clamd(8) - f38

1Clam Daemon(8)                  Clam AntiVirus                  Clam Daemon(8)
2
3
4

NAME

6       clamd - an anti-virus daemon
7

SYNOPSIS

9       clamd [options]
10

DESCRIPTION

12       The  daemon  listens for incoming connections on Unix and/or TCP socket
13       and scans files or directories on demand. It  reads  the  configuration
14       from /etc/clamd.d/scan.conf
15

COMMANDS

17       It's recommended to prefix clamd commands with the letter z (eg. zSCAN)
18       to indicate that the command will be delimited by a NULL character  and
19       that  clamd should continue reading command data until a NULL character
20       is read. The null delimiter assures that the complete command  and  its
21       entire  argument  will  be processed as a single command. Alternatively
22       commands may be prefixed with the letter n (e.g. nSCAN) to use  a  new‐
23       line  character  as  the  delimiter.  Clamd replies will honour the re‐
24       quested terminator in turn.  If clamd doesn't recognize the command, or
25       the  command  doesn't  follow the requirements specified below, it will
26       reply with an error message, and close the connection.
27
28       Clamd recognizes the following commands:
29
30
31       PING   Check the server's state. It should reply with "PONG".
32
33       VERSION
34              Print program and database versions.
35
36       RELOAD Reload the virus databases.
37
38       SHUTDOWN
39              Perform a clean exit.
40
41       SCAN file/directory
42              Scan a file or a directory (recursively)  with  archive  support
43              enabled  (if  not  disabled  in  clamd.conf). A full path is re‐
44              quired.
45
46       CONTSCAN file/directory
47              Scan file or directory (recursively) with  archive  support  en‐
48              abled and don't stop the scanning when a virus is found.
49
50       MULTISCAN file/directory
51              Scan  file in a standard way or scan directory (recursively) us‐
52              ing multiple threads (to make the scanning  faster  on  SMP  ma‐
53              chines).
54
55       ALLMATCHSCAN file/directory
56              ALLMATCHSCAN  works  just  like  SCAN except that it sets a mode
57              where scanning continues after finding a match within a file.
58
59       INSTREAM
60              It is mandatory to prefix this command with n or z.
61
62              Scan a stream of data. The stream is sent to  clamd  in  chunks,
63              after  INSTREAM,  on  the  same  socket on which the command was
64              sent.  This avoids the overhead of establishing new TCP  connec‐
65              tions  and  problems  with  NAT.  The  format  of  the chunk is:
66              '<length><data>' where <length> is the  size  of  the  following
67              data  in bytes expressed as a 4 byte unsigned integer in network
68              byte order and <data> is the actual chunk. Streaming  is  termi‐
69              nated  by  sending  a  zero-length  chunk.  Note:  do not exceed
70              StreamMaxLength as defined in clamd.conf, otherwise  clamd  will
71              reply  with  INSTREAM  size limit exceeded and close the connec‐
72              tion.
73
74       FILDES It is mandatory to newline terminate  this  command,  or  prefix
75              with n or z.
76
77              This command only works on UNIX domain sockets.  Scan a file de‐
78              scriptor.  After  issuing  a   FILDES   command   a   subsequent
79              rfc2292/bsd4.4  style packet (with at least one dummy character)
80              is sent to clamd carrying the file descriptor to be scanned  in‐
81              side  the ancillary data.  Alternatively the file descriptor may
82              be sent in the same packet, including the extra character.
83
84       STATS  It is mandatory to newline terminate  this  command,  or  prefix
85              with n or z, it is recommended to only use the z prefix.
86
87              Replies  with  statistics about the scan queue, contents of scan
88              queue, and memory usage. The exact reply format  is  subject  to
89              change in future releases.
90
91       IDSESSION, END
92              It is mandatory to prefix this command with n or z, and all com‐
93              mands inside IDSESSION must be prefixed.
94
95              Start/end a clamd session. Within a session multiple  SCAN,  IN‐
96              STREAM,  FILDES, VERSION, STATS commands can be sent on the same
97              socket without opening new connections. Replies from clamd  will
98              be in the form '<id>: <response>' where <id> is the request num‐
99              ber (in ascii, starting from 1)  and  <response>  is  the  usual
100              clamd  reply.  The reply lines have same delimiter as the corre‐
101              sponding command had.  Clamd will  process  the  commands  asyn‐
102              chronously, and reply as soon as it has finished processing.
103
104              Clamd  requires  clients to read all the replies it sent, before
105              sending more commands to prevent send()  deadlocks.  The  recom‐
106              mended  way  to  implement  a client that uses IDSESSION is with
107              non-blocking sockets, and a select()/poll() loop: whenever  send
108              would  block,  sleep  in  select/poll until either you can write
109              more data, or read more replies.  Note that  using  non-blocking
110              sockets   without   the   select/poll   loop   and   alternating
111              recv()/send() doesn't comply with clamd's requirements.
112
113              If clamd detects that a client has deadlocked,   it  will  close
114              the  connection.  Note that clamd may close an IDSESSION connec‐
115              tion too if you don't follow the  protocol's  requirements.  The
116              client can use the PING command to keep the connection alive.
117
118       VERSIONCOMMANDS
119              It  is  mandatory to prefix this command with either n or z.  It
120              is recommended to use nVERSIONCOMMANDS.
121
122              Print program and database versions, followed by  "|  COMMANDS:"
123              and  a  space-delimited list of supported commands.  Clamd <0.95
124              will recognize this as the VERSION command, and reply only  with
125              their version, without the commands list.
126
127              This  command  can be used as an easy way to check for IDSESSION
128              support for example.
129
130       DEPRECATED COMMANDS
131
132       STREAM Scan stream - on this command clamd will  return  "PORT  number"
133              you  should  connect  to and send data to scan. (DEPRECATED, use
134              INSTREAM instead)
135
136       NOT SUPPORTED COMMANDS
137
138       SESSION, END
139              Start/end a clamd session which will allow you to  run  multiple
140              commands per TCP session. (use IDSESSION instead)
141
142

OPTIONS

144       -h, --help
145              Output help information and exit.
146
147       -V, --version
148              Print the version number and exit.
149
150       -F, --foreground
151              Run in foreground; do not daemonize.
152
153       --debug
154              Enable debug mode.
155
156       -c FILE, --config-file=FILE
157              Read configuration from FILE.
158
159

ENVIRONMENT VARIABLES

161       clamd uses the following environment variables:
162
163       LD_LIBRARY_PATH - May be used on startup to find the libclamunrar_iface
164       shared library module to enable RAR archive support.
165
166

SIGNALS

168       Clamd recognizes the following signals:
169
170       SIGHUP Reopen the logfile.
171
172       SIGUSR2
173              Reload the signature databases.
174
175       SIGTERM
176              Perform a clean exit.
177

FILES

179       /etc/clamd.d/scan.conf
180

CREDITS

182       Please check the full documentation for credits.
183

AUTHOR

185       Tomasz Kojm <tkojm@clamav.net>
186