manpagez: man pages & more
man clamd(8)
Home | html | info | man
Clam Daemon(8)                  Clam AntiVirus                  Clam Daemon(8)




NAME

       clamd - an anti-virus daemon


SYNOPSIS

       clamd [options]


DESCRIPTION

       The  daemon  listens for incoming connections on Unix and/or TCP socket
       and scans files or directories on demand. It  reads  the  configuration
       from /usr/local/etc/clamd.conf


COMMANDS

       It's recommended to prefix clamd commands with the letter z (eg. zSCAN)
       to indicate that the command will be delimited by a NULL character  and
       that  clamd should continue reading command data until a NULL character
       is read. The null delimiter assures that the complete command  and  its
       entire  argument  will  be processed as a single command. Alternatively
       commands may be prefixed with the letter n (e.g. nSCAN) to use  a  new-
       line  character  as  the  delimiter.  Clamd  replies  will  honour  the
       requested terminator in turn.  If clamd doesn't recognize the  command,
       or the command doesn't follow the requirements specified below, it will
       reply with an error message, and close the connection.

       Clamd recognizes the following commands:


       PING   Check the server's state. It should reply with "PONG".

       VERSION
              Print program and database versions.

       RELOAD Reload the virus databases.

       SHUTDOWN
              Perform a clean exit.

       SCAN file/directory
              Scan a file or a directory (recursively)  with  archive  support
              enabled  (if  not  disabled  in  clamd.conf).  A  full  path  is
              required.

       CONTSCAN file/directory
              Scan  file  or  directory  (recursively)  with  archive  support
              enabled and don't stop the scanning when a virus is found.

       MULTISCAN file/directory
              Scan  file  in  a  standard  way or scan directory (recursively)
              using multiple threads (to  make  the  scanning  faster  on  SMP
              machines).

       ALLMATCHSCAN file/directory
              ALLMATCHSCAN  works  just  like  SCAN except that it sets a mode
              where scanning continues after finding a match within a file.

       INSTREAM
              It is mandatory to prefix this command with n or z.

              Scan a stream of data. The stream is sent to  clamd  in  chunks,
              after  INSTREAM,  on  the  same  socket on which the command was
              sent.  This avoids the overhead of establishing new TCP  connec-
              tions  and  problems  with  NAT.  The  format  of  the chunk is:
              '<length><data>' where <length> is the  size  of  the  following
              data  in bytes expressed as a 4 byte unsigned integer in network
              byte order and <data> is the actual chunk. Streaming  is  termi-
              nated  by  sending  a  zero-length  chunk.  Note:  do not exceed
              StreamMaxLength as defined in clamd.conf, otherwise  clamd  will
              reply  with  INSTREAM  size limit exceeded and close the connec-
              tion.

       FILDES It is mandatory to newline terminate  this  command,  or  prefix
              with n or z.

              This  command  only  works  on UNIX domain sockets.  Scan a file
              descriptor.  After  issuing  a  FILDES  command   a   subsequent
              rfc2292/bsd4.4  style packet (with at least one dummy character)
              is sent to clamd carrying the  file  descriptor  to  be  scanned
              inside  the  ancillary  data.  Alternatively the file descriptor
              may be sent in the same packet, including the extra character.

       STATS  IIt is mandatory to newline terminate this  command,  or  prefix
              with n or z, it is recommended to only use the z prefix.

              Replies  with  statistics about the scan queue, contents of scan
              queue, and memory usage. The exact reply format  is  subject  to
              change in future releases.

       IDSESSION, END
              It is mandatory to prefix this command with n or z, and all com-
              mands inside IDSESSION must be prefixed.

              Start/end a clamd  session.  Within  a  session  multiple  SCAN,
              INSTREAM,  FILDES,  VERSION,  STATS  commands can be sent on the
              same socket without opening new connections. Replies from  clamd
              will be in the form '<id>: <response>' where <id> is the request
              number (in ascii, starting from 1) and <response> is  the  usual
              clamd  reply.  The reply lines have same delimiter as the corre-
              sponding command had.  Clamd will  process  the  commands  asyn-
              chronously, and reply as soon as it has finished processing.

              Clamd  requires  clients to read all the replies it sent, before
              sending more commands to prevent send()  deadlocks.  The  recom-
              mended  way  to  implement  a client that uses IDSESSION is with
              non-blocking sockets, and a select()/poll() loop: whenever  send
              would  block,  sleep  in  select/poll until either you can write
              more data, or read more replies.  Note that  using  non-blocking
              sockets   without   the   select/poll   loop   and   alternating
              recv()/send() doesn't comply with clamd's requirements.

              If clamd detects that a client has deadlocked,   it  will  close
              the  connection.  Note that clamd may close an IDSESSION connec-
              tion too if you don't follow the  protocol's  requirements.  The
              client can use the PING command to keep the connection alive.

       VERSIONCOMMANDS
              It  is  mandatory to prefix this command with either n or z.  It
              is recommended to use nVERSIONCOMMANDS.

              Print program and database versions, followed by  "|  COMMANDS:"
              and  a  space-delimited list of supported commands.  Clamd <0.95
              will recognize this as the VERSION command, and reply only  with
              their version, without the commands list.

              This  command  can be used as an easy way to check for IDSESSION
              support for example.


       DEPRECATED COMMANDS

       STREAM Scan stream - on this command clamd will  return  "PORT  number"
              you  should  connect  to and send data to scan. (DEPRECATED, use
              INSTREAM instead)


       NOT SUPPORTED COMMANDS

       SESSION, END
              Start/end a clamd session which will allow you to  run  multiple
              commands per TCP session. (use IDSESSION instead)


OPTIONS

       -h, --help
              Output help information and exit.

       -V, --version
              Print the version number and exit.

       -c FILE, --config-file=FILE
              Read configuration from FILE.


SIGNALS

       Clamd recognizes the following signals:

       SIGHUP Reopen the logfile.

       SIGUSR2
              Reload the signature databases.

       SIGTERM
              Perform a clean exit.


FILES

       /usr/local/etc/clamd.conf


CREDITS

       Please check the full documentation for credits.


AUTHOR

       Tomasz Kojm <tkojm@clamav.net>


SEE ALSO

       clamd.conf(5),   clamdscan(1),  freshclam(1),  freshclam.conf(5),  cla-
       mav-milter(8)



ClamAV 0.98                    February 12, 2009                Clam Daemon(8)
Clam Daemon(8)                  Clam AntiVirus                  Clam Daemon(8)




NAME

       clamd - an anti-virus daemon


SYNOPSIS

       clamd [options]


DESCRIPTION

       The  daemon  listens for incoming connections on Unix and/or TCP socket
       and scans files or directories on demand. It  reads  the  configuration
       from @CFGDIR@/clamd.conf


COMMANDS

       It's recommended to prefix clamd commands with the letter z (eg. zSCAN)
       to indicate that the command will be delimited by a NULL character  and
       that  clamd should continue reading command data until a NULL character
       is read. The null delimiter assures that the complete command  and  its
       entire  argument  will  be processed as a single command. Alternatively
       commands may be prefixed with the letter n (e.g. nSCAN) to use  a  new-
       line  character  as  the  delimiter.  Clamd  replies  will  honour  the
       requested terminator in turn.  If clamd doesn't recognize the  command,
       or the command doesn't follow the requirements specified below, it will
       reply with an error message, and close the connection.

       Clamd recognizes the following commands:


       PING   Check the server's state. It should reply with "PONG".

       VERSION
              Print program and database versions.

       RELOAD Reload the virus databases.

       SHUTDOWN
              Perform a clean exit.

       SCAN file/directory
              Scan a file or a directory (recursively)  with  archive  support
              enabled  (if  not  disabled  in  clamd.conf).  A  full  path  is
              required.

       CONTSCAN file/directory
              Scan  file  or  directory  (recursively)  with  archive  support
              enabled and don't stop the scanning when a virus is found.

       MULTISCAN file/directory
              Scan  file  in  a  standard  way or scan directory (recursively)
              using multiple threads (to  make  the  scanning  faster  on  SMP
              machines).

       ALLMATCHSCAN file/directory
              ALLMATCHSCAN  works  just  like  SCAN except that it sets a mode
              where scanning continues after finding a match within a file.

       INSTREAM
              It is mandatory to prefix this command with n or z.

              Scan a stream of data. The stream is sent to  clamd  in  chunks,
              after  INSTREAM,  on  the  same  socket on which the command was
              sent.  This avoids the overhead of establishing new TCP  connec-
              tions  and  problems  with  NAT.  The  format  of  the chunk is:
              '<length><data>' where <length> is the  size  of  the  following
              data  in bytes expressed as a 4 byte unsigned integer in network
              byte order and <data> is the actual chunk. Streaming  is  termi-
              nated  by  sending  a  zero-length  chunk.  Note:  do not exceed
              StreamMaxLength as defined in clamd.conf, otherwise  clamd  will
              reply  with  INSTREAM  size limit exceeded and close the connec-
              tion.

       FILDES It is mandatory to newline terminate  this  command,  or  prefix
              with n or z.

              This  command  only  works  on UNIX domain sockets.  Scan a file
              descriptor.  After  issuing  a  FILDES  command   a   subsequent
              rfc2292/bsd4.4  style packet (with at least one dummy character)
              is sent to clamd carrying the  file  descriptor  to  be  scanned
              inside  the  ancillary  data.  Alternatively the file descriptor
              may be sent in the same packet, including the extra character.

       STATS  IIt is mandatory to newline terminate this  command,  or  prefix
              with n or z, it is recommended to only use the z prefix.

              Replies  with  statistics about the scan queue, contents of scan
              queue, and memory usage. The exact reply format  is  subject  to
              change in future releases.

       IDSESSION, END
              It is mandatory to prefix this command with n or z, and all com-
              mands inside IDSESSION must be prefixed.

              Start/end a clamd  session.  Within  a  session  multiple  SCAN,
              INSTREAM,  FILDES,  VERSION,  STATS  commands can be sent on the
              same socket without opening new connections. Replies from  clamd
              will be in the form '<id>: <response>' where <id> is the request
              number (in ascii, starting from 1) and <response> is  the  usual
              clamd  reply.  The reply lines have same delimiter as the corre-
              sponding command had.  Clamd will  process  the  commands  asyn-
              chronously, and reply as soon as it has finished processing.

              Clamd  requires  clients to read all the replies it sent, before
              sending more commands to prevent send()  deadlocks.  The  recom-
              mended  way  to  implement  a client that uses IDSESSION is with
              non-blocking sockets, and a select()/poll() loop: whenever  send
              would  block,  sleep  in  select/poll until either you can write
              more data, or read more replies.  Note that  using  non-blocking
              sockets   without   the   select/poll   loop   and   alternating
              recv()/send() doesn't comply with clamd's requirements.

              If clamd detects that a client has deadlocked,   it  will  close
              the  connection.  Note that clamd may close an IDSESSION connec-
              tion too if you don't follow the  protocol's  requirements.  The
              client can use the PING command to keep the connection alive.

       VERSIONCOMMANDS
              It  is  mandatory to prefix this command with either n or z.  It
              is recommended to use nVERSIONCOMMANDS.

              Print program and database versions, followed by  "|  COMMANDS:"
              and  a  space-delimited list of supported commands.  Clamd <0.95
              will recognize this as the VERSION command, and reply only  with
              their version, without the commands list.

              This  command  can be used as an easy way to check for IDSESSION
              support for example.


       DEPRECATED COMMANDS

       STREAM Scan stream - on this command clamd will  return  "PORT  number"
              you  should  connect  to and send data to scan. (DEPRECATED, use
              INSTREAM instead)


       NOT SUPPORTED COMMANDS

       SESSION, END
              Start/end a clamd session which will allow you to  run  multiple
              commands per TCP session. (use IDSESSION instead)


OPTIONS

       -h, --help
              Output help information and exit.

       -V, --version
              Print the version number and exit.

       -c FILE, --config-file=FILE
              Read configuration from FILE.


SIGNALS

       Clamd recognizes the following signals:

       SIGHUP Reopen the logfile.

       SIGUSR2
              Reload the signature databases.

       SIGTERM
              Perform a clean exit.


FILES

       @CFGDIR@/clamd.conf


CREDITS

       Please check the full documentation for credits.


AUTHOR

       Tomasz Kojm <tkojm@clamav.net>


SEE ALSO

       clamd.conf(5),   clamdscan(1),  freshclam(1),  freshclam.conf(5),  cla-
       mav-milter(8)



ClamAV @VERSION@               February 12, 2009                Clam Daemon(8)

clamav 0.98 - Generated Sat Sep 21 09:11:31 CDT 2013
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.