21
21
<LINK REL="next" HREF="node28.html">
22
22
<LINK REL="previous" HREF="node26.html">
23
<LINK REL="up" HREF="node26.html">
23
<LINK REL="up" HREF="node24.html">
24
24
<LINK REL="next" HREF="node28.html">
29
29
<DIV CLASS="navigation"><!--Navigation Panel-->
31
31
HREF="node28.html">
32
32
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
35
35
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
37
37
HREF="node26.html">
38
38
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
41
41
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
43
<B> Next:</B> <A NAME="tex2html531"
44
HREF="node28.html">clamd</A>
45
<B> Up:</B> <A NAME="tex2html527"
46
HREF="node26.html">Output format</A>
47
<B> Previous:</B> <A NAME="tex2html521"
48
HREF="node26.html">Output format</A>
49
<B> <A NAME="tex2html529"
43
<B> Next:</B> <A NAME="tex2html542"
44
HREF="node28.html">Output format</A>
45
<B> Up:</B> <A NAME="tex2html538"
46
HREF="node24.html">Usage</A>
47
<B> Previous:</B> <A NAME="tex2html532"
48
HREF="node26.html">Clamdscan</A>
49
<B> <A NAME="tex2html540"
50
50
HREF="node1.html">Contents</A></B>
53
53
<!--End of Navigation Panel-->
55
<H3><A NAME="SECTION00064100000000000000">
58
<code>clamscan</code> writes all regular program messages to <SPAN CLASS="textbf">stdout</SPAN> and
59
errors/warnings to <SPAN CLASS="textbf">stderr</SPAN>. You can use the option <code>--stdout</code>
60
to redirect all program messages to <SPAN CLASS="textbf">stdout</SPAN>. Warnings and error
61
messages from <code>libclamav</code> are always printed to <SPAN CLASS="textbf">stderr</SPAN>.
62
A typical output from <code>clamscan</code> looks like this:
64
/tmp/test/removal-tool.exe: Worm.Sober FOUND
67
/tmp/test/message.c: OK
68
/tmp/test/error.hta: VBS.Inor.D FOUND
70
When a virus is found its name is printed between the <code>filename:</code> and
71
<code>FOUND</code> strings. In case of archives the scanner depends on libclamav
72
and only prints the first virus found within an archive:
74
zolw@localhost:/tmp$ clamscan malware.zip
75
malware.zip: Worm.Mydoom.U FOUND
77
<SPAN CLASS="textit"><SPAN CLASS="textbf">TIP:</SPAN> You can force clamscan to list all infected
78
files in an archive using -no-archive (this option disables
79
transparent decompressors built into libclamav) and enabling external
80
decompressors: -unzip -unrar...</SPAN>.
82
zolw@localhost:/tmp$ clamscan --no-archive --unzip malware.zip
83
Archive: /tmp/malware.zip
87
/tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND
88
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
89
/tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND
90
/tmp/malware.zip: Infected.Archive FOUND
55
<H2><A NAME="SECTION00063000000000000000"></A><A NAME="clamuko"></A>
59
Clamuko is a special thread in <code>clamd</code> that performs on-access
60
scanning under Linux and FreeBSD and shares internal virus database
61
with the daemon. <SPAN CLASS="textbf">You must follow some important rules when
65
<LI>Always stop the daemon cleanly - using the SHUTDOWN command or
68
SIGTERM signal. In other case you can lose access
69
to protected files until the system is restarted.
71
<LI>Never protect the directory your mail-scanner software
72
uses for attachment unpacking. Access to all infected
73
files will be automatically blocked and the scanner (including
74
<code>clamd</code>!) will not be able to detect any viruses. In the
75
result <SPAN CLASS="textbf">all infected mails may be delivered.</SPAN>
79
For example, to protect the whole system add the following lines to
80
<code>clamd.conf</code>:
84
ClamukoExcludePath /proc
85
ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software
87
You can also use clamuko to protect files on Samba/Netatalk but a far
88
more better and safe idea is to use the <SPAN CLASS="textbf">samba-vscan</SPAN> module.
89
NFS is not supported because Dazuko doesn't intercept NFS access calls.