GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
CentOS 5.6 |
|
 |
clamscan(1) |
 |
clamscan − scan files and directories for viruses
clamscan [options] [file/directory/−]
clamscan is a command line anti−virus scanner.
Most of the
options are simple switches which enable or disable some
features. Options marked with [=yes/no(*)] can be optionally
followed by =yes/=no; if they get called without the boolean
argument the scanner will assume ’yes’. The
asterisk marks the default internal setting for a given
option.
−h, −−help
Print help information and exit.
−V, −−version
Print version number and exit.
−v, −−verbose
Be verbose.
−−debug
Display debug messages from libclamav.
−−quiet
Be quiet (only print error messages).
−−stdout
Write all messages (except for libclamav output) to the standard output (stdout).
−d FILE/DIR, −−database=FILE/DIR
Load virus database from FILE or load all virus database files from DIR.
−l FILE, −−log=FILE
Save scan report to FILE.
−−tempdir=DIRECTORY
Create temporary files in DIRECTORY. Directory must be writable for the ’’ user or unprivileged user running clamscan.
−−leave−temps
Do not remove temporary files.
−f FILE, −−file−list=FILE
Scan files listed line by line in FILE.
−r, −−recursive
Scan directories recursively. All the subdirectories in the given directory will be scanned.
|
−−bell |
Sound bell on virus detection. |
−−no−summary
Do not display summary at the end of scanning.
−−exclude=PATT, −−exclude−dir=PATT
Don’t scan file/directory names containing PATT. It may be used multiple times.
−−include=PATT, −−include−dir=PATT
Only scan file/directory names containing PATT. It may be used multiple times.
−i, −−infected
Only print infected files.
−−remove[=yes/no(*)]
Remove infected files. Be careful.
−−move=DIRECTORY
Move infected files into DIRECTORY. Directory must be writable for the ’’ user or unprivileged user running clamscan.
−−copy=DIRECTORY
Copy infected files into DIRECTORY. Directory must be writable for the ’’ user or unprivileged user running clamscan.
−−detect−pua[=yes/no(*)]
Detect Possibly Unwanted Applications.
−−exclude−pua=CATEGORY
Exclude a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA
−−include−pua=CATEGORY
Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA
−−detect−structured[=yes/no(*)]
Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.
−−structured−ssn−format=X
X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. Default is 0.
−−structured−ssn−count=#n
This option sets the lowest number of Social Security Numbers found in a file to generate a detect (default: 3).
−−structured−cc−count=#n
This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).
−−scan−mail[=yes(*)/no]
Scan mail files.
−−phishing−sigs[=yes(*)/no]
Use the signature-based phishing detection.
−−phishing−scan−urls[=yes(*)/no]
Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)
−−heuristic−scan−precedence[=yes/no(*)]
Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it will stop scan immediately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phish, and a real malware, the real malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config option.
−−phishing−ssl[=yes/no(*)]
Block SSL mismatches in URLs (might lead to false positives!).
−−phishing−cloak[=yes/no(*)]
Block cloaked URLs (might lead to some false positives).
−−algorithmic−detection[=yes(*)/no]
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option can be used to control the algorithmic detection.
−−scan−pe[=yes(*)/no]
PE stands for Portable Executable − it’s an executable file format used in all 32−bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX, Petite, and FSG.
−−scan−elf[=yes(*)/no]
Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.
−−scan−ole2[=yes(*)/no]
Scan Microsoft Office documents and .msi files.
−−scan−pdf[=yes(*)/no]
Scan within PDF files.
−−scan−html[=yes(*)/no]
Detect, normalize/decrypt and scan HTML files and embedded scripts.
−−scan−archive[=yes(*)/no]
Scan archives supported by libclamav.
−−detect−broken[=yes/no(*)]
Mark broken executables as viruses (Broken.Executable).
−−block−encrypted[=yes/no(*)]
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
−−mail−follow−urls[=yes/no(*)]
If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
−−max−files=#n
Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000)
−−max−filesize=#n
Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)
−−max−scansize=#n
Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)
−−max−recursion=#n
Set archive recursion level limit. This option protects your system against DoS attacks (default: 16).
−−max−dir−recursion=#n
Maximum depth directories are scanned at (default: 15).
(0) Scan a single file:
clamscan file
(1) Scan a current working directory:
clamscan
(2) Scan all files (and subdirectories) in /home:
clamscan −r /home
(3) Load database from a file:
clamscan −d /tmp/newclamdb −r /tmp
(4) Scan a data stream:
cat testfile | clamscan −
(5) Scan a mail spool directory:
clamscan −r /var/spool/mail
Note: some return codes may only appear in a single file mode (when clamscan is started with a single argument). Those are marked with (ofm).
0 : No virus
found.
1 : Virus(es) found.
40: Unknown option passed.
50: Database initialization error.
52: Not supported file type.
53: Can’t open directory.
54: Can’t open file. (ofm)
55: Error reading file. (ofm)
56: Can’t stat input file / directory.
57: Can’t get absolute path name of current working
directory.
58: I/O error, please check your file system.
62: Can’t initialize logger.
63: Can’t create temporary files/directories (check
permissions).
64: Can’t write to temporary directory (please specify
another one).
70: Can’t allocate memory (calloc).
71: Can’t allocate memory (malloc).
Please check the full documentation for credits.
Tomasz Kojm <tkojm@clamav.net>
clamdscan(1), freshclam(1)
|
clamscan(1) | |