clamdscan

A command-line virus scanner using the ClamAV Daemon.

TLDR

Scan a file or directory for vulnerabilities

$ clamdscan [path/to/file_or_directory]
copy

Scan data from stdin

$ [command] | clamdscan -
copy

Scan the current directory and output only infected files

$ clamdscan --infected
copy

Output the scan report to a log file

$ clamdscan --log [path/to/log_file]
copy

Move infected files to a specific directory

$ clamdscan --move [path/to/quarantine_directory]
copy

Remove infected files

$ clamdscan --remove
copy

Use multiple threads to scan a directory

$ clamdscan --multiscan
copy

Pass the file descriptor instead of streaming the file to the daemon

$ clamdscan --fdpass
copy

SYNOPSIS

clamdscan [options] [file/directory]

DESCRIPTION

clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd.

OPTIONS

-h, --help

Display help information and exit.

-V, --version

Print version number and exit.

-v, --verbose

Be verbose.

--quiet

Be quiet - only output error messages.

--stdout

Write all messages (except for libclamav output) to the standard output (stdout).

--config-file=FILE

Read clamd settings from FILE.

-l FILE, --log=FILE

Save the scan report to FILE.

-f FILE, --file-list=FILE

Scan files listed line by line in FILE.

-p A[:I], --ping A[:I]

Ping clamd up to [A] times at optional interval [I] until it responds.

-w, --wait

Wait up to 30 seconds for clamd to start. Optionally use alongside ping to set attempts [A] and interval [I] to check clamd.

-m, --multiscan

In the multiscan mode clamd will attempt to scan the directory contents in parallel using available threads. This option is especially useful on multiprocessor and multi-core systems. If you pass more than one file or directory in the command line, they are put in a queue and sent to clamd individually. This means, that single files are always scanned by a single thread. Similarly, clamdscan will wait for clamd to finish a directory scan (performed in multiscan mode) before sending request to scan another directory. This option can be combined with --fdpass (see below).

-z, --allmatch

After a match, continue scanning within the file for additional matches.

--remove

Remove infected files. Be careful.

--move=DIRECTORY

Move infected files into DIRECTORY.

--copy=DIRECTORY

Copy infected files into DIRECTORY.

--no-summary

Do not display summary at the end of scanning.

--reload

Request clamd to reload virus database.

--allmatch

Continue scanning within file after finding a match.

--fdpass

Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket.

--stream

Forces file streaming to clamd. This is generally not needed as clamdscan detects automatically if streaming is required. This option only exists for debugging and testing purposes, in all other cases --fdpass is preferred.

EXAMPLES

(0) To scan a one file:

clamdscan file

(1) To scan a current working directory:

clamdscan

(2) To scan all files in /home:

clamdscan /home

(3) To scan a file when clamd is running as a different user:

clamdscan --fdpass ~/downloads

(4) To scan from standard input:

clamdscan - < file_to_scan

cat file_to_scan | clamdscan -

RETURN CODES

0 : No virus found.

1 : Virus(es) found.
2 : An error occurred.

CREDITS

Please check the full documentation for credits.

SEE ALSO

clamd(8), clamd.conf(5), clamscan(1)

AUTHOR

Tomasz Kojm <tkojm@clamav.net>

Copied to clipboard
snescontroller