Clam Daemon(8) Clam AntiVirus Clam Daemon(8)
NAME
clamd - an anti-virus daemon
SYNOPSIS
clamd [options]
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP socket
and scans files or directories on demand. It reads the configuration
from /etc/clamav/clamd.conf
COMMANDS
It's recommended to prefix clamd commands with the letter z (eg. zSCAN)
to indicate that the command will be delimited by a NULL character and
that clamd should continue reading command data until a NULL character
is read. The null delimiter assures that the complete command and its
entire argument will be processed as a single command. Alternatively
commands may be prefixed with the letter n (e.g. nSCAN) to use a newline
character as the delimiter. Clamd replies will honour the requested ter-
minator in turn. If clamd doesn't recognize the command, or the command
doesn't follow the requirements specified below, it will reply with an
error message, and close the connection.
Clamd recognizes the following commands:
PING Check the server's state. It should reply with "PONG".
VERSION
Print program and database versions.
RELOAD Reload the virus databases.
SHUTDOWN
Perform a clean exit.
SCAN file/directory
Scan a file or a directory (recursively) with archive support en-
abled (if not disabled in clamd.conf). A full path is required.
CONTSCAN file/directory
Scan file or directory (recursively) with archive support enabled
and don't stop the scanning when a virus is found.
MULTISCAN file/directory
Scan file in a standard way or scan directory (recursively) using
multiple threads (to make the scanning faster on SMP machines).
ALLMATCHSCAN file/directory
ALLMATCHSCAN works just like SCAN except that it sets a mode
where scanning continues after finding a match within a file.
INSTREAM
It is mandatory to prefix this command with n or z.
Scan a stream of data. The stream is sent to clamd in chunks, af-
ter INSTREAM, on the same socket on which the command was sent.
This avoids the overhead of establishing new TCP connections and
problems with NAT. The format of the chunk is: '<length><data>'
where <length> is the size of the following data in bytes ex-
pressed as a 4 byte unsigned integer in network byte order and
<data> is the actual chunk. Streaming is terminated by sending a
zero-length chunk. Note: do not exceed StreamMaxLength as defined
in clamd.conf, otherwise clamd will reply with INSTREAM size
limit exceeded and close the connection.
FILDES It is mandatory to newline terminate this command, or prefix with
n or z.
This command only works on UNIX domain sockets. Scan a file de-
scriptor. After issuing a FILDES command a subsequent
rfc2292/bsd4.4 style packet (with at least one dummy character)
is sent to clamd carrying the file descriptor to be scanned in-
side the ancillary data. Alternatively the file descriptor may
be sent in the same packet, including the extra character.
STATS It is mandatory to newline terminate this command, or prefix with
n or z, it is recommended to only use the z prefix.
Replies with statistics about the scan queue, contents of scan
queue, and memory usage. The exact reply format is subject to
change in future releases.
IDSESSION, END
It is mandatory to prefix this command with n or z, and all com-
mands inside IDSESSION must be prefixed.
Start/end a clamd session. Within a session multiple SCAN, IN-
STREAM, FILDES, VERSION, STATS commands can be sent on the same
socket without opening new connections. Replies from clamd will
be in the form '<id>: <response>' where <id> is the request num-
ber (in ascii, starting from 1) and <response> is the usual clamd
reply. The reply lines have same delimiter as the corresponding
command had. Clamd will process the commands asynchronously, and
reply as soon as it has finished processing.
Clamd requires clients to read all the replies it sent, before
sending more commands to prevent send() deadlocks. The recom-
mended way to implement a client that uses IDSESSION is with non-
blocking sockets, and a select()/poll() loop: whenever send would
block, sleep in select/poll until either you can write more data,
or read more replies. Note that using non-blocking sockets with-
out the select/poll loop and alternating recv()/send() doesn't
comply with clamd's requirements.
If clamd detects that a client has deadlocked, it will close the
connection. Note that clamd may close an IDSESSION connection too
if you don't follow the protocol's requirements. The client can
use the PING command to keep the connection alive.
VERSIONCOMMANDS
It is mandatory to prefix this command with either n or z. It is
recommended to use nVERSIONCOMMANDS.
Print program and database versions, followed by "| COMMANDS:"
and a space-delimited list of supported commands. Clamd <0.95
will recognize this as the VERSION command, and reply only with
their version, without the commands list.
This command can be used as an easy way to check for IDSESSION
support for example.
DEPRECATED COMMANDS
STREAM Scan stream - on this command clamd will return "PORT number" you
should connect to and send data to scan. (DEPRECATED, use IN-
STREAM instead)
NOT SUPPORTED COMMANDS
SESSION, END
Start/end a clamd session which will allow you to run multiple
commands per TCP session. (use IDSESSION instead)
OPTIONS
-h, --help
Output help information and exit.
-V, --version
Print the version number and exit.
-F, --foreground
Run in foreground; do not daemonize.
--debug
Enable debug mode.
-c FILE, --config-file=FILE
Read configuration from FILE.
--fail-if-cvd-older-than=days
Return with a nonzero error code if the virus database is older
than the specified number of days.
--datadir=DIRECTORY
Load signatures from DIRECTORY.
-p FILE, --pid=FILE
Write the daemon's pid to FILE.
ENVIRONMENT VARIABLES
clamd uses the following environment variables:
LD_LIBRARY_PATH - May be used on startup to find the libclamunrar_iface
shared library module to enable RAR archive support.
SIGNALS
Clamd recognizes the following signals:
SIGHUP Reopen the logfile.
SIGUSR2
Reload the signature databases.
SIGTERM
Perform a clean exit.
FILES
/etc/clamav/clamd.conf
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamd.conf(5), clamdscan(1), freshclam(1), freshclam.conf(5), cla-
mav-milter(8)
ClamAV 1.4.3 February 12, 2009 Clam Daemon(8)
Generated by dwww version 1.16 on Tue Dec 16 06:40:14 CET 2025.