level limit. This option pro-
              tects your system against DoS attacks (default: 8).

       --max-ratio=#n
              Set  maximum  archive compression ratio limit. This
              option protects your  system  against  DoS  attacks
              (default: 250).

       --max-dir-recurion=#n
              Maximum  depth directories are scanned at (default:
              15).

       --unzip[=FULLPATH]
              In most cases you don't  need  this  option  -  the
              built-in  unarchiver  will do extract Zip archives.
              This option however may be used  as  a  backup  for
              internal  unpacker - see the full documentation for
              more information. When enabled without an argument,
              unzip  program  will be searched in $PATH. If unzip
              cannot be found in $PATH, you must  force  it  with
              =pathname.  Remember  about  '=' between the option
              and an argument.

       --unrar[=FULLPATH]
              Scan .rar files.

       --unarj[=FULLPATH]
              Scan .arj files.

       --unzoo[=FULLPATH]
              Scan .zoo files.

       --lha[=FULLPATH]
              Scan .lzh files.

              clamscan uses unzip for .jar files,  so  optionally
              eventually  you  will  need  to pass a full path to
              unzip.

       --deb[=FULLPATH]
              This  option  supports  debian   binary   packages.
              Implies    --tgz,   but   doesn't   conflict   with
              --tgz=FULLPATH. It requires ar utility.

       --tar[=FULLPATH]
              This option supports non-compressed archives.

       --tgz[=FULLPATH]
              This option supports tar.gz  and  .tgz  files.  You
              need GNU tar, on non-Linux system you probably have
              it installed as gtar. If it's in $PATH, please  use
              --tgz=gtar in other case please pass a full path.


EXAMPLES

       (0) Scan selected file:

              clamscan file

       (1) Scan current working directory:

              clamscan

       (2) Scan all files (and subdirectories) in /home:

              clamscan -r /home

       (3)  Load  database from selected file and limit disk
              usage to 50 Mb:

              clamscan -d /tmp/newclamdb --max-space=50m -r /tmp

       (4) Scan data stream:

              cat testfile | clamscan -

       (5) Scan mail spool directory:

              clamscan -r /var/spool/mail


RETURN CODES

       Note: some return codes may only appear in a one file mode
       (clamscan is started with file argument). Those are marked
       with (ofm).

       0 : No virus found.

       1 : Virus(es) found.

       50: Database initialization error.

       52: Not supported file type.

       53: Can't open directory.

       54: Can't open file. (ofm)

       55: Error reading file. (ofm)

       56: Can't stat input file / directory.

       57: Can't get absolute path name of current working direc-
              tory.

       58: I/O error, please check your filesystem.

       59: Can't get information about current user from
              /etc/passwd.

       60: Can't get information about user 'clamav' (default
              name) from /etc/passwd.

       61: Can't fork.

       62: Can't initialize logger.

       63: Can't create temporary files/directories (check per-
              missions).

       64:  Can't  write  to temporary directory (please specify
              another one).

       70: Can't allocate and clear memory (calloc).

       71: Can't allocate memory (malloc).


CREDITS

       Please check the full documentation for credits.


AUTHOR

       Tomasz Kojm <tkojm@clamav.net>


SEE ALSO

       clamdscan(1), freshclam(1)







Man(1) output converted with man2html