clamscan(1)

1clamscan(1)                     Clam AntiVirus                     clamscan(1)
2
3
4

NAME

6       clamscan - scan files and directories for viruses
7

SYNOPSIS

9       clamscan [options] [file/directory/-]
10

DESCRIPTION

12       clamscan is a command line anti-virus scanner.
13

OPTIONS

15       -h, --help
16              Print help information and exit.
17
18       -V, --version
19              Print version number and exit.
20
21       -v, --verbose
22              Be verbose.
23
24       --debug
25              Display debug messages from libclamav.
26
27       --quiet
28              Be quiet (only print error messages).
29
30       --stdout
31              Write all messages (except for libclamav output) to the standard
32              output (stdout).
33
34       -d FILE/DIR, --database=FILE/DIR
35              Load virus database from FILE or load all virus  database  files
36              from DIR.
37
38       -l FILE, --log=FILE
39              Save scan report to FILE.
40
41       --tempdir=DIRECTORY
42              Create  temporary files in DIRECTORY. Directory must be writable
43              for the '' user or unprivileged user running clamscan.
44
45       --leave-temps
46              Do not remove temporary files.
47
48       -r, --recursive
49              Scan directories recursively.  All  the  subdirectories  in  the
50              given directory will be scanned.
51
52       --bell Sound bell on virus detection.
53
54       --no-summary
55              Do not display summary at the end of scanning.
56
57       --exclude=PATT, --exclude-dir=PATT
58              Don't  scan file/directory names containing PATT. It may be used
59              multiple times.
60
61       --include=PATT, --include-dir=PATT
62              Only scan file/directory names containing PATT. It may  be  used
63              multiple times.
64
65       -i, --infected
66              Only print infected files.
67
68       --remove
69              Remove infected files. Be careful.
70
71       --move=DIRECTORY
72              Move  infected  files into DIRECTORY. Directory must be writable
73              for the '' user or unprivileged user running clamscan.
74
75       --copy=DIRECTORY
76              Copy infected files into DIRECTORY. Directory must  be  writable
77              for the '' user or unprivileged user running clamscan.
78
79       --detect-pua
80              Detect Possibly Unwanted Applications.
81
82       --no-mail
83              Disable scanning of mail files.
84
85       --no-phishing-sigs
86              Disable signature-based phishing detection.
87
88       --no-phishing-scan-urls
89              Disable  url-based  heuristic  phishing detection. This disables
90              Phishing.Heuristics.Email.*
91
92       --no-phishing-restrictedscan
93              Enable url-based heuristic phishing detection  for  all  domains
94              (might lead to false positives!).
95
96       --phishing-ssl
97              Always  block  SSL mismatches in URLs (might lead to false posi‐
98              tives!).
99
100       --phishing-cloak
101              Always block cloaked URLs (might lead to some false positives).
102
103       --no-algorithmic
104              In some cases (eg. complex malware, exploits in  graphic  files,
105              and  others), ClamAV uses special algorithms to provide accurate
106              detection. This option disables the algorithmic detection.
107
108       --no-pe
109              PE stands for Portable Executable - it's an executable file for‐
110              mat used in all 32-bit versions of Windows operating systems. By
111              default ClamAV performs deeper analysis of executable files  and
112              attempts  to  decompress popular executable packers such as UPX,
113              Petite, and FSG. This option disables PE support and  should  be
114              used with care!
115
116       --no-elf
117              Executable and Linking Format is a standard format for UN*X exe‐
118              cutables. This option disables ELF support.
119
120       --no-ole2
121              Disable support for Microsoft Office documents and .msi files.
122
123       --no-pdf
124              Disable scanning within PDF files.
125
126       --no-html
127              Disable support for HTML detection and normalisation.
128
129       --no-archive
130              Disable archive support built in libclamav.
131
132       --detect-broken
133              Mark broken executables as viruses (Broken.Executable).
134
135       --block-encrypted
136              Mark   encrypted    archives    as    viruses    (Encrypted.Zip,
137              Encrypted.RAR).
138
139       --block-max
140              Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.Exceed‐
141              edFilesLimit)  if  max-files,  max-space,  or  max-recursion  is
142              reached.
143
144       --mail-follow-urls
145              If  an  email  contains  URLs ClamAV can download and scan them.
146              WARNING: This option may open your system to a DoS attack. Never
147              use it on loaded servers.
148
149       --max-files=#n
150              Extract  first  #n files from each archive. This option protects
151              your system against DoS attacks (default: 500)
152
153       --max-space=#n
154              Extract first #n kilobytes from each archive. You may  pass  the
155              value in megabytes in format xM or xm, where x is a number. This
156              option protects your system against DoS attacks (default: 10 MB)
157
158       --max-recursion=#n
159              Set archive recursion level limit.  This  option  protects  your
160              system against DoS attacks (default: 8).
161
162       --max-ratio=#n
163              Set  maximum  archive  compression ratio limit. This option pro‐
164              tects your system against DoS attacks (default: 250).
165
166       --max-mail-recursion=#n
167              Recursion level limit for the internal mail scanner.
168
169       --max-dir-recursion=#n
170              Maximum depth directories are scanned at (default: 15).
171
172       --unzip[=FULLPATH]
173              In most cases you don't need this option -  the  built-in  unar‐
174              chiver  will  extract  Zip archives. Howvere, this option may be
175              used as a backup for internal unpacker - see the full documenta‐
176              tion  for  more  information.  When enabled without an argument,
177              unzip program will be searched in  $PATH.  If  unzip  cannot  be
178              found in $PATH, you must force it with =pathname. Remember about
179              '=' between the option and the argument.
180
181       --unrar[=FULLPATH]
182              Scan .rar files. In most cases the unpacker built into libclamav
183              is enough.
184
185       --arj[=FULLPATH]
186              Scan .arj files.
187
188       --unzoo[=FULLPATH]
189              Scan .zoo files.
190
191       --lha[=FULLPATH]
192              Scan .lzh files.
193
194       --jar[=FULLPATH]
195              clamscan  uses  unzip  for  .jar files, so in some cases you may
196              need to pass a full path to unzip. In most  cases  the  unpacker
197              built into libclamav is enough.
198
199       --deb[=FULLPATH]
200              This  option supports debian binary packages. Implies --tgz, but
201              doesn't conflict with --tgz=FULLPATH. It requires ar utility.
202
203       --tar[=FULLPATH]
204              This option supports non-compressed tar archives. In most  cases
205              the unpacker built into libclamav is enough.
206
207       --tgz[=FULLPATH]
208              This option supports tar.gz and .tgz files. You need GNU tar, on
209              non-Linux system you probably have it installed as gtar. If it's
210              in $PATH, please use --tgz=gtar in other case please pass a full
211              path. In most cases the unpacker built into libclamav is enough.
212

EXAMPLES

214       (0) Scan a single file:
215
216              clamscan file
217
218       (1) Scan a current working directory:
219
220              clamscan
221
222       (2) Scan all files (and subdirectories) in /home:
223
224              clamscan -r /home
225
226       (3) Load database from a file and limit disk usage to 50 MB:
227
228              clamscan -d /tmp/newclamdb --max-space=50m -r /tmp
229
230       (4) Scan a data stream:
231
232              cat testfile | clamscan -
233
234       (5) Scan a mail spool directory:
235
236              clamscan -r /var/spool/mail
237

RETURN CODES

239       Note: some return codes may only appear in a  single  file  mode  (when
240       clamscan  is  started  with  a  single argument). Those are marked with
241       (ofm).
242
243       0 : No virus found.
244
245       1 : Virus(es) found.
246
247       40: Unknown option passed.
248
249       50: Database initialization error.
250
251       52: Not supported file type.
252
253       53: Can't open directory.
254
255       54: Can't open file. (ofm)
256
257       55: Error reading file. (ofm)
258
259       56: Can't stat input file / directory.
260
261       57: Can't get absolute path name of current working directory.
262
263       58: I/O error, please check your file system.
264
265       59: Can't get information about current user from /etc/passwd.
266
267       60: Can't get information about user '' from /etc/passwd.
268
269       61: Can't fork.
270
271       62: Can't initialize logger.
272
273       63: Can't create temporary files/directories (check permissions).
274
275       64: Can't write to temporary directory (please specify another one).
276
277       70: Can't allocate memory (calloc).
278
279       71: Can't allocate memory (malloc).
280

CREDITS

282       Please check the full documentation for credits.
283

AUTHOR

285       Tomasz Kojm <tkojm@clamav.net>
286