NAME
clamd - an anti-virus daemon
SYNOPSIS
clamd [options]
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP socket
and scans files or directories on demand. It reads the configuration
from /etc/clamav/clamd.conf
COMMANDS
It's recommended to prefix clamd commands with the letter z (eg. zSCAN)
to indicate that the command will be delimited by a NULL character and
that clamd should continue reading command data until a NULL character
is read. The null delimiter assures that the complete command and its
entire argument will be processed as a single command. Alternatively
commands may be prefixed with the letter n (e.g. nSCAN) to use a
newline character as the delimiter. Clamd replies will honour the
requested terminator in turn. If clamd doesn't recognize the command,
or the command doesn't follow the requirements specified below, it will
reply with an error message, and close the connection.
Clamd recognizes the following commands:
PING Check the server's state. It should reply with "PONG".
VERSION
Print program and database versions.
RELOAD Reload the virus databases.
SHUTDOWN
Perform a clean exit.
SCAN file/directory
Scan a file or a directory (recursively) with archive support
enabled (if not disabled in clamd.conf). A full path is
required.
CONTSCAN file/directory
Scan file or directory (recursively) with archive support
enabled and don't stop the scanning when a virus is found.
MULTISCAN file/directory
Scan file in a standard way or scan directory (recursively)
using multiple threads (to make the scanning faster on SMP
machines).
INSTREAM
It is mandatory to prefix this command with n or z.
Scan a stream of data. The stream is sent to clamd in chunks,
after INSTREAM, on the same socket on which the command was
sent. This avoids the overhead of establishing new TCP
connections and problems with NAT. The format of the chunk is:
'<length><data>' where <length> is the size of the following
data in bytes expressed as a 4 byte unsigned integer in network
byte order and <data> is the actual chunk. Streaming is
terminated by sending a zero-length chunk. Note: do not exceed
StreamMaxLength as defined in clamd.conf, otherwise clamd will
reply with INSTREAM size limit exceeded and close the
connection.
FILDES It is mandatory to newline terminate this command, or prefix
with n or z.
This command only works on UNIX domain sockets. Scan a file
descriptor. After issuing a FILDES command a subsequent
rfc2292/bsd4.4 style packet (with at least one dummy character)
is sent to clamd carrying the file descriptor to be scanned
inside the ancillary data. Alternatively the file descriptor
may be sent in the same packet, including the extra character.
STATS IIt is mandatory to newline terminate this command, or prefix
with n or z, it is recommended to only use the z prefix.
Replies with statistics about the scan queue, contents of scan
queue, and memory usage. The exact reply format is subject to
change in future releases.
IDSESSION, END
It is mandatory to prefix this command with n or z, and all
commands inside IDSESSION must be prefixed.
Start/end a clamd session. Within a session multiple SCAN,
INSTREAM, FILDES, VERSION, STATS commands can be sent on the
same socket without opening new connections. Replies from clamd
will be in the form '<id>: <response>' where <id> is the request
number (in ascii, starting from 1) and <response> is the usual
clamd reply. The reply lines have same delimiter as the
corresponding command had. Clamd will process the commands
asynchronously, and reply as soon as it has finished processing.
Clamd requires clients to read all the replies it sent, before
sending more commands to prevent send() deadlocks. The
recommended way to implement a client that uses IDSESSION is
with non-blocking sockets, and a select()/poll() loop: whenever
send would block, sleep in select/poll until either you can
write more data, or read more replies. Note that using non-
blocking sockets without the select/poll loop and alternating
recv()/send() doesn't comply with clamd's requirements.
If clamd detects that a client has deadlocked, it will close
the connection. Note that clamd may close an IDSESSION
connection too if you don't follow the protocol's requirements.
VERSIONCOMMANDS
It is mandatory to prefix this command with either n or z. It
is recommended to use nVERSIONCOMMANDS.
Print program and database versions, followed by "| COMMANDS:"
and a space-delimited list of supported commands. Clamd <0.95
will recognize this as the VERSION command, and reply only with
their version, without the commands list.
This command can be used as an easy way to check for IDSESSION
support for example.
DEPRECATED COMMANDS
STREAM Scan stream - on this command clamd will return "PORT number"
you should connect to and send data to scan. (DEPRECATED, use
INSTREAM instead)
NOT SUPPORTED COMMANDS
SESSION, END
Start/end a clamd session which will allow you to run multiple
commands per TCP session. (use IDSESSION instead)
OPTIONS
-h, --help
Output help information and exit.
-V, --version
Print the version number and exit.
-c FILE, --config-file=FILE
Read configuration from FILE.
SIGNALS
Clamd recognizes the following signals:
SIGHUP Reopen the logfile.
SIGUSR2
Reload the signature databases.
SIGTERM
Perform a clean exit.
FILES
/etc/clamav/clamd.conf
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamd.conf(5), clamdscan(1), freshclam(1), freshclam.conf(5),
clamav-milter(8)