clamav/docs/man/clamd.8.in

.TH "Clam Daemon" "8" "February 12, 2009" "ClamAV @VERSION@" "Clam AntiVirus"
.SH "NAME"
.LP 
clamd \- an anti\-virus daemon
.SH "SYNOPSIS"
.LP 
clamd [options]
.SH "DESCRIPTION"
.LP 
The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
.SH "COMMANDS"
.LP 
It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
If clamd doesn't recognize the command, or the command doesn't follow the requirements specified below, it will reply with an error message, and close the connection.
.LP
Clamd recognizes the following commands:

.TP 
\fBPING\fR
Check the server's state. It should reply with "PONG".
.TP 
\fBVERSION\fR
Print program and database versions.
.TP 
\fBRELOAD\fR
Reload the virus databases.
.TP 
\fBSHUTDOWN\fR
Perform a clean exit.
.TP 
\fBSCAN file/directory\fR
Scan a file or a directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required.
.TP 
\fBCONTSCAN file/directory\fR
Scan file or directory (recursively) with archive support enabled and don't stop the scanning when a virus is found.
.TP 
\fBMULTISCAN file/directory\fR
Scan file in a standard way or scan directory (recursively) using multiple threads (to make the scanning faster on SMP machines).
.TP
\fBINSTREAM\fR
It is mandatory to prefix this command with \fBn\fR or \fBz\fR.

Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent.
This avoids the overhead of establishing new TCP connections and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with \fBINSTREAM size limit exceeded\fR and close the connection.
.TP
\fBFILDES\fR
It is mandatory to newline terminate this command, or prefix with \fBn\fR or \fBz\fR.

This command only works on UNIX domain sockets.
Scan a file descriptor. After issuing a FILDES command a subsequent rfc2292/bsd4.4 style packet (with at least one dummy character) is sent to clamd carrying the file descriptor to be scanned inside the ancillary data.
Alternatively the file descriptor may be sent in the same packet, including the extra character.
.TP
\fBSTATS\fR
IIt is mandatory to newline terminate this command, or prefix with \fBn\fR or \fBz\fR, it is recommended to only use the \fBz\fR prefix.

Replies with statistics about the scan queue, contents of scan queue, and memory
usage. The exact reply format is subject to change in future releases.
.TP
\fBIDSESSION, END\fR
It is mandatory to prefix this command with \fBn\fR or \fBz\fR, and all commands inside IDSESSION must be prefixed.

Start/end a clamd session. Within a session multiple SCAN, INSTREAM, FILDES, VERSION, STATS commands can be sent on the same socket without opening new connections. Replies from clamd will be in the form '<id>: <response>' where <id> is the request number (in ascii, starting from 1) and <response> is the usual clamd reply.
The reply lines have same delimiter as the corresponding command had.
Clamd will process the commands asynchronously, and reply as soon as it has finished processing.

Clamd requires clients to read all the replies it sent, before sending more commands to prevent send() deadlocks. The recommended way to implement a client that uses IDSESSION is with non-blocking sockets, and a select()/poll() loop: whenever send would block, sleep in select/poll until either you can write more data, or read more replies.
\fINote that using non-blocking sockets without the select/poll loop and alternating recv()/send() doesn't comply with clamd's requirements.\fR

If clamd detects that a client has deadlocked,  it will close the connection. Note that clamd may close an IDSESSION connection too if you don't follow the protocol's requirements.
.TP
\fBVERSIONCOMMANDS\fR
It is mandatory to prefix this command with either \fBn\fR or \fBz\fR.
It is recommended to use \fBnVERSIONCOMMANDS\fR.

Print program and database versions, followed by "| COMMANDS:" and a
space-delimited list of supported commands.
Clamd <0.95 will recognize this as the VERSION command, and reply only with
their version, without the commands list.

This command can be used as an easy way to check for IDSESSION support for
example.
.LP
.TP 
\fBDEPRECATED COMMANDS\fR
.TP
\fBSTREAM\fR
Scan stream \- on this command clamd will return "PORT number" you should connect to and send data to scan. (\fBDEPRECATED\fR, use INSTREAM instead) 
.LP
.TP
\fBNOT SUPPORTED COMMANDS\fR
.TP 
\fBSESSION, END\fR
Start/end a clamd session which will allow you to run multiple commands per TCP session. (use IDSESSION instead)
.SH "OPTIONS"
.LP 
.TP 
\fB\-h, \-\-help\fR
Output help information and exit.
.TP 
\fB\-V, \-\-version\fR
Print the version number and exit.
.TP 
\fB\-c FILE, \-\-config\-file=FILE\fR
Read configuration from FILE.
.SH "SIGNALS"
.LP 
Clamd recognizes the following signals:
.TP 
\fBSIGHUP\fR
Reopen the logfile.
.TP 
\fBSIGUSR2\fR
Reload the signature databases.
.TP 
\fBSIGTERM\fR
Perform a clean exit.
.SH "FILES"
.LP 
@CFGDIR@/clamd.conf
.SH "CREDITS"
Please check the full documentation for credits.
.SH "AUTHOR"
.LP 
Tomasz Kojm <tkojm@clamav.net>
.SH "SEE ALSO"
.LP 
clamd.conf(5), clamdscan(1), freshclam(1), freshclam.conf(5), clamav\-milter(8)