From Linux Man Pages
clamscan - scan files and directories against viruses
clamscan [options] [file/directory/-]
DESCRIPTION
clamscan is a command line anti-virus scanner. It's a part of the Clam AntiVirus package.
OPTIONS
-h, --help
Print help information and exit.
-V, --version
Print version number and exit.
-v, --verbose
Be verbose.
--debug
Enable debug messages (from libclamav).
--quiet
Be quiet (only print error messages).
--stdout
Write all messages (except for libclamav output) to the standard output (stdout).
-d FILE/DIR, --database=FILE/DIR
Load virus database from FILE or load all virus database files from DIR.
-l FILE, --log=FILE
Save scan report to FILE.
--tempdir=DIRECTORY
Create temporary files in DIRECTORY. Directory must be writable for the 'clamav' user or unprivileged user
running clamscan.
--leave-temps
Do not remove temporary files.
-r, --recursive
Scan directories recursively. All the subdirectories in the given directory will be scanned.
--bell Sound bell on virus detection.
--no-summary
Do not display summary at the end of scanning.
--exclude=PATT, --exclude-dir=PATT
Don't scan file/directory names containing PATT. It may be used multiple times.
--include=PATT, --include-dir=PATT
Only scan file/directory names containing PATT. It may be used multiple times.
-i, --infected
Only print infected files.
--remove
Remove infected files. Be careful.
--move=DIRECTORY
Move infected files into DIRECTORY. Directory must be writable for the 'clamav' user or unprivileged user
running clamscan.
--no-mail
Disable scanning of mail files.
--no-pe
PE stands for Portable Executable - it's an executable file format used in all 32-bit versions of Windows
operating systems. By default ClamAV performs deeper analysis of executable files and attempts to decom-
press popular executable packers such as UPX, Petite, and FSG. This option disables PE support and should
be used with care!
--no-ole2
Disable support for Microsoft Office document files.
--no-html
Disable support for HTML detection and normalisation.
--no-archive
Disable archive support built in libclamav.
--detect-broken
Mark broken executables as viruses (Broken.Executable).
--block-encrypted
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
--block-max
Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) if max-files, max-space, or
max-recursion is reached.
--mail-follow-urls
If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to
a DoS attack. Never use it on loaded servers.
--max-files=#n
Extract first #n files from each archive. This option protects your system against DoS attacks (default:
500)
--max-space=#n
Extract first #n kilobytes from each archive. You may give the number in megabytes in format xM or xm,
where x is a number. This option protects your system against DoS attacks (default: 10 MB)
--max-recursion=#n
Set archive recursion level limit. This option protects your system against DoS attacks (default: 8).
--max-ratio=#n
Set maximum archive compression ratio limit. This option protects your system against DoS attacks
(default: 250).
--max-mail-recursion=#n
Recursion level limit for the internal mail scanner.
--max-dir-recursion=#n
Maximum depth directories are scanned at (default: 15).
--unzip[=FULLPATH]
In most cases you don't need this option - the built-in unarchiver will do extract Zip archives. This
option however may be used as a backup for internal unpacker - see the full documentation for more infor-
mation. When enabled without an argument, unzip program will be searched in $PATH. If unzip cannot be
found in $PATH, you must force it with =pathname. Remember about '=' between the option and an argument.
--unrar[=FULLPATH]
Scan .rar files.
--arj[=FULLPATH]
Scan .arj files.
--unzoo[=FULLPATH]
Scan .zoo files.
--lha[=FULLPATH]
Scan .lzh files.
--jar[=FULLPATH]
clamscan uses unzip for .jar files, so optionally eventually you will need to pass a full path to unzip.
--deb[=FULLPATH]
This option supports debian binary packages. Implies --tgz, but doesn't conflict with --tgz=FULLPATH. It
requires ar utility.
--tar[=FULLPATH]
This option supports non-compressed archives.
--tgz[=FULLPATH]
This option supports tar.gz and .tgz files. You need GNU tar, on non-Linux system you probably have it
installed as gtar. If it's in $PATH, please use --tgz=gtar in other case please pass a full path.
EXAMPLES
(0) Scan selected file:
clamscan file
(1) Scan current working directory:
clamscan
(2) Scan all files (and subdirectories) in /home:
clamscan -r /home
(3) Load database from selected file and limit disk usage to 50 Mb:
clamscan -d /tmp/newclamdb --max-space=50m -r /tmp
(4) Scan data stream:
cat testfile | clamscan -
(5) Scan mail spool directory:
clamscan -r /var/spool/mail
RETURN CODES
Note: some return codes may only appear in a one file mode (clamscan is started with file argument). Those are
marked with (ofm).
0 : No virus found.
1 : Virus(es) found.
40: Unknown option passed.
50: Database initialization error.
52: Not supported file type.
53: Can't open directory.
54: Can't open file. (ofm)
55: Error reading file. (ofm)
56: Can't stat input file / directory.
57: Can't get absolute path name of current working directory.
58: I/O error, please check your file system.
59: Can't get information about current user from /etc/passwd.
60: Can't get information about user 'clamav' (default name) from /etc/passwd.
61: Can't fork.
62: Can't initialize logger.
63: Can't create temporary files/directories (check permissions).
64: Can't write to temporary directory (please specify another one).
70: Can't allocate and clear memory (calloc).
71: Can't allocate memory (malloc).
CREDITS
Please check the full documentation for credits.
RELATED
clamdscan(1), freshclam(1)
CATEGORY