~ubuntu-branches/ubuntu/feisty/clamav/feisty

Most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting for a given option.

.TP

\fB\-h, \-\-help\fR

Print help information and exit.

.TP

\fB\-V, \-\-version\fR

Print version number and exit.

.TP

\fB\-v, \-\-verbose\fR

Be verbose.

.TP

\fB\-\-debug\fR

Display debug messages from libclamav.

.TP

\fB\-\-quiet\fR

Be quiet (only print error messages).

.TP

\fB\-\-stdout\fR

Write all messages (except for libclamav output) to the standard output (stdout).

.TP

\fB\-d FILE/DIR, \-\-database=FILE/DIR\fR

Load virus database from FILE or load all virus database files from DIR.

.TP

\fB\-\-official\-db\-only=[yes/no(*)]\fR

Only load the official signatures published by the ClamAV project.

.TP

\fB\-l FILE, \-\-log=FILE\fR

Save scan report to FILE.

.TP

\fB\-\-tempdir=DIRECTORY\fR

Create temporary files in DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan.

.TP

\fB\-\-leave\-temps\fR

Do not remove temporary files.

.TP

\fB\-f FILE, \-\-file\-list=FILE\fR

Scan files listed line by line in FILE.

.TP

\fB\-r, \-\-recursive\fR

Scan directories recursively. All the subdirectories in the given directory will be scanned.

.TP

\fB\-\-cross\-fs=[yes(*)/no]\fR

Scan files and directories on other filesystems.

.TP

\fB\-\-follow\-dir\-symlinks=[0/1(*)/2]\fR

Follow directory symlinks. There are 3 options: 0 - never follow directory symlinks, 1 (default) - only follow directory symlinks, which are passed as direct arguments to clamscan. 2 - never follow directory symlinks.

.TP

\fB\-\-follow\-file\-symlinks=[0/1(*)/2]\fR

Follow file symlinks. There are 3 options: 0 - never follow file symlinks, 1 (default) - only follow file symlinks, which are passed as direct arguments to clamscan. 2 - never follow file symlinks.

.TP

\fB\-\-bell\fR

Sound bell on virus detection.

.TP

\fB\-\-no\-summary\fR

Do not display summary at the end of scanning.

.TP

\fB\-\-exclude=REGEX, \-\-exclude\-dir=REGEX\fR

Don't scan file/directory names matching regular expression. These options can be used multiple times.

.TP

\fB\-\-include=REGEX, \-\-include\-dir=REGEX\fR

Only scan file/directory matching regular expression. These options can be used multiple times.

.TP

\fB\-i, \-\-infected\fR

Only print infected files.

.TP

\fB\-\-remove[=yes/no(*)]\fR

Remove infected files. \fBBe careful.\fR

.TP

\fB\-\-move=DIRECTORY\fR

Move infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan.

.TP

\fB\-\-copy=DIRECTORY\fR

Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan.

.TP

\fB\-\-bytecode[=yes(*)/no]\fR

With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses.

.TP

\fB\-\-bytecode\-trust\-all[=yes/no(*)]\fR

This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging.

.TP

\fB\-\-bytecode\-timeout=N\fR

Set bytecode timeout in milliseconds (default: 60000 = 60s)

.TP

\fB\-\-detect\-pua[=yes/no(*)]\fR

Detect Possibly Unwanted Applications.

.TP

\fB\-\-exclude\-pua=CATEGORY\fR

100

Exclude a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA

101

.TP

102

\fB\-\-include\-pua=CATEGORY\fR

103

Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA

104

.TP

105

\fB\-\-detect\-structured[=yes/no(*)]\fR

106

Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.

107

.TP

108

\fB\-\-structured\-ssn\-format=X\fR

109

X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. Default is 0.

110

.TP

111

\fB\-\-structured\-ssn\-count=#n\fR

112

This option sets the lowest number of Social Security Numbers found in a file to generate a detect (default: 3).

113

.TP

114

\fB\-\-structured\-cc\-count=#n\fR

115

This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).

116

.TP

117

\fB\-\-scan\-mail[=yes(*)/no]\fR

118

Scan mail files.

119

.TP

120

\fB\-\-phishing\-sigs[=yes(*)/no]\fR

121

Use the signature-based phishing detection.

122

.TP

123

\fB\-\-phishing\-scan\-urls[=yes(*)/no]\fR

124

Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)

125

.TP

126

\fB\-\-heuristic\-scan\-precedence[=yes/no(*)]\fR

127

Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it will stop scan immediately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phish, and a real malware, the real malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config option.

128

.TP

129

\fB\-\-phishing\-ssl[=yes/no(*)]\fR

130

Block SSL mismatches in URLs (might lead to false positives!).

131

.TP

132

\fB\-\-phishing\-cloak[=yes/no(*)]\fR

133

Block cloaked URLs (might lead to some false positives).

134

.TP

135

\fB\-\-algorithmic\-detection[=yes(*)/no]\fR

136

In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option can be used to control the algorithmic detection.

137

.TP

138

\fB\-\-scan\-pe[=yes(*)/no]\fR

139

PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG.

140

.TP

141

\fB\-\-scan\-elf[=yes(*)/no]\fR

142

Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.

143

.TP

144

\fB\-\-scan\-ole2[=yes(*)/no]\fR

145

Scan Microsoft Office documents and .msi files.

146

.TP

147

\fB\-\-scan\-pdf[=yes(*)/no]\fR

148

Scan within PDF files.

149

.TP

150

\fB\-\-scan\-html[=yes(*)/no]\fR

151

Detect, normalize/decrypt and scan HTML files and embedded scripts.

152

.TP

153

\fB\-\-scan\-archive[=yes(*)/no]\fR

154

Scan archives supported by libclamav.

155

.TP

156

\fB\-\-detect\-broken[=yes/no(*)]\fR

157

Mark broken executables as viruses (Broken.Executable).

158

.TP

159

\fB\-\-block\-encrypted[=yes/no(*)]\fR

160

Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

161

.TP

162

\fB\-\-max\-files=#n\fR

163

Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000)

164

.TP

165

\fB\-\-max\-filesize=#n\fR

166

Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)

167

.TP

168

\fB\-\-max\-scansize=#n\fR

169

Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)

170

.TP

171

\fB\-\-max\-recursion=#n\fR

172

Set archive recursion level limit. This option protects your system against DoS attacks (default: 16).

173

.TP

174

\fB\-\-max\-dir\-recursion=#n\fR

175

Maximum depth directories are scanned at (default: 15).

176

.SH "EXAMPLES"

177

.LP

178

.TP

179

(0) Scan a single file:

180

181

\fBclamscan file\fR

182

.TP

183

(1) Scan a current working directory:

184

185

\fBclamscan\fR

186

.TP

187

(2) Scan all files (and subdirectories) in /home:

188

189

\fBclamscan \-r /home\fR

190

.TP

191

(3) Load database from a file:

192

193

\fBclamscan \-d /tmp/newclamdb \-r /tmp\fR

194

.TP

195

(4) Scan a data stream:

196

197

\fBcat testfile | clamscan \-\fR

198

.TP

199

(5) Scan a mail spool directory:

200

201

\fBclamscan \-r /var/spool/mail\fR

202

.SH "RETURN CODES"

203

.LP

204

0 : No virus found.

205

.TP

206

1 : Virus(es) found.

207

.TP

208

2 : Some error(s) occured.

209

.SH "CREDITS"

210

Please check the full documentation for credits.

211

.SH "AUTHOR"

212

.LP

213

Tomasz Kojm <tkojm@clamav.net>

214

.SH "SEE ALSO"

215

.LP

216

clamdscan(1), freshclam(1), freshclam.conf(5)

Older »