A command-line virus scanner using the ClamAV Daemon.


Scan a file or directory for vulnerabilities

$ clamdscan [path/to/file_or_directory]

Scan data from stdin
$ [command] | clamdscan -

Scan the current directory and output only infected files
$ clamdscan --infected

Output the scan report to a log file
$ clamdscan --log [path/to/log_file]

Move infected files to a specific directory
$ clamdscan --move [path/to/quarantine_directory]

Remove infected files
$ clamdscan --remove

Use multiple threads to scan a directory
$ clamdscan --multiscan

Pass the file descriptor instead of streaming the file to the daemon
$ clamdscan --fdpass


clamdscan [options] [file/directory]


clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd.


-h, --help

Display help information and exit.

-V, --version

Print version number and exit.

-v, --verbose

Be verbose.


Be quiet - only output error messages.


Write all messages (except for libclamav output) to the standard output (stdout).


Read clamd settings from FILE.

-l FILE, --log=FILE

Save the scan report to FILE.

-f FILE, --file-list=FILE

Scan files listed line by line in FILE.

-p A[:I], --ping A[:I]

Ping clamd up to [A] times at optional interval [I] until it responds.

-w, --wait

Wait up to 30 seconds for clamd to start. Optionally use alongside ping to set attempts [A] and interval [I] to check clamd.

-m, --multiscan

In the multiscan mode clamd will attempt to scan the directory contents in parallel using available threads. This option is especially useful on multiprocessor and multi-core systems. If you pass more than one file or directory in the command line, they are put in a queue and sent to clamd individually. This means, that single files are always scanned by a single thread. Similarly, clamdscan will wait for clamd to finish a directory scan (performed in multiscan mode) before sending request to scan another directory. This option can be combined with --fdpass (see below).

-z, --allmatch

After a match, continue scanning within the file for additional matches.


Remove infected files. Be careful.


Move infected files into DIRECTORY.


Copy infected files into DIRECTORY.


Do not display summary at the end of scanning.


Request clamd to reload virus database.


Continue scanning within file after finding a match.


Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket.


Forces file streaming to clamd. This is generally not needed as clamdscan detects automatically if streaming is required. This option only exists for debugging and testing purposes, in all other cases --fdpass is preferred.


(0) To scan a one file:

clamdscan file

(1) To scan a current working directory:


(2) To scan all files in /home:

clamdscan /home

(3) To scan a file when clamd is running as a different user:

clamdscan --fdpass ~/downloads

(4) To scan from standard input:

clamdscan - < file_to_scan

cat file_to_scan | clamdscan -


0 : No virus found.

1 : Virus(es) found.
2 : An error occurred.


Please check the full documentation for credits.


clamd(8), clamd.conf(5), clamscan(1)


Tomasz Kojm <>

Copied to clipboard