LinuxCommandLibrary

clamdscan

Scan files for viruses using ClamAV

TLDR

Scan a file or directory for vulnerabilities

$ clamdscan [path/to/file_or_directory]
copy

Scan data from stdin
$ [command] | clamdscan -
copy

Scan the current directory and output only infected files
$ clamdscan --infected
copy

Print the scan report to a log file
$ clamdscan --log [path/to/log_file]
copy

Move infected files to a specific directory
$ clamdscan --move [path/to/quarantine_directory]
copy

Remove infected files
$ clamdscan --remove
copy

Use multiple threads to scan a directory
$ clamdscan --multiscan
copy

Pass the file descriptor instead of streaming the file to the daemon
$ clamdscan --fdpass
copy

SYNOPSIS

clamdscan [options] [file/directory/...]

PARAMETERS

-h, --help
    Show help information and exit.

-V, --version
    Print version number and exit.

-d , --database=
    Load virus database from .

--official-db-only
    Only load official signatures.

--config-file=
    Read configuration from .

--move=


    Move infected files to .

--copy=
    Copy infected files to .

--remove
    Remove infected files. Use with extreme caution!

-r, --recursive
    Scan directories recursively.

--no-summary
    Do not print summary at end of scanning.

--log=
    Save scan results to .

--tempdir=
    Create temporary files in .

--detect-pua
    Detect Possibly Unwanted Applications.

--exclude=
    Skip files matching regular expression.

--include=
    Only scan files matching regular expression.

--max-filesize=
    Files larger than specified size will be skipped (in bytes). Size limit is 4294967295 bytes (4096 MB).

--max-recursion=
    Set maximum directory recursion depth.

DESCRIPTION

The clamdscan command is a command-line interface to the ClamAV anti-virus engine.

It connects to the clamd daemon (ClamAV's on-access scanner) via a Unix socket or TCP port, allowing for efficient scanning of files and directories. Using clamdscan is generally more efficient than clamscan, as clamd keeps the virus signature database loaded in memory. This eliminates the overhead of loading the virus definitions for each scan. clamdscan is commonly used in scripts and other automated systems for regular virus scanning.

It supports recursive directory scanning, archive handling, and can be configured to remove infected files. The program returns an exit code indicating whether any threats were found.

CAVEATS

Make sure the clamd daemon is running and properly configured before using clamdscan. The '--remove' option should be used with extreme caution to avoid data loss.

EXIT CODES

clamdscan returns the following exit codes:
0 : No virus found.
1 : Virus(es) found.
2 : An error occurred.

CONFIGURATION

clamdscan can be configured through a configuration file, typically located at /etc/clamav/clamd.conf. The location of this file can be specified with the `--config-file` option.

HISTORY

ClamAV was initially developed by Tomasz Kojm in 2002. clamdscan was created to leverage the clamd daemon for efficient virus scanning, reducing the resource overhead of loading signature databases repeatedly. It has become a standard tool for integrating virus scanning into automated workflows and server environments.

SEE ALSO

clamd(8), clamscan(1), freshclam(1)

Copied to clipboard