Monday, December 27, 2010

clamscan 

clamscan(1)                     Clam AntiVirus                     clamscan(1)



NAME
       clamscan - scan files and directories for viruses

SYNOPSIS
       clamscan [options] [file/directory/-]

DESCRIPTION
       clamscan is a command line anti-virus scanner.

OPTIONS
       Most  of  the  options are simple switches which enable or disable some
       features. Options marked with [=yes/no(*)] can be  optionally  followed
       by  =yes/=no; if they get called without the boolean argument the scan‐
       ner will assume 'yes'. The asterisk marks the default internal  setting
       for a given option.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version number and exit.

       -v, --verbose
              Be verbose.

       --debug
              Display debug messages from libclamav.

       --quiet
              Be quiet (only print error messages).

       --stdout
              Write all messages (except for libclamav output) to the standard
              output (stdout).

       -d FILE/DIR, --database=FILE/DIR
              Load virus database from FILE or load all virus  database  files
              from DIR.

       --official-db-only=[yes/no(*)]
              Only  load  the  official  signatures  published  by  the ClamAV
              project.

       -l FILE, --log=FILE
              Save scan report to FILE.

       --tempdir=DIRECTORY
              Create temporary files in DIRECTORY. Directory must be  writable
              for the '' user or unprivileged user running clamscan.

       --leave-temps
              Do not remove temporary files.

       -f FILE, --file-list=FILE
              Scan files listed line by line in FILE.

       -r, --recursive
              Scan  directories  recursively.  All  the  subdirectories in the
              given directory will be scanned.

       --cross-fs=[yes(*)/no]
              Scan files and directories on other filesystems.

       --bell Sound bell on virus detection.

       --no-summary
              Do not display summary at the end of scanning.

       --exclude=REGEX, --exclude-dir=REGEX
              Don't scan file/directory  names  matching  regular  expression.
              These options can be used multiple times.

       --include=REGEX, --include-dir=REGEX
              Only  scan  file/directory  matching  regular  expression. These
              options can be used multiple times.

       -i, --infected
              Only print infected files.

       --remove[=yes/no(*)]
              Remove infected files. Be careful.

       --move=DIRECTORY
              Move infected files into DIRECTORY. Directory must  be  writable
              for the '' user or unprivileged user running clamscan.

       --copy=DIRECTORY
              Copy  infected  files into DIRECTORY. Directory must be writable
              for the '' user or unprivileged user running clamscan.

       --bytecode[=yes(*)/no]
              With this option enabled ClamAV  will  load  bytecode  from  the
              database.  It  is highly recommended you keep this option turned
              on, otherwise you may miss detections for many new viruses.

       --bytecode-trust-all[=yes/no(*)]
              This option disables safety checks and makes  ClamAV  trust  all
              bytecode. It should only be used for debugging.

       --bytecode-timeout=N
              Set bytecode timeout in milliseconds (default: 60000 = 60s)

       --detect-pua[=yes/no(*)]
              Detect Possibly Unwanted Applications.

       --exclude-pua=CATEGORY
              Exclude  a specific PUA category. This option can be used multi‐
              ple times. See http://www.clamav.net/support/pua  for  the  com‐
              plete list of PUA

       --include-pua=CATEGORY
              Only  include  a  specific PUA category. This option can be used
              multiple times. See  http://www.clamav.net/support/pua  for  the
              complete list of PUA

       --detect-structured[=yes/no(*)]
              Use  the  DLP  (Data  Loss  Prevention) module to detect SSN and
              Credit Card numbers inside documents/text files.

       --structured-ssn-format=X
              X=0: search for valid SSNs formatted  as  xxx-yy-zzzz  (normal);
              X=1:  search  for  valid SSNs formatted as xxxyyzzzz (stripped);
              X=2: search for both formats. Default is 0.

       --structured-ssn-count=#n
              This option sets the lowest number of  Social  Security  Numbers
              found in a file to generate a detect (default: 3).

       --structured-cc-count=#n
              This  option sets the lowest number of Credit Card numbers found
              in a file to generate a detect (default: 3).

       --scan-mail[=yes(*)/no]
              Scan mail files.

       --phishing-sigs[=yes(*)/no]
              Use the signature-based phishing detection.

       --phishing-scan-urls[=yes(*)/no]
              Use the url-based heuristic phishing detection (Phishing.Heuris‐
              tics.Email.*)

       --heuristic-scan-precedence[=yes/no(*)]
              Allow  heuristic  match  to  take precedence. When enabled, if a
              heuristic  scan  (such  as  phishingScan)  detects  a   possible
              virus/phish  it  will  stop scan immediately. Recommended, saves
              CPU scan-time. When disabled, virus/phish detected by  heuristic
              scans  will be reported only at the end of a scan. If an archive
              contains both a heuristically detected  virus/phish, and a  real
              malware, the real malware will be reported Keep this disabled if
              you intend to handle "*.Heuristics.*" viruses  differently  from
              "real"  malware.  If  a non-heuristically-detected virus (signa‐
              ture-based) is found first,  the  scan  is  interrupted  immedi‐
              ately, regardless of this config option.

       --phishing-ssl[=yes/no(*)]
              Block SSL mismatches in URLs (might lead to false positives!).

       --phishing-cloak[=yes/no(*)]
              Block cloaked URLs (might lead to some false positives).

       --algorithmic-detection[=yes(*)/no]
              In  some  cases (eg. complex malware, exploits in graphic files,
              and others), ClamAV uses special algorithms to provide  accurate
              detection.  This  option  can be used to control the algorithmic
              detection.

       --scan-pe[=yes(*)/no]
              PE stands for Portable Executable - it's an executable file for‐
              mat used in all 32-bit versions of Windows operating systems. By
              default ClamAV performs deeper analysis of executable files  and
              attempts  to  decompress popular executable packers such as UPX,
              Petite, and FSG.

       --scan-elf[=yes(*)/no]
              Executable and Linking Format is a standard format for UN*X exe‐
              cutables. This option controls the ELF support.

       --scan-ole2[=yes(*)/no]
              Scan Microsoft Office documents and .msi files.

       --scan-pdf[=yes(*)/no]
              Scan within PDF files.

       --scan-html[=yes(*)/no]
              Detect,  normalize/decrypt  and  scan  HTML  files  and embedded
              scripts.

       --scan-archive[=yes(*)/no]
              Scan archives supported by libclamav.

       --detect-broken[=yes/no(*)]
              Mark broken executables as viruses (Broken.Executable).

       --block-encrypted[=yes/no(*)]
              Mark   encrypted    archives    as    viruses    (Encrypted.Zip,
              Encrypted.RAR).

       --max-files=#n
              Extract at most #n files from each scanned file (when this is an
              archive, a document or another kind of container).  This  option
              protects your system against DoS attacks (default: 10000)

       --max-filesize=#n
              Extract and scan at most #n kilobytes from each archive. You may
              pass the value in megabytes in format xM or xm,  where  x  is  a
              number.  This  option  protects  your system against DoS attacks
              (default: 25 MB, max: <4 GB)

       --max-scansize=#n
              Extract and scan at most #n kilobytes from  each  scanned  file.
              You  may pass the value in megabytes in format xM or xm, where x
              is a number.  This  option  protects  your  system  against  DoS
              attacks (default: 100 MB, max: <4 GB)

       --max-recursion=#n
              Set  archive  recursion  level  limit. This option protects your
              system against DoS attacks (default: 16).

       --max-dir-recursion=#n
              Maximum depth directories are scanned at (default: 15).

EXAMPLES
       (0) Scan a single file:

              clamscan file

       (1) Scan a current working directory:

              clamscan

       (2) Scan all files (and subdirectories) in /home:

              clamscan -r /home

       (3) Load database from a file:

              clamscan -d /tmp/newclamdb -r /tmp

       (4) Scan a data stream:

              cat testfile | clamscan -

       (5) Scan a mail spool directory:

              clamscan -r /var/spool/mail

RETURN CODES
       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

CREDITS
       Please check the full documentation for credits.

AUTHOR
       Tomasz Kojm 

SEE ALSO
       clamdscan(1), freshclam(1), freshclam.conf(5)



ClamAV 0.96.5                  December 30, 2008                   clamscan(1)
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)