Clam Daemon(8) Clam AntiVirus Clam Daemon(8)
NAME
clamd - an anti-virus daemon
SYNOPSIS
clamd [options]
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from /usr/local/etc/clamd.conf
COMMANDS
It's recommended to prefix clamd commands with the letter z (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter n (e.g. nSCAN) to use a new- line character as the delimiter. Clamd replies will honour the requested terminator in turn. If clamd doesn't recognize the command, or the command doesn't follow the requirements specified below, it will reply with an error message, and close the connection. Clamd recognizes the following commands: PING Check the server's state. It should reply with "PONG". VERSION Print program and database versions. RELOAD Reload the virus databases. SHUTDOWN Perform a clean exit. SCAN file/directory Scan a file or a directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required. CONTSCAN file/directory Scan file or directory (recursively) with archive support enabled and don't stop the scanning when a virus is found. MULTISCAN file/directory Scan file in a standard way or scan directory (recursively) using multiple threads (to make the scanning faster on SMP machines). ALLMATCHSCAN file/directory ALLMATCHSCAN works just like SCAN except that it sets a mode where scanning continues after finding a match within a file. INSTREAM It is mandatory to prefix this command with n or z. Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent. This avoids the overhead of establishing new TCP connec- tions and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is termi- nated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with INSTREAM size limit exceeded and close the connec- tion. FILDES It is mandatory to newline terminate this command, or prefix with n or z. This command only works on UNIX domain sockets. Scan a file descriptor. After issuing a FILDES command a subsequent rfc2292/bsd4.4 style packet (with at least one dummy character) is sent to clamd carrying the file descriptor to be scanned inside the ancillary data. Alternatively the file descriptor may be sent in the same packet, including the extra character. STATS IIt is mandatory to newline terminate this command, or prefix with n or z, it is recommended to only use the z prefix. Replies with statistics about the scan queue, contents of scan queue, and memory usage. The exact reply format is subject to change in future releases. IDSESSION, END It is mandatory to prefix this command with n or z, and all com- mands inside IDSESSION must be prefixed. Start/end a clamd session. Within a session multiple SCAN, INSTREAM, FILDES, VERSION, STATS commands can be sent on the same socket without opening new connections. Replies from clamd will be in the form '<id>: <response>' where <id> is the request number (in ascii, starting from 1) and <response> is the usual clamd reply. The reply lines have same delimiter as the corre- sponding command had. Clamd will process the commands asyn- chronously, and reply as soon as it has finished processing. Clamd requires clients to read all the replies it sent, before sending more commands to prevent send() deadlocks. The recom- mended way to implement a client that uses IDSESSION is with non-blocking sockets, and a select()/poll() loop: whenever send would block, sleep in select/poll until either you can write more data, or read more replies. Note that using non-blocking sockets without the select/poll loop and alternating recv()/send() doesn't comply with clamd's requirements. If clamd detects that a client has deadlocked, it will close the connection. Note that clamd may close an IDSESSION connec- tion too if you don't follow the protocol's requirements. The client can use the PING command to keep the connection alive. VERSIONCOMMANDS It is mandatory to prefix this command with either n or z. It is recommended to use nVERSIONCOMMANDS. Print program and database versions, followed by "| COMMANDS:" and a space-delimited list of supported commands. Clamd <0.95 will recognize this as the VERSION command, and reply only with their version, without the commands list. This command can be used as an easy way to check for IDSESSION support for example. DEPRECATED COMMANDS STREAM Scan stream - on this command clamd will return "PORT number" you should connect to and send data to scan. (DEPRECATED, use INSTREAM instead) NOT SUPPORTED COMMANDS SESSION, END Start/end a clamd session which will allow you to run multiple commands per TCP session. (use IDSESSION instead)
OPTIONS
-h, --help Output help information and exit. -V, --version Print the version number and exit. -c FILE, --config-file=FILE Read configuration from FILE.
SIGNALS
Clamd recognizes the following signals: SIGHUP Reopen the logfile. SIGUSR2 Reload the signature databases. SIGTERM Perform a clean exit.
FILES
/usr/local/etc/clamd.conf
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamd.conf(5), clamdscan(1), freshclam(1), freshclam.conf(5), cla- mav-milter(8) ClamAV 0.98 February 12, 2009 Clam Daemon(8) Clam Daemon(8) Clam AntiVirus Clam Daemon(8)
NAME
clamd - an anti-virus daemon
SYNOPSIS
clamd [options]
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
COMMANDS
It's recommended to prefix clamd commands with the letter z (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter n (e.g. nSCAN) to use a new- line character as the delimiter. Clamd replies will honour the requested terminator in turn. If clamd doesn't recognize the command, or the command doesn't follow the requirements specified below, it will reply with an error message, and close the connection. Clamd recognizes the following commands: PING Check the server's state. It should reply with "PONG". VERSION Print program and database versions. RELOAD Reload the virus databases. SHUTDOWN Perform a clean exit. SCAN file/directory Scan a file or a directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required. CONTSCAN file/directory Scan file or directory (recursively) with archive support enabled and don't stop the scanning when a virus is found. MULTISCAN file/directory Scan file in a standard way or scan directory (recursively) using multiple threads (to make the scanning faster on SMP machines). ALLMATCHSCAN file/directory ALLMATCHSCAN works just like SCAN except that it sets a mode where scanning continues after finding a match within a file. INSTREAM It is mandatory to prefix this command with n or z. Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent. This avoids the overhead of establishing new TCP connec- tions and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is termi- nated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with INSTREAM size limit exceeded and close the connec- tion. FILDES It is mandatory to newline terminate this command, or prefix with n or z. This command only works on UNIX domain sockets. Scan a file descriptor. After issuing a FILDES command a subsequent rfc2292/bsd4.4 style packet (with at least one dummy character) is sent to clamd carrying the file descriptor to be scanned inside the ancillary data. Alternatively the file descriptor may be sent in the same packet, including the extra character. STATS IIt is mandatory to newline terminate this command, or prefix with n or z, it is recommended to only use the z prefix. Replies with statistics about the scan queue, contents of scan queue, and memory usage. The exact reply format is subject to change in future releases. IDSESSION, END It is mandatory to prefix this command with n or z, and all com- mands inside IDSESSION must be prefixed. Start/end a clamd session. Within a session multiple SCAN, INSTREAM, FILDES, VERSION, STATS commands can be sent on the same socket without opening new connections. Replies from clamd will be in the form '<id>: <response>' where <id> is the request number (in ascii, starting from 1) and <response> is the usual clamd reply. The reply lines have same delimiter as the corre- sponding command had. Clamd will process the commands asyn- chronously, and reply as soon as it has finished processing. Clamd requires clients to read all the replies it sent, before sending more commands to prevent send() deadlocks. The recom- mended way to implement a client that uses IDSESSION is with non-blocking sockets, and a select()/poll() loop: whenever send would block, sleep in select/poll until either you can write more data, or read more replies. Note that using non-blocking sockets without the select/poll loop and alternating recv()/send() doesn't comply with clamd's requirements. If clamd detects that a client has deadlocked, it will close the connection. Note that clamd may close an IDSESSION connec- tion too if you don't follow the protocol's requirements. The client can use the PING command to keep the connection alive. VERSIONCOMMANDS It is mandatory to prefix this command with either n or z. It is recommended to use nVERSIONCOMMANDS. Print program and database versions, followed by "| COMMANDS:" and a space-delimited list of supported commands. Clamd <0.95 will recognize this as the VERSION command, and reply only with their version, without the commands list. This command can be used as an easy way to check for IDSESSION support for example. DEPRECATED COMMANDS STREAM Scan stream - on this command clamd will return "PORT number" you should connect to and send data to scan. (DEPRECATED, use INSTREAM instead) NOT SUPPORTED COMMANDS SESSION, END Start/end a clamd session which will allow you to run multiple commands per TCP session. (use IDSESSION instead)
OPTIONS
-h, --help Output help information and exit. -V, --version Print the version number and exit. -c FILE, --config-file=FILE Read configuration from FILE.
SIGNALS
Clamd recognizes the following signals: SIGHUP Reopen the logfile. SIGUSR2 Reload the signature databases. SIGTERM Perform a clean exit.
FILES
@CFGDIR@/clamd.conf
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamd.conf(5), clamdscan(1), freshclam(1), freshclam.conf(5), cla- mav-milter(8) ClamAV @VERSION@ February 12, 2009 Clam Daemon(8)
clamav 0.98 - Generated Sat Sep 21 09:11:31 CDT 2013