clamscan man page on aLinux

Man page or keyword search:  
man Server   7435 pages
apropos Keyword Search (all sections)
Output format
aLinux logo
[printable version]

clamscan(1)			Clam AntiVirus			   clamscan(1)

NAME
       clamscan - scan files and directories for viruses

SYNOPSIS
       clamscan [options] [file/directory/-]

DESCRIPTION
       clamscan is a command line anti-virus scanner.

OPTIONS
       Most  of	 the  options are simple switches which enable or disable some
       features. Options marked with [=yes/no(*)] can be  optionally  followed
       by  =yes/=no; if they get called without the boolean argument the scan‐
       ner will assume 'yes'. The asterisk marks the default internal  setting
       for a given option.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version number and exit.

       -v, --verbose
	      Be verbose.

       --debug
	      Display debug messages from libclamav.

       --quiet
	      Be quiet (only print error messages).

       --stdout
	      Write all messages (except for libclamav output) to the standard
	      output (stdout).

       -d FILE/DIR, --database=FILE/DIR
	      Load virus database from FILE or load all virus  database	 files
	      from DIR.

       --official-db-only=[yes/no(*)]
	      Only  load  the  official	 signatures  published	by  the ClamAV
	      project.

       -l FILE, --log=FILE
	      Save scan report to FILE.

       --tempdir=DIRECTORY
	      Create temporary files in DIRECTORY. Directory must be  writable
	      for the '' user or unprivileged user running clamscan.

       --leave-temps
	      Do not remove temporary files.

       -f FILE, --file-list=FILE
	      Scan files listed line by line in FILE.

       -r, --recursive
	      Scan  directories	 recursively.  All  the	 subdirectories in the
	      given directory will be scanned.

       --cross-fs=[yes(*)/no]
	      Scan files and directories on other filesystems.

       --bell Sound bell on virus detection.

       --no-summary
	      Do not display summary at the end of scanning.

       --exclude=REGEX, --exclude-dir=REGEX
	      Don't scan file/directory	 names	matching  regular  expression.
	      These options can be used multiple times.

       --include=REGEX, --include-dir=REGEX
	      Only  scan  file/directory  matching  regular  expression. These
	      options can be used multiple times.

       -i, --infected
	      Only print infected files.

       --remove[=yes/no(*)]
	      Remove infected files. Be careful.

       --move=DIRECTORY
	      Move infected files into DIRECTORY. Directory must  be  writable
	      for the '' user or unprivileged user running clamscan.

       --copy=DIRECTORY
	      Copy  infected  files into DIRECTORY. Directory must be writable
	      for the '' user or unprivileged user running clamscan.

       --bytecode[=yes(*)/no]
	      With this option enabled ClamAV  will  load  bytecode  from  the
	      database.	 It  is highly recommended you keep this option turned
	      on, otherwise you may miss detections for many new viruses.

       --bytecode-trust-all[=yes/no(*)]
	      This option disables safety checks and makes  ClamAV  trust  all
	      bytecode. It should only be used for debugging.

       --bytecode-timeout=N
	      Set bytecode timeout in milliseconds (default: 60000 = 60s)

       --detect-pua[=yes/no(*)]
	      Detect Possibly Unwanted Applications.

       --exclude-pua=CATEGORY
	      Exclude  a specific PUA category. This option can be used multi‐
	      ple times. See http://www.clamav.net/support/pua	for  the  com‐
	      plete list of PUA

       --include-pua=CATEGORY
	      Only  include  a	specific PUA category. This option can be used
	      multiple times. See  http://www.clamav.net/support/pua  for  the
	      complete list of PUA

       --detect-structured[=yes/no(*)]
	      Use  the	DLP  (Data  Loss  Prevention) module to detect SSN and
	      Credit Card numbers inside documents/text files.

       --structured-ssn-format=X
	      X=0: search for valid SSNs formatted  as	xxx-yy-zzzz  (normal);
	      X=1:  search  for	 valid SSNs formatted as xxxyyzzzz (stripped);
	      X=2: search for both formats. Default is 0.

       --structured-ssn-count=#n
	      This option sets the lowest number of  Social  Security  Numbers
	      found in a file to generate a detect (default: 3).

       --structured-cc-count=#n
	      This  option sets the lowest number of Credit Card numbers found
	      in a file to generate a detect (default: 3).

       --scan-mail[=yes(*)/no]
	      Scan mail files.

       --phishing-sigs[=yes(*)/no]
	      Use the signature-based phishing detection.

       --phishing-scan-urls[=yes(*)/no]
	      Use the url-based heuristic phishing detection (Phishing.Heuris‐
	      tics.Email.*)

       --heuristic-scan-precedence[=yes/no(*)]
	      Allow  heuristic	match  to  take precedence. When enabled, if a
	      heuristic	 scan  (such  as  phishingScan)	 detects  a   possible
	      virus/phish  it  will  stop scan immediately. Recommended, saves
	      CPU scan-time. When disabled, virus/phish detected by  heuristic
	      scans  will be reported only at the end of a scan. If an archive
	      contains both a heuristically detected  virus/phish, and a  real
	      malware, the real malware will be reported Keep this disabled if
	      you intend to handle "*.Heuristics.*" viruses  differently  from
	      "real"  malware.	If  a non-heuristically-detected virus (signa‐
	      ture-based) is found first,  the	scan  is  interrupted  immedi‐
	      ately, regardless of this config option.

       --phishing-ssl[=yes/no(*)]
	      Block SSL mismatches in URLs (might lead to false positives!).

       --phishing-cloak[=yes/no(*)]
	      Block cloaked URLs (might lead to some false positives).

       --algorithmic-detection[=yes(*)/no]
	      In  some	cases (eg. complex malware, exploits in graphic files,
	      and others), ClamAV uses special algorithms to provide  accurate
	      detection.  This	option	can be used to control the algorithmic
	      detection.

       --scan-pe[=yes(*)/no]
	      PE stands for Portable Executable - it's an executable file for‐
	      mat used in all 32-bit versions of Windows operating systems. By
	      default ClamAV performs deeper analysis of executable files  and
	      attempts	to  decompress popular executable packers such as UPX,
	      Petite, and FSG.

       --scan-elf[=yes(*)/no]
	      Executable and Linking Format is a standard format for UN*X exe‐
	      cutables. This option controls the ELF support.

       --scan-ole2[=yes(*)/no]
	      Scan Microsoft Office documents and .msi files.

       --scan-pdf[=yes(*)/no]
	      Scan within PDF files.

       --scan-html[=yes(*)/no]
	      Detect,  normalize/decrypt  and  scan  HTML  files  and embedded
	      scripts.

       --scan-archive[=yes(*)/no]
	      Scan archives supported by libclamav.

       --detect-broken[=yes/no(*)]
	      Mark broken executables as viruses (Broken.Executable).

       --block-encrypted[=yes/no(*)]
	      Mark   encrypted	  archives    as    viruses    (Encrypted.Zip,
	      Encrypted.RAR).

       --max-files=#n
	      Extract at most #n files from each scanned file (when this is an
	      archive, a document or another kind of container).  This	option
	      protects your system against DoS attacks (default: 10000)

       --max-filesize=#n
	      Extract and scan at most #n kilobytes from each archive. You may
	      pass the value in megabytes in format xM or xm,  where  x	 is  a
	      number.  This  option  protects  your system against DoS attacks
	      (default: 25 MB, max: <4 GB)

       --max-scansize=#n
	      Extract and scan at most #n kilobytes from  each	scanned	 file.
	      You  may pass the value in megabytes in format xM or xm, where x
	      is a number.  This  option  protects  your  system  against  DoS
	      attacks (default: 100 MB, max: <4 GB)

       --max-recursion=#n
	      Set  archive  recursion  level  limit. This option protects your
	      system against DoS attacks (default: 16).

       --max-dir-recursion=#n
	      Maximum depth directories are scanned at (default: 15).

EXAMPLES
       (0) Scan a single file:

	      clamscan file

       (1) Scan a current working directory:

	      clamscan

       (2) Scan all files (and subdirectories) in /home:

	      clamscan -r /home

       (3) Load database from a file:

	      clamscan -d /tmp/newclamdb -r /tmp

       (4) Scan a data stream:

	      cat testfile | clamscan -

       (5) Scan a mail spool directory:

	      clamscan -r /var/spool/mail

RETURN CODES
       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

CREDITS
       Please check the full documentation for credits.

AUTHOR
       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO
       clamdscan(1), freshclam(1)

ClamAV 0.96		       December 30, 2008		   clamscan(1)
[top]

List of man pages available for aLinux

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net