Provided by: clamav-daemon_1.3.1+dfsg-5ubuntu2_amd64 bug

NAME

       clamd - an anti-virus daemon

SYNOPSIS

       clamd [options]

DESCRIPTION

       The  daemon  listens for incoming connections on Unix and/or TCP socket and scans files or
       directories on demand. It reads the configuration from /etc/clamav/clamd.conf

COMMANDS

       It's recommended to prefix clamd commands with the letter z (eg. zSCAN) to  indicate  that
       the  command  will be delimited by a NULL character and that clamd should continue reading
       command data until a NULL character is read. The null delimiter assures that the  complete
       command  and  its  entire  argument  will  be processed as a single command. Alternatively
       commands may be prefixed with the letter n (e.g. nSCAN) to use a newline character as  the
       delimiter.  Clamd  replies will honour the requested terminator in turn.  If clamd doesn't
       recognize the command, or the command doesn't follow the requirements specified below,  it
       will reply with an error message, and close the connection.

       Clamd recognizes the following commands:

       PING   Check the server's state. It should reply with "PONG".

       VERSION
              Print program and database versions.

       RELOAD Reload the virus databases.

       SHUTDOWN
              Perform a clean exit.

       SCAN file/directory
              Scan  a  file  or  a  directory  (recursively) with archive support enabled (if not
              disabled in clamd.conf). A full path is required.

       CONTSCAN file/directory
              Scan file or directory (recursively) with archive support enabled  and  don't  stop
              the scanning when a virus is found.

       MULTISCAN file/directory
              Scan  file in a standard way or scan directory (recursively) using multiple threads
              (to make the scanning faster on SMP machines).

       ALLMATCHSCAN file/directory
              ALLMATCHSCAN works just like SCAN  except  that  it  sets  a  mode  where  scanning
              continues after finding a match within a file.

       INSTREAM
              It is mandatory to prefix this command with n or z.

              Scan  a  stream  of data. The stream is sent to clamd in chunks, after INSTREAM, on
              the same socket on which the  command  was  sent.   This  avoids  the  overhead  of
              establishing new TCP connections and problems with NAT. The format of the chunk is:
              '<length><data>' where <length>  is  the  size  of  the  following  data  in  bytes
              expressed  as  a  4  byte  unsigned integer in network byte order and <data> is the
              actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do  not
              exceed  StreamMaxLength  as  defined in clamd.conf, otherwise clamd will reply with
              INSTREAM size limit exceeded and close the connection.

       FILDES It is mandatory to newline terminate this command, or prefix with n or z.

              This command only works on UNIX domain sockets.   Scan  a  file  descriptor.  After
              issuing  a  FILDES  command a subsequent rfc2292/bsd4.4 style packet (with at least
              one dummy character) is sent to clamd carrying the file descriptor  to  be  scanned
              inside  the  ancillary  data.  Alternatively the file descriptor may be sent in the
              same packet, including the extra character.

       STATS  It is mandatory to newline terminate this command, or prefix with n  or  z,  it  is
              recommended to only use the z prefix.

              Replies  with  statistics  about the scan queue, contents of scan queue, and memory
              usage. The exact reply format is subject to change in future releases.

       IDSESSION, END
              It is mandatory to prefix this command  with  n  or  z,  and  all  commands  inside
              IDSESSION must be prefixed.

              Start/end  a  clamd  session.  Within  a  session  multiple SCAN, INSTREAM, FILDES,
              VERSION, STATS commands can  be  sent  on  the  same  socket  without  opening  new
              connections.  Replies  from clamd will be in the form '<id>: <response>' where <id>
              is the request number (in ascii, starting from 1) and <response> is the usual clamd
              reply.   The  reply  lines  have  same  delimiter as the corresponding command had.
              Clamd will process the commands  asynchronously,  and  reply  as  soon  as  it  has
              finished processing.

              Clamd  requires  clients  to  read  all  the  replies  it sent, before sending more
              commands to prevent send() deadlocks. The recommended way  to  implement  a  client
              that  uses  IDSESSION  is  with  non-blocking  sockets, and a select()/poll() loop:
              whenever send would block, sleep in select/poll until either  you  can  write  more
              data,  or  read  more  replies.   Note  that using non-blocking sockets without the
              select/poll  loop  and  alternating  recv()/send()  doesn't  comply  with   clamd's
              requirements.

              If  clamd detects that a client has deadlocked,  it will close the connection. Note
              that clamd may close an IDSESSION connection too if you don't follow the protocol's
              requirements. The client can use the PING command to keep the connection alive.

       VERSIONCOMMANDS
              It  is  mandatory  to prefix this command with either n or z.  It is recommended to
              use nVERSIONCOMMANDS.

              Print program and database  versions,  followed  by  "|  COMMANDS:"  and  a  space-
              delimited  list  of  supported  commands.   Clamd  <0.95 will recognize this as the
              VERSION command, and reply only with their version, without the commands list.

              This command can be used as an easy way to check for IDSESSION support for example.

       DEPRECATED COMMANDS

       STREAM Scan stream - on this command clamd will return "PORT number" you should connect to
              and send data to scan. (DEPRECATED, use INSTREAM instead)

       NOT SUPPORTED COMMANDS

       SESSION, END
              Start/end  a  clamd  session  which will allow you to run multiple commands per TCP
              session. (use IDSESSION instead)

OPTIONS

       -h, --help
              Output help information and exit.

       -V, --version
              Print the version number and exit.

       -F, --foreground
              Run in foreground; do not daemonize.

       --debug
              Enable debug mode.

       -c FILE, --config-file=FILE
              Read configuration from FILE.

       --fail-if-cvd-older-than=days
              Return with a nonzero error code if the virus database is older than the  specified
              number of days.

       --datadir=DIRECTORY
              Load signatures from DIRECTORY.

       -p FILE, --pid=FILE
              Write the daemon's pid to FILE.

ENVIRONMENT VARIABLES

       clamd uses the following environment variables:

       LD_LIBRARY_PATH  -  May  be  used on startup to find the libclamunrar_iface shared library
       module to enable RAR archive support.

SIGNALS

       Clamd recognizes the following signals:

       SIGHUP Reopen the logfile.

       SIGUSR2
              Reload the signature databases.

       SIGTERM
              Perform a clean exit.

FILES

       /etc/clamav/clamd.conf

CREDITS

       Please check the full documentation for credits.

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamd.conf(5), clamdscan(1), freshclam(1), freshclam.conf(5), clamav-milter(8)