Rechercher une page de manuel
clamscan
Langue: en
Version: 148940 (fedora - 04/07/09)
Section: 1 (Commandes utilisateur)
NAME
clamscan - scan files and directories for viruses
SYNOPSIS
clamscan [options] [file/directory/-]
DESCRIPTION
clamscan is a command line anti-virus scanner.
OPTIONS
Most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting for a given option.
- -h, --help
- Print help information and exit.
- -V, --version
- Print version number and exit.
- -v, --verbose
- Be verbose.
- --debug
- Display debug messages from libclamav.
- --quiet
- Be quiet (only print error messages).
- --stdout
- Write all messages (except for libclamav output) to the standard output (stdout).
- -d FILE/DIR, --database=FILE/DIR
- Load virus database from FILE or load all virus database files from DIR.
- -l FILE, --log=FILE
- Save scan report to FILE.
- --tempdir=DIRECTORY
- Create temporary files in DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.
- --leave-temps
- Do not remove temporary files.
- -r, --recursive
- Scan directories recursively. All the subdirectories in the given directory will be scanned.
- --bell
- Sound bell on virus detection.
- --no-summary
- Do not display summary at the end of scanning.
- --exclude=PATT, --exclude-dir=PATT
- Don't scan file/directory names containing PATT. It may be used multiple times.
- --include=PATT, --include-dir=PATT
- Only scan file/directory names containing PATT. It may be used multiple times.
- -i, --infected
- Only print infected files.
- --remove[=yes/no(*)]
- Remove infected files. Be careful.
- --move=DIRECTORY
- Move infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.
- --copy=DIRECTORY
- Copy infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.
- --detect-pua[=yes/no(*)]
- Detect Possibly Unwanted Applications.
- --exclude-pua=CATEGORY
- Exclude a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA
- --include-pua=CATEGORY
- Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA
- --detect-structured[=yes/no(*)]
- Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.
- --structured-ssn-format=X
- X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. Default is 0.
- --structured-ssn-count=#n
- This option sets the lowest number of Social Security Numbers found in a file to generate a detect (default: 3).
- --structured-cc-count=#n
- This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).
- --scan-mail[=yes(*)/no]
- Scan mail files.
- --phishing-sigs[=yes(*)/no]
- Use the signature-based phishing detection.
- --phishing-scan-urls[=yes(*)/no]
- Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)
- --heuristic-scan-precedence[=yes/no(*)]
- Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it will stop scan immediately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phish, and a real malware, the real malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config option.
- --phishing-ssl[=yes/no(*)]
- Block SSL mismatches in URLs (might lead to false positives!).
- --phishing-cloak[=yes/no(*)]
- Block cloaked URLs (might lead to some false positives).
- --algorithmic-detection[=yes(*)/no]
- In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option can be used to control the algorithmic detection.
- --scan-pe[=yes(*)/no]
- PE stands for Portable Executable - it's an executable file format used in all 32-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG.
- --scan-elf[=yes(*)/no]
- Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.
- --scan-ole2[=yes(*)/no]
- Scan Microsoft Office documents and .msi files.
- --scan-pdf[=yes(*)/no]
- Scan within PDF files.
- --scan-html[=yes(*)/no]
- Detect, normalize/decrypt and scan HTML files and embedded scripts.
- --scan-archive[=yes(*)/no]
- Scan archives supported by libclamav.
- --detect-broken[=yes/no(*)]
- Mark broken executables as viruses (Broken.Executable).
- --block-encrypted[=yes/no(*)]
- Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
- --mail-follow-urls[=yes/no(*)]
- If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
- --max-files=#n
- Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000)
- --max-filesize=#n
- Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)
- --max-scansize=#n
- Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)
- --max-recursion=#n
- Set archive recursion level limit. This option protects your system against DoS attacks (default: 16).
- --max-dir-recursion=#n
- Maximum depth directories are scanned at (default: 15).
EXAMPLES
- (0) Scan a single file:
-
clamscan file
- (1) Scan a current working directory:
-
clamscan
- (2) Scan all files (and subdirectories) in /home:
-
clamscan -r /home
- (3) Load database from a file:
-
clamscan -d /tmp/newclamdb -r /tmp
- (4) Scan a data stream:
-
cat testfile | clamscan -
- (5) Scan a mail spool directory:
-
clamscan -r /var/spool/mail
RETURN CODES
Note: some return codes may only appear in a single file mode (when clamscan is started with a single argument). Those are marked with (ofm).
0 : No virus found.
- 1 : Virus(es) found.
- 40: Unknown option passed.
- 50: Database initialization error.
- 52: Not supported file type.
- 53: Can't open directory.
- 54: Can't open file. (ofm)
- 55: Error reading file. (ofm)
- 56: Can't stat input file / directory.
- 57: Can't get absolute path name of current working directory.
- 58: I/O error, please check your file system.
- 62: Can't initialize logger.
- 63: Can't create temporary files/directories (check permissions).
- 64: Can't write to temporary directory (please specify another one).
- 70: Can't allocate memory (calloc).
- 71: Can't allocate memory (malloc).
CREDITS
Please check the full documentation for credits.AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre