clamd

Clam Daemon(8) Clam AntiVirus Clam Daemon(8)

NAME

   clamd - an anti-virus daemon

SYNOPSIS

   clamd [options]

DESCRIPTION

   The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from /etc/clamav/clamd.conf

COMMANDS

   It's  recommended to prefix clamd commands with the letter z (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading com‐
   mand data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single  command.  Alternatively  commands
   may be prefixed with the letter n (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.  If clamd doesn't recognize the
   command, or the command doesn't follow the requirements specified below, it will reply with an error message, and close the connection.

   Clamd recognizes the following commands:

   PING   Check the server's state. It should reply with "PONG".

   VERSION
          Print program and database versions.

   RELOAD Reload the virus databases.

   SHUTDOWN
          Perform a clean exit.

   SCAN file/directory
          Scan a file or a directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required.

   CONTSCAN file/directory
          Scan file or directory (recursively) with archive support enabled and don't stop the scanning when a virus is found.

   MULTISCAN file/directory
          Scan file in a standard way or scan directory (recursively) using multiple threads (to make the scanning faster on SMP machines).

   ALLMATCHSCAN file/directory
          ALLMATCHSCAN works just like SCAN except that it sets a mode where scanning continues after finding a match within a file.

   INSTREAM
          It is mandatory to prefix this command with n or z.

          Scan  a  stream  of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent.  This avoids the overhead of establishing new
          TCP connections and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned in‐
          teger in network byte order and <data> is the actual chunk. Streaming is terminated by sending  a  zero-length  chunk.  Note:  do  not  exceed  StreamMaxLength  as  defined  in
          clamd.conf, otherwise clamd will reply with INSTREAM size limit exceeded and close the connection.

   FILDES It is mandatory to newline terminate this command, or prefix with n or z.

          This  command only works on UNIX domain sockets.  Scan a file descriptor. After issuing a FILDES command a subsequent rfc2292/bsd4.4 style packet (with at least one dummy char‐
          acter) is sent to clamd carrying the file descriptor to be scanned inside the ancillary data.  Alternatively the file descriptor may be sent in the same packet,  including  the
          extra character.

   STATS  It is mandatory to newline terminate this command, or prefix with n or z, it is recommended to only use the z prefix.

          Replies with statistics about the scan queue, contents of scan queue, and memory usage. The exact reply format is subject to change in future releases.

   IDSESSION, END
          It is mandatory to prefix this command with n or z, and all commands inside IDSESSION must be prefixed.

          Start/end  a  clamd  session.  Within a session multiple SCAN, INSTREAM, FILDES, VERSION, STATS commands can be sent on the same socket without opening new connections. Replies
          from clamd will be in the form '<id>: <response>' where <id> is the request number (in ascii, starting from 1) and <response> is the usual clamd reply.  The  reply  lines  have
          same delimiter as the corresponding command had.  Clamd will process the commands asynchronously, and reply as soon as it has finished processing.

          Clamd  requires clients to read all the replies it sent, before sending more commands to prevent send() deadlocks. The recommended way to implement a client that uses IDSESSION
          is with non-blocking sockets, and a select()/poll() loop: whenever send would block, sleep in select/poll until either you can write more data, or read more replies.  Note that
          using non-blocking sockets without the select/poll loop and alternating recv()/send() doesn't comply with clamd's requirements.

          If clamd detects that a client has deadlocked,  it will close the connection. Note that clamd may close an IDSESSION connection too if you don't follow the protocol's  require‐
          ments. The client can use the PING command to keep the connection alive.

   VERSIONCOMMANDS
          It is mandatory to prefix this command with either n or z.  It is recommended to use nVERSIONCOMMANDS.

          Print  program  and  database versions, followed by "| COMMANDS:" and a space-delimited list of supported commands.  Clamd <0.95 will recognize this as the VERSION command, and
          reply only with their version, without the commands list.

          This command can be used as an easy way to check for IDSESSION support for example.

   DEPRECATED COMMANDS

   STREAM Scan stream - on this command clamd will return "PORT number" you should connect to and send data to scan. (DEPRECATED, use INSTREAM instead)

   NOT SUPPORTED COMMANDS

   SESSION, END
          Start/end a clamd session which will allow you to run multiple commands per TCP session. (use IDSESSION instead)

OPTIONS

   -h, --help
          Output help information and exit.

   -V, --version
          Print the version number and exit.

   -F, --foreground
          Run in foreground; do not daemonize.

   --debug
          Enable debug mode.

   -c FILE, --config-file=FILE
          Read configuration from FILE.

   --fail-if-cvd-older-than=days
          Return with a nonzero error code if the virus database is older than the specified number of days.

   --datadir=DIRECTORY
          Load signatures from DIRECTORY.

   -p FILE, --pid=FILE
          Write the daemon's pid to FILE.

ENVIRONMENT VARIABLES

   clamd uses the following environment variables:

   LD_LIBRARY_PATH - May be used on startup to find the libclamunrar_iface shared library module to enable RAR archive support.

SIGNALS

   Clamd recognizes the following signals:

   SIGHUP Reopen the logfile.

   SIGUSR2
          Reload the signature databases.

   SIGTERM
          Perform a clean exit.

FILES

   /etc/clamav/clamd.conf

CREDITS

   Please check the full documentation for credits.

AUTHOR

   Tomasz Kojm <tkojm@clamav.net>