EnglishFrenchSpanish

OnWorks favicon

clamscan - Online in the Cloud

Run clamscan in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command clamscan that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


clamscan - scan files and directories for viruses

SYNOPSIS


clamscan [options] [file/directory/-]

DESCRIPTION


clamscan is a command line anti-virus scanner.

OPTIONS


Most of the options are simple switches which enable or disable some features. Options
marked with [=yes/no(*)] can be optionally followed by =yes/=no; if they get called
without the boolean argument the scanner will assume 'yes'. The asterisk marks the default
internal setting for a given option.

-h, --help
Print help information and exit.

-V, --version
Print version number and exit.

-v, --verbose
Be verbose.

-a, --archive-verbose
Show filenames inside scanned archives

--debug
Display debug messages from libclamav.

--quiet
Be quiet (only print error messages).

--stdout
Write all messages (except for libclamav output) to the standard output (stdout).

--no-summary
Do not display summary at the end of scanning.

-i, --infected
Only print infected files.

-o, --suppress-ok-results
Skip printing OK files

--bell Sound bell on virus detection.

--tempdir=DIRECTORY
Create temporary files in DIRECTORY. Directory must be writable for the '' user or
unprivileged user running clamscan.

--leave-temps
Do not remove temporary files.

-d FILE/DIR, --database=FILE/DIR
Load virus database from FILE or load all virus database files from DIR.

--official-db-only=[yes/no(*)]
Only load the official signatures published by the ClamAV project.

-l FILE, --log=FILE
Save scan report to FILE.

-r, --recursive
Scan directories recursively. All the subdirectories in the given directory will be
scanned.

-z, --allmatch
After a match, continue scanning within the file for additional matches.

--cross-fs=[yes(*)/no]
Scan files and directories on other filesystems.

--follow-dir-symlinks=[0/1(*)/2]
Follow directory symlinks. There are 3 options: 0 - never follow directory
symlinks, 1 (default) - only follow directory symlinks, which are passed as direct
arguments to clamscan. 2 - always follow directory symlinks.

--follow-file-symlinks=[0/1(*)/2]
Follow file symlinks. There are 3 options: 0 - never follow file symlinks, 1
(default) - only follow file symlinks, which are passed as direct arguments to
clamscan. 2 - always follow file symlinks.

-f FILE, --file-list=FILE
Scan files listed line by line in FILE.

--remove[=yes/no(*)]
Remove infected files. Be careful!

--move=DIRECTORY
Move infected files into DIRECTORY. Directory must be writable for the '' user or
unprivileged user running clamscan.

--copy=DIRECTORY
Copy infected files into DIRECTORY. Directory must be writable for the '' user or
unprivileged user running clamscan.

--exclude=REGEX, --exclude-dir=REGEX
Don't scan file/directory names matching regular expression. These options can be
used multiple times.

--include=REGEX, --include-dir=REGEX
Only scan file/directory matching regular expression. These options can be used
multiple times.

--bytecode[=yes(*)/no]
With this option enabled ClamAV will load bytecode from the database. It is highly
recommended you keep this option turned on, otherwise you may miss detections for
many new viruses.

--bytecode-unsigned[=yes/no(*)]
Allow loading bytecode from outside digitally signed .c[lv]d files.

--bytecode-timeout=N
Set bytecode timeout in milliseconds (default: 60000 = 60s)

--statistics[=none(*)/bytecode/pcre]
Collect and print execution statistics.

--detect-pua[=yes/no(*)]
Detect Possibly Unwanted Applications.

--exclude-pua=CATEGORY
Exclude a specific PUA category. This option can be used multiple times. See
http://www.clamav.net/doc/pua.html for the complete list of PUA

--include-pua=CATEGORY
Only include a specific PUA category. This option can be used multiple times. See
http://www.clamav.net/doc/pua.html for the complete list of PUA

--detect-structured[=yes/no(*)]
Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers
inside documents/text files.

--structured-ssn-format=X
X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid
SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. Default is 0.

--structured-ssn-count=#n
This option sets the lowest number of Social Security Numbers found in a file to
generate a detect (default: 3).

--structured-cc-count=#n
This option sets the lowest number of Credit Card numbers found in a file to
generate a detect (default: 3).

--scan-mail[=yes(*)/no]
Scan mail files. If you turn off this option, the original files will still be
scanned, but without parsing individual messages/attachments.

--phishing-sigs[=yes(*)/no]
Use the signature-based phishing detection.

--phishing-scan-urls[=yes(*)/no]
Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)

--heuristic-scan-precedence[=yes/no(*)]
Allow heuristic match to take precedence. When enabled, if a heuristic scan (such
as phishingScan) detects a possible virus/phish it will stop scan immediately.
Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic
scans will be reported only at the end of a scan. If an archive contains both a
heuristically detected virus/phish, and a real malware, the real malware will be
reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses
differently from "real" malware. If a non-heuristically-detected virus (signature-
based) is found first, the scan is interrupted immediately, regardless of this
config option.

--phishing-ssl[=yes/no(*)]
Block SSL mismatches in URLs (might lead to false positives!).

--phishing-cloak[=yes/no(*)]
Block cloaked URLs (might lead to some false positives).

--partition-intersection[=yes/no(*)]
Detect partition intersections in raw disk images using heuristics.

--algorithmic-detection[=yes(*)/no]
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV
uses special algorithms to provide accurate detection. This option can be used to
control the algorithmic detection.

--scan-pe[=yes(*)/no]
PE stands for Portable Executable - it's an executable file format used in all
32-bit versions of Windows operating systems. By default ClamAV performs deeper
analysis of executable files and attempts to decompress popular executable packers
such as UPX, Petite, and FSG. If you turn off this option, the original files will
still be scanned but without additional processing.

--scan-elf[=yes(*)/no]
Executable and Linking Format is a standard format for UN*X executables. This
option controls the ELF support. If you turn it off, the original files will still
be scanned but without additional processing.

--scan-ole2[=yes(*)/no]
Scan Microsoft Office documents and .msi files. If you turn off this option, the
original files will still be scanned but without additional processing.

--scan-pdf[=yes(*)/no]
Scan within PDF files. If you turn off this option, the original files will still
be scanned, but without decoding and additional processing.

--scan-swf[=yes(*)/no]
Scan SWF files. If you turn off this option, the original files will still be
scanned but without additional processing.

--scan-html[=yes(*)/no]
Detect, normalize/decrypt and scan HTML files and embedded scripts. If you turn off
this option, the original files will still be scanned, but without additional
processing.

--scan-archive[=yes(*)/no]
Scan archives supported by libclamav. If you turn off this option, the original
files will still be scanned, but without unpacking and additional processing.

--detect-broken[=yes/no(*)]
Mark broken executables as viruses (Broken.Executable).

--block-encrypted[=yes/no(*)]
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

--max-filesize=#n
Extract and scan at most #n bytes from each archive. You may pass the value in
kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number.
This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)

--max-scansize=#n
Extract and scan at most #n bytes from each archive. The size the archive plus the
sum of the sizes of all files within archive count toward the scan size. For
example, a 1M uncompressed archive containing a single 1M inner file counts as 2M
toward max-scansize. You may pass the value in kilobytes in format xK or xk, or
megabytes in format xM or xm, where x is a number. This option protects your system
against DoS attacks (default: 100 MB, max: <4 GB)

--max-files=#n
Extract at most #n files from each scanned file (when this is an archive, a
document or another kind of container). This option protects your system against
DoS attacks (default: 10000)

--max-recursion=#n
Set archive recursion level limit. This option protects your system against DoS
attacks (default: 16).

--max-dir-recursion=#n
Maximum depth directories are scanned at (default: 15).

--max-embeddedpe=#n
Maximum size file to check for embedded PE. You may pass the value in kilobytes in
format xK or xk, or megabytes in format xM or xm, where x is a number (default: 10
MB, max: <4 GB).

--max-htmlnormalize=#n
Maximum size of HTML file to normalize. You may pass the value in kilobytes in
format xK or xk, or megabytes in format xM or xm, where x is a number (default: 10
MB, max: <4 GB).

--max-htmlnotags=#n
Maximum size of normalized HTML file to scan. You may pass the value in kilobytes
in format xK or xk, or megabytes in format xM or xm, where x is a number (default:
2 MB, max: <4 GB).

--max-scriptnormalize=#n
Maximum size of script file to normalize. You may pass the value in kilobytes in
format xK or xk, or megabytes in format xM or xm, where x is a number (default: 5
MB, max: <4 GB).

--max-ziptypercg=#n
Maximum size zip to type reanalyze. You may pass the value in kilobytes in format
xK or xk, or megabytes in format xM or xm, where x is a number (default: 1 MB, max:
<4 GB).

--max-partitions=#n
This option sets the maximum number of partitions of a raw disk image to be
scanned. This must be a positive integer (default: 50).

--max-iconspe=#n
This option sets the maximum number of icons within a PE to be scanned. This must
be a positive integer (default: 100).

--pcre-match-limit=#n
Maximum calls to the PCRE match function (default: 10000).

--pcre-recmatch-limit=#n
Maximum recursive calls to the PCRE match function (default: 5000).

--pcre-max-filesize=#n
Maximum size file to perform PCRE subsig matching (default: 25 MB, max: <4 GB).

--enable-stats
This option enables submission of statistical data. (Default: stats submissions
disabled)

--stats-host-id
This option sets the HostID, in the form of an UUID, to use when submitting
statistical information.

--disable-pe-stats
This option disables the submission of PE section data. (Default: submitting of PE
section data enabled if stats submissions as a whole is enabled).

--stats-timeout=#n
This option sets the timeout in seconds to wait for communication back from the
stats server. (Default: 10).

EXAMPLES


(0) Scan a single file:

clamscan file

(1) Scan a current working directory:

clamscan

(2) Scan all files (and subdirectories) in /home:

clamscan -r /home

(3) Load database from a file:

clamscan -d /tmp/newclamdb -r /tmp

(4) Scan a data stream:

cat testfile | clamscan -

(5) Scan a mail spool directory:

clamscan -r /var/spool/mail

RETURN CODES


0 : No virus found.

1 : Virus(es) found.

2 : Some error(s) occured.

CREDITS


Please check the full documentation for credits.

Use clamscan online using onworks.net services


Ad


Ad