Provided by: clamav_0.99+dfsg-1ubuntu1_amd64 bug

NAME

       clamscan - scan files and directories for viruses

SYNOPSIS

       clamscan [options] [file/directory/-]

DESCRIPTION

       clamscan is a command line anti-virus scanner.

OPTIONS

       Most  of  the  options  are simple switches which enable or disable some features. Options
       marked with [=yes/no(*)] can be optionally  followed  by  =yes/=no;  if  they  get  called
       without the boolean argument the scanner will assume 'yes'. The asterisk marks the default
       internal setting for a given option.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version number and exit.

       -v, --verbose
              Be verbose.

       -a, --archive-verbose
              Show filenames inside scanned archives

       --debug
              Display debug messages from libclamav.

       --quiet
              Be quiet (only print error messages).

       --stdout
              Write all messages (except for libclamav output) to the standard output (stdout).

       --no-summary
              Do not display summary at the end of scanning.

       -i, --infected
              Only print infected files.

       -o, --suppress-ok-results
              Skip printing OK files

       --bell Sound bell on virus detection.

       --tempdir=DIRECTORY
              Create temporary files in DIRECTORY. Directory must be writable for the '' user  or
              unprivileged user running clamscan.

       --leave-temps
              Do not remove temporary files.

       -d FILE/DIR, --database=FILE/DIR
              Load virus database from FILE or load all virus database files from DIR.

       --official-db-only=[yes/no(*)]
              Only load the official signatures published by the ClamAV project.

       -l FILE, --log=FILE
              Save scan report to FILE.

       -r, --recursive
              Scan directories recursively. All the subdirectories in the given directory will be
              scanned.

       -z, --allmatch
              After a match, continue scanning within the file for additional matches.

       --cross-fs=[yes(*)/no]
              Scan files and directories on other filesystems.

       --follow-dir-symlinks=[0/1(*)/2]
              Follow directory symlinks.  There  are  3  options:  0  -  never  follow  directory
              symlinks,  1 (default) - only follow directory symlinks, which are passed as direct
              arguments to clamscan. 2 - always follow directory symlinks.

       --follow-file-symlinks=[0/1(*)/2]
              Follow file symlinks. There are 3 options:  0  -  never  follow  file  symlinks,  1
              (default)  -  only  follow  file  symlinks, which are passed as direct arguments to
              clamscan. 2 - always follow file symlinks.

       -f FILE, --file-list=FILE
              Scan files listed line by line in FILE.

       --remove[=yes/no(*)]
              Remove infected files. Be careful!

       --move=DIRECTORY
              Move infected files into DIRECTORY. Directory must be writable for the ''  user  or
              unprivileged user running clamscan.

       --copy=DIRECTORY
              Copy  infected  files into DIRECTORY. Directory must be writable for the '' user or
              unprivileged user running clamscan.

       --exclude=REGEX, --exclude-dir=REGEX
              Don't scan file/directory names matching regular expression. These options  can  be
              used multiple times.

       --include=REGEX, --include-dir=REGEX
              Only  scan  file/directory  matching  regular expression. These options can be used
              multiple times.

       --bytecode[=yes(*)/no]
              With this option enabled ClamAV will load bytecode from the database. It is  highly
              recommended  you  keep this option turned on, otherwise you may miss detections for
              many new viruses.

       --bytecode-unsigned[=yes/no(*)]
              Allow loading bytecode from outside digitally signed .c[lv]d files.

       --bytecode-timeout=N
              Set bytecode timeout in milliseconds (default: 60000 = 60s)

       --statistics[=none(*)/bytecode/pcre]
              Collect and print execution statistics.

       --detect-pua[=yes/no(*)]
              Detect Possibly Unwanted Applications.

       --exclude-pua=CATEGORY
              Exclude a specific PUA category. This  option  can  be  used  multiple  times.  See
              http://www.clamav.net/doc/pua.html for the complete list of PUA

       --include-pua=CATEGORY
              Only  include  a specific PUA category. This option can be used multiple times. See
              http://www.clamav.net/doc/pua.html for the complete list of PUA

       --detect-structured[=yes/no(*)]
              Use the DLP (Data Loss Prevention) module to detect SSN  and  Credit  Card  numbers
              inside documents/text files.

       --structured-ssn-format=X
              X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid
              SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. Default is 0.

       --structured-ssn-count=#n
              This option sets the lowest number of Social Security Numbers found in  a  file  to
              generate a detect (default: 3).

       --structured-cc-count=#n
              This  option  sets  the  lowest  number  of  Credit Card numbers found in a file to
              generate a detect (default: 3).

       --scan-mail[=yes(*)/no]
              Scan mail files. If you turn off this option, the  original  files  will  still  be
              scanned, but without parsing individual messages/attachments.

       --phishing-sigs[=yes(*)/no]
              Use the signature-based phishing detection.

       --phishing-scan-urls[=yes(*)/no]
              Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)

       --heuristic-scan-precedence[=yes/no(*)]
              Allow  heuristic  match to take precedence. When enabled, if a heuristic scan (such
              as phishingScan) detects a possible virus/phish  it  will  stop  scan  immediately.
              Recommended,  saves CPU scan-time. When disabled, virus/phish detected by heuristic
              scans will be reported only at the end of a scan. If an  archive  contains  both  a
              heuristically  detected   virus/phish, and a real malware, the real malware will be
              reported Keep this disabled  if  you  intend  to  handle  "*.Heuristics.*"  viruses
              differently  from "real" malware. If a non-heuristically-detected virus (signature-
              based) is found first,  the scan is interrupted  immediately,  regardless  of  this
              config option.

       --phishing-ssl[=yes/no(*)]
              Block SSL mismatches in URLs (might lead to false positives!).

       --phishing-cloak[=yes/no(*)]
              Block cloaked URLs (might lead to some false positives).

       --partition-intersection[=yes/no(*)]
              Detect partition intersections in raw disk images using heuristics.

       --algorithmic-detection[=yes(*)/no]
              In  some cases (eg. complex malware, exploits in graphic files, and others), ClamAV
              uses special algorithms to provide accurate detection. This option can be  used  to
              control the algorithmic detection.

       --scan-pe[=yes(*)/no]
              PE  stands  for  Portable  Executable  - it's an executable file format used in all
              32-bit versions of Windows operating systems. By  default  ClamAV  performs  deeper
              analysis  of executable files and attempts to decompress popular executable packers
              such as UPX, Petite, and FSG. If you turn off this option, the original files  will
              still be scanned but without additional processing.

       --scan-elf[=yes(*)/no]
              Executable  and  Linking  Format  is  a  standard format for UN*X executables. This
              option controls the ELF support. If you turn it off, the original files will  still
              be scanned but without additional processing.

       --scan-ole2[=yes(*)/no]
              Scan  Microsoft  Office  documents and .msi files. If you turn off this option, the
              original files will still be scanned but without additional processing.

       --scan-pdf[=yes(*)/no]
              Scan within PDF files. If you turn off this option, the original files  will  still
              be scanned, but without decoding and additional processing.

       --scan-swf[=yes(*)/no]
              Scan  SWF  files.  If  you  turn  off this option, the original files will still be
              scanned but without additional processing.

       --scan-html[=yes(*)/no]
              Detect, normalize/decrypt and scan HTML files and embedded scripts. If you turn off
              this  option,  the  original  files  will  still be scanned, but without additional
              processing.

       --scan-archive[=yes(*)/no]
              Scan archives supported by libclamav. If you turn off  this  option,  the  original
              files will still be scanned, but without unpacking and additional processing.

       --detect-broken[=yes/no(*)]
              Mark broken executables as viruses (Broken.Executable).

       --block-encrypted[=yes/no(*)]
              Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

       --max-filesize=#n
              Extract  and  scan  at  most  #n bytes from each archive. You may pass the value in
              kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number.
              This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)

       --max-scansize=#n
              Extract  and scan at most #n bytes from each archive. The size the archive plus the
              sum of the sizes of all files within  archive  count  toward  the  scan  size.  For
              example,  a  1M uncompressed archive containing a single 1M inner file counts as 2M
              toward max-scansize. You may pass the value in kilobytes in format  xK  or  xk,  or
              megabytes in format xM or xm, where x is a number. This option protects your system
              against DoS attacks (default: 100 MB, max: <4 GB)

       --max-files=#n
              Extract at most #n files from each  scanned  file  (when  this  is  an  archive,  a
              document  or  another  kind of container). This option protects your system against
              DoS attacks (default: 10000)

       --max-recursion=#n
              Set archive recursion level limit. This option protects  your  system  against  DoS
              attacks (default: 16).

       --max-dir-recursion=#n
              Maximum depth directories are scanned at (default: 15).

       --max-embeddedpe=#n
              Maximum  size file to check for embedded PE. You may pass the value in kilobytes in
              format xK or xk, or megabytes in format xM or xm, where x is a number (default:  10
              MB, max: <4 GB).

       --max-htmlnormalize=#n
              Maximum  size  of  HTML  file  to normalize. You may pass the value in kilobytes in
              format xK or xk, or megabytes in format xM or xm, where x is a number (default:  10
              MB, max: <4 GB).

       --max-htmlnotags=#n
              Maximum  size  of normalized HTML file to scan. You may pass the value in kilobytes
              in format xK or xk, or megabytes in format xM or xm, where x is a number  (default:
              2 MB, max: <4 GB).

       --max-scriptnormalize=#n
              Maximum  size  of  script file to normalize. You may pass the value in kilobytes in
              format xK or xk, or megabytes in format xM or xm, where x is a number  (default:  5
              MB, max: <4 GB).

       --max-ziptypercg=#n
              Maximum  size  zip to type reanalyze. You may pass the value in kilobytes in format
              xK or xk, or megabytes in format xM or xm, where x is a number (default: 1 MB, max:
              <4 GB).

       --max-partitions=#n
              This  option  sets  the  maximum  number  of  partitions  of a raw disk image to be
              scanned. This must be a positive integer (default: 50).

       --max-iconspe=#n
              This option sets the maximum number of icons within a PE to be scanned.  This  must
              be a positive integer (default: 100).

       --pcre-match-limit=#n
              Maximum calls to the PCRE match function (default: 10000).

       --pcre-recmatch-limit=#n
              Maximum recursive calls to the PCRE match function (default: 5000).

       --pcre-max-filesize=#n
              Maximum size file to perform PCRE subsig matching (default: 25 MB, max: <4 GB).

       --enable-stats
              This  option  enables  submission  of statistical data. (Default: stats submissions
              disabled)

       --stats-host-id
              This option sets the HostID, in the  form  of  an  UUID,  to  use  when  submitting
              statistical information.

       --disable-pe-stats
              This  option disables the submission of PE section data. (Default: submitting of PE
              section data enabled if stats submissions as a whole is enabled).

       --stats-timeout=#n
              This option sets the timeout in seconds to wait for  communication  back  from  the
              stats server. (Default: 10).

EXAMPLES

       (0) Scan a single file:

              clamscan file

       (1) Scan a current working directory:

              clamscan

       (2) Scan all files (and subdirectories) in /home:

              clamscan -r /home

       (3) Load database from a file:

              clamscan -d /tmp/newclamdb -r /tmp

       (4) Scan a data stream:

              cat testfile | clamscan -

       (5) Scan a mail spool directory:

              clamscan -r /var/spool/mail

RETURN CODES

       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

CREDITS

       Please check the full documentation for credits.

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>

SEE ALSO

       clamdscan(1), freshclam(1), freshclam.conf(5)