Clamdscan: Unterschied zwischen den Versionen

Aus Foxwiki
Keine Bearbeitungszusammenfassung
Markierung: Manuelle Zurücksetzung
K Textersetzung - „Man-Pages“ durch „Man-Page“
 
(24 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
'''clamdscan''' - Antivirus-Programm für Unix - Scanner-Client
{{DISPLAYTITLE:clamdscan}}
 
'''clamdscan''' scannt Dateien nach Schadsoftware


= Beschreibung =
= Beschreibung =
Dieses Paket enthält clamdscan, die Befehlszeilenschnittstelle des ClamAV-Daemons.
; Files
/usr/bin/clamdscan
/usr/share/bug/clamdscan/script
/usr/share/doc/clamdscan/NEWS.Debian.gz
/usr/share/doc/clamdscan/NEWS.gz
/usr/share/doc/clamdscan/README.Debian.gz
/usr/share/doc/clamdscan/changelog.Debian.gz
/usr/share/doc/clamdscan/changelog.gz
/usr/share/doc/clamdscan/copyright
/usr/share/man/man1/clamdscan.1.gz
= Installation =
= Installation =
# apt install clamav-daemon
= Syntax =
= Syntax =
== Parameter ==
== Parameter ==
== Optionen ==
== Optionen ==
= Konfiguration =
= Konfiguration =
== Dateien ==
== Dateien ==


= Anwendungen =
= Anwendung =
= Sicherheit =
= Sicherheit =
= Dokumentation =
= Dokumentation =
== RFC ==
== RFC ==
== Man-Pages ==
== Man-Page ==
== Info-Pages ==
== Info-Pages ==
== Projekt-Homepage ==
== Projekt ==


= Links =
= Links =
== Siehe auch ==
== Siehe auch ==
== Weblinks ==
== Weblinks ==
== Einzelnachweise ==
<references />
= Testfragen =
<div class="toccolours mw-collapsible mw-collapsed">
''Testfrage 1''
<div class="mw-collapsible-content">'''Antwort1'''</div>
</div>
<div class="toccolours mw-collapsible mw-collapsed">
''Testfrage 2''
<div class="mw-collapsible-content">'''Antwort2'''</div>
</div>
<div class="toccolours mw-collapsible mw-collapsed">
''Testfrage 3''
<div class="mw-collapsible-content">'''Antwort3'''</div>
</div>
<div class="toccolours mw-collapsible mw-collapsed">
''Testfrage 4''
<div class="mw-collapsible-content">'''Antwort4'''</div>
</div>
<div class="toccolours mw-collapsible mw-collapsed">
''Testfrage 5''
<div class="mw-collapsible-content">'''Antwort5'''</div>
</div>
= TMP 1=
  Clam AntiVirus ist ein Antiviren-Werkzeugsatz für Unix. Der Hauptzweck
  dieser Software ist die Zusammenarbeit mit E-Mail-Servern (zur
  Prüfung von E-Mail-Anhängen). Der Werkzeugsatz umfasst einen flexiblen
  und skalierbaren Multi-Thread-Daemon im Paket clamav-daemon, einen
  Kommandozeilen-Scanner im Paket clamav und ein Werkzeug zur automatischen
  Aktualisierung via Internet im Paket clamav-freshclam. Die Programme
  basieren auf der Bibliothek libclamav. Diese Bibliothek kann auch von
  anderen Programmen verwendet werden.
  Dieses Paket enthält clamdscan, die Befehlszeilenschnittstelle des
  ClamAV-Daemons.
Files
  /usr/bin/clamdscan
  /usr/share/bug/clamdscan/script
  /usr/share/doc/clamdscan/NEWS.Debian.gz
  /usr/share/doc/clamdscan/NEWS.gz
  /usr/share/doc/clamdscan/README.Debian.gz
  /usr/share/doc/clamdscan/changelog.Debian.gz
  /usr/share/doc/clamdscan/changelog.gz
  /usr/share/doc/clamdscan/copyright
  /usr/share/man/man1/clamdscan.1.gz
= TMP2=
clamscan(1)                            Clam AntiVirus                            clamscan(1)
NAME
clamscan - scan files and directories for viruses
SYNOPSIS
clamscan [options] [file/directory/-]
DESCRIPTION
clamscan is a command line anti-virus scanner.
OPTIONS
Most of the options are simple switches which enable or disable some features. Options
marked with [=yes/no(*)] can be optionally followed by =yes/=no; if  they  get  called
without the boolean argument the scanner will assume 'yes'. The asterisk marks the de‐
fault internal setting for a given option.
-h, --help
        Print help information and exit.
-V, --version
        Print version number and exit.
-v, --verbose
        Be verbose.
-a, --archive-verbose
        Show filenames inside scanned archives
--debug
        Display debug messages from libclamav.
--quiet
        Be quiet (only print error messages).
--stdout
        Write all messages (except for libclamav output) to the standard  output  (std‐
        out).
--no-summary
        Do not display summary at the end of scanning.
-i, --infected
        Only print infected files.
-o, --suppress-ok-results
        Skip printing OK files
--bell Sound bell on virus detection.
--tempdir=DIRECTORY
        Create  temporary  files in DIRECTORY. Directory must be writable for the 'cla‐
        mav' user or unprivileged user running clamscan.
--leave-temps
        Do not remove temporary files.
--gen-json
        Generate JSON description of scanned file(s). JSON will  be  printed  and  also
        dropped to the temp directory if --leave-temps is enabled.
-d FILE/DIR, --database=FILE/DIR
        Load virus database from FILE or load all virus database files from DIR.
--official-db-only=[yes/no(*)]
        Only load the official signatures published by the ClamAV project.
-l FILE, --log=FILE
        Save scan report to FILE.
-r, --recursive
        Scan  directories  recursively.  All  the subdirectories in the given directory
        will be scanned.
-z, --allmatch
        After a match, continue scanning within the file for additional matches.
--cross-fs=[yes(*)/no]
        Scan files and directories on other filesystems.
--follow-dir-symlinks=[0/1(*)/2]
        Follow directory symlinks. There are 3 options: 0 - never follow directory sym‐
        links, 1 (default) - only follow directory symlinks, which are passed as direct
        arguments to clamscan. 2 - always follow directory symlinks.
--follow-file-symlinks=[0/1(*)/2]
        Follow file symlinks. There are 3 options: 0 - never follow  file  symlinks,  1
        (default)  - only follow file symlinks, which are passed as direct arguments to
        clamscan. 2 - always follow file symlinks.
-f FILE, --file-list=FILE
        Scan files listed line by line in FILE.
--remove[=yes/no(*)]
        Remove infected files. Be careful!
--move=DIRECTORY
        Move infected files into DIRECTORY. Directory must be writable for the 'clamav'
        user or unprivileged user running clamscan.
--copy=DIRECTORY
        Copy infected files into DIRECTORY. Directory must be writable for the 'clamav'
        user or unprivileged user running clamscan.
--exclude=REGEX, --exclude-dir=REGEX
        Don't scan file/directory names matching regular expression. These options  can
        be used multiple times.
--include=REGEX, --include-dir=REGEX
        Only scan file/directory matching regular expression. These options can be used
        multiple times.
--bytecode[=yes(*)/no]
        With this option enabled ClamAV will load bytecode from  the  database.  It  is
        highly  recommended  you keep this option turned on, otherwise you may miss de‐
        tections for many new viruses.
--bytecode-unsigned[=yes/no(*)]
        Allow loading bytecode from outside  digitally  signed  .c[lv]d  files.  **Cau‐
        tion**:  You should NEVER run bytecode signatures from untrusted sources. Doing
        so may result in arbitrary code execution.
--bytecode-timeout=N
        Set bytecode timeout in milliseconds (default: 5000 = 5s)
--statistics[=none(*)/bytecode/pcre]
        Collect and print execution statistics.
--detect-pua[=yes/no(*)]
        Detect Possibly Unwanted Applications.
--exclude-pua=CATEGORY
        Exclude a specific PUA category. This option can be used  multiple  times.  See
        https://docs.clamav.net/faq/faq-pua.html for the complete list of PUA
--include-pua=CATEGORY
        Only  include  a specific PUA category. This option can be used multiple times.
        See https://docs.clamav.net/faq/faq-pua.html for the complete list of PUA
--detect-structured[=yes/no(*)]
        Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers
        inside documents/text files.
--structured-ssn-format=X
        X=0:  search  for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for
        valid SSNs formatted as xxxyyzzzz (stripped); X=2: search for both formats. De‐
        fault is 0.
--structured-ssn-count=#n
        This  option  sets the lowest number of Social Security Numbers found in a file
        to generate a detect (default: 3).
--structured-cc-count=#n
        This option sets the lowest number of Credit Card numbers found in  a  file  to
        generate a detect (default: 3).
--scan-mail[=yes(*)/no]
        Scan  mail files. If you turn off this option, the original files will still be
        scanned, but without parsing individual messages/attachments.
--phishing-sigs[=yes(*)/no]
        Enable email signature-based phishing detection.
--phishing-scan-urls[=yes(*)/no]
        Enable URL signature-based phishing detection (Heuristics.Phishing.Email.*)
--heuristic-alerts[=yes(*)/no]
        In some cases (eg. complex malware, exploits in  graphic  files,  and  others),
        ClamAV  uses  special algorithms to provide accurate detection. This option can
        be used to control the algorithmic detection.
--heuristic-scan-precedence[=yes/no(*)]
        Allow heuristic match to take precedence. When enabled,  if  a  heuristic  scan
        (such as phishingScan) detects a possible virus/phish it will stop scan immedi‐
        ately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by
        heuristic  scans will be reported only at the end of a scan. If an archive con‐
        tains both a heuristically detected  virus/phish, and a real malware, the  real
        malware  will  be  reported Keep this disabled if you intend to handle "Heuris‐
        tics.*" viruses  differently from "real" malware.  If  a  non-heuristically-de‐
        tected virus (signature-based) is found first,  the scan is interrupted immedi‐
        ately, regardless of this config option.
--normalize[=yes(*)/no]
        Normalize (compress whitespace, downcase, etc.) html, script, and  text  files.
        Use normalize=no for yara compatibility.
--scan-pe[=yes(*)/no]
        PE  stands for Portable Executable - it's an executable file format used in all
        32-bit versions of Windows operating systems. By default ClamAV performs deeper
        analysis  of  executable  files  and  attempts to decompress popular executable
        packers such as UPX, Petite, and FSG. If you turn off this option, the original
        files will still be scanned but without additional processing.
--scan-elf[=yes(*)/no]
        Executable  and  Linking Format is a standard format for UN*X executables. This
        option controls the ELF support. If you turn it off, the  original  files  will
        still be scanned but without additional processing.
--scan-ole2[=yes(*)/no]
        Scan  Microsoft  Office  documents and .msi files. If you turn off this option,
        the original files will still be scanned but without additional processing.
--scan-pdf[=yes(*)/no]
        Scan within PDF files. If you turn off this option,  the  original  files  will
        still be scanned, but without decoding and additional processing.
--scan-swf[=yes(*)/no]
        Scan  SWF  files. If you turn off this option, the original files will still be
        scanned but without additional processing.
--scan-html[=yes(*)/no]
        Detect, normalize/decrypt and scan HTML files and embedded scripts. If you turn
        off  this  option,  the original files will still be scanned, but without addi‐
        tional processing.
--scan-xmldocs[=yes(*)/no]
        Scan xml-based document files supported by libclamav. If you turn off this  op‐
        tion, the original files will still be scanned, but without additional process‐
        ing.
--scan-hwp3[=yes(*)/no]
        Scan HWP3 files. If you turn off this option, the original files will still  be
        scanned, but without additional processing.
--scan-archive[=yes(*)/no]
        Scan archives supported by libclamav. If you turn off this option, the original
        files will still be scanned, but without unpacking and additional processing.
--alert-broken[=yes/no(*)]
        Alert on broken executable files (PE & ELF).
--alert-encrypted[=yes/no(*)]
        Alert on encrypted archives and documents (encrypted .zip, .7zip, .rar, .pdf).
--alert-encrypted-archive[=yes/no(*)]
        Alert on encrypted archives (encrypted .zip, .7zip, .rar, .pdf).
--alert-encrypted-doc[=yes/no(*)]
        Alert on encrypted documents (encrypted .zip, .7zip, .rar, .pdf).
--alert-macros[=yes/no(*)]
        Alert on OLE2 files containing VBA macros (Heuristics.OLE2.ContainsMacros).
--alert-exceeds-max[=yes/no(*)]
        Alert on files that exceed max file size, max scan size, or max recursion limit
        (Heuristics.Limits.Exceeded).
--alert-phishing-ssl[=yes/no(*)]
        Alert  on  emails  containing SSL mismatches in URLs (might lead to false posi‐
        tives!).
--alert-phishing-cloak[=yes/no(*)]
        Alert on emails containing cloaked URLs (might lead to some false positives).
--alert-partition-intersection[=yes/no(*)]
        Detect partition intersections in raw disk images using heuristics.
--nocerts
        Disable authenticode certificate chain verification in PE files.
--dumpcerts
        Dump authenticode certificate chain in PE files.
--max-scantime=#n
        The maximum time to scan before giving up. The value is  in  milliseconds.  The
        value of 0 disables the limit. This option protects your system against DoS at‐
        tacks (default: 120000 = 120s or 2min)
--max-filesize=#n
        Extract and scan at most #n bytes from each archive. You may pass the value  in
        kilobytes  in  format  xK  or xk, or megabytes in format xM or xm, where x is a
        number. This option protects your system against DoS attacks (default:  25  MB,
        max: <4 GB)
--max-scansize=#n
        Extract  and scan at most #n bytes from each archive. The size the archive plus
        the sum of the sizes of all files within archive count toward  the  scan  size.
        For example, a 1M uncompressed archive containing a single 1M inner file counts
        as 2M toward max-scansize. You may pass the value in kilobytes in format xK  or
        xk,  or megabytes in format xM or xm, where x is a number. This option protects
        your system against DoS attacks (default: 100 MB, max: <4 GB)
--max-files=#n
        Extract at most #n files from each scanned file (when this  is  an  archive,  a
        document  or  another  kind  of  container).  This  option protects your system
        against DoS attacks (default: 10000)
--max-recursion=#n
        Set archive recursion level limit. This option protects your system against DoS
        attacks (default: 17).
--max-dir-recursion=#n
        Maximum depth directories are scanned at (default: 15).
--max-embeddedpe=#n
        Maximum size file to check for embedded PE. You may pass the value in kilobytes
        in format xK or xk, or megabytes in format xM or xm, where x is a  number  (de‐
        fault: 10 MB, max: <4 GB).
--max-htmlnormalize=#n
        Maximum  size of HTML file to normalize. You may pass the value in kilobytes in
        format xK or xk, or megabytes in format xM or xm, where x is a number (default:
        10 MB, max: <4 GB).
--max-htmlnotags=#n
        Maximum  size  of normalized HTML file to scan. You may pass the value in kilo‐
        bytes in format xK or xk, or megabytes in format xM or xm, where x is a  number
        (default: 2 MB, max: <4 GB).
--max-scriptnormalize=#n
        Maximum  size  of script file to normalize. You may pass the value in kilobytes
        in format xK or xk, or megabytes in format xM or xm, where x is a  number  (de‐
        fault: 5 MB, max: <4 GB).
--max-ziptypercg=#n
        Maximum size zip to type reanalyze. You may pass the value in kilobytes in for‐
        mat xK or xk, or megabytes in format xM or xm, where x is a number (default:  1
        MB, max: <4 GB).
--max-partitions=#n
        This  option  sets  the  maximum number of partitions of a raw disk image to be
        scanned. This must be a positive integer (default: 50).
--max-iconspe=#n
        This option sets the maximum number of icons within a PE to  be  scanned.  This
        must be a positive integer (default: 100).
--max-rechwp3=#n
        This option sets the maximum recursive calls to HWP3 parsing function (default:
        16).
--pcre-match-limit=#n
        Maximum calls to the PCRE match function (default: 100000).
--pcre-recmatch-limit=#n
        Maximum recursive calls to the PCRE match function (default: 2000).
--pcre-max-filesize=#n
        Maximum size file to perform PCRE subsig matching (default: 25 MB, max: <4 GB).
--disable-cache
        Disable caching and cache checks for hash sums of scanned files.
ENVIRONMENT VARIABLES
clamscan uses the following environment variables:
LD_LIBRARY_PATH - May be used on startup to find the libclamunrar_iface shared library
module to enable RAR archive support.
EXAMPLES
(0) Scan a single file:
        clamscan file
(1) Scan a current working directory:
        clamscan
(2) Scan all files (and subdirectories) in /home:
        clamscan -r /home
(3) Load database from a file:
        clamscan -d /tmp/newclamdb -r /tmp
(4) Scan a data stream:
        cat testfile | clamscan -
(5) Scan a mail spool directory:
        clamscan -r /var/spool/mail
RETURN CODES
0 : No virus found.
1 : Virus(es) found.
2 : Some error(s) occurred.


CREDITS
Please check the full documentation for credits.


AUTHOR
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>


SEE ALSO
clamdscan(1), freshclam(1), freshclam.conf(5)


[[Kategorie:Sicherheit:Schadsoftware:Scanner]]
[[Kategorie:ClamAV]]

Aktuelle Version vom 6. November 2024, 12:23 Uhr


clamdscan scannt Dateien nach Schadsoftware

Beschreibung

Dieses Paket enthält clamdscan, die Befehlszeilenschnittstelle des ClamAV-Daemons.

Files
/usr/bin/clamdscan
/usr/share/bug/clamdscan/script
/usr/share/doc/clamdscan/NEWS.Debian.gz
/usr/share/doc/clamdscan/NEWS.gz
/usr/share/doc/clamdscan/README.Debian.gz
/usr/share/doc/clamdscan/changelog.Debian.gz
/usr/share/doc/clamdscan/changelog.gz
/usr/share/doc/clamdscan/copyright
/usr/share/man/man1/clamdscan.1.gz

Installation

# apt install clamav-daemon

Syntax

Parameter

Optionen

Konfiguration

Dateien

Anwendung

Sicherheit

Dokumentation

RFC

Man-Page

Info-Pages

Projekt

Links

Siehe auch

Weblinks