Clam On-Access Scanner

Section: Clam AntiVirus (8)
Updated: July 29, 2020
Page Index

NAME

clamonacc - an anti-virus on-access scanning daemon and clamd client

SYNOPSIS

clamd [options]

DESCRIPTION

The clamonacc daemon registers for file access notifications from the Linux kernel and in response, submits scans to the clamd scanning daemon for a verdict. On-Access is only available on Linux systems. On Linux, On-Access requires a kernel version >= 3.8. This is because it leverages a kernel api called fanotify to block processes from attempting to access malicious files. This prevention occurs in kernel-space, and thus offers stronger protection than a purely user-space solution.

OPTIONS

-h, --help: Output help information and exit.
-V, --version: Print the version number and exit.
-v, --verbose: Be verbose.
-l FILE, --log=FILE: Save the scan report to FILE.
-F, --foreground: Run in foreground; do not daemonize.
-w FILE, --watch-list=FILE: Watch directories from FILE.
-e FILE, --exclude-list=FILE: Exclude directories from FILE.
-p A[:I], --ping A[:I]: Ping clamd up to [A] times at optional interval [I] until it responds.
-w, --wait: Wait up to 30 seconds for clamd to start. Optionally use alongside ping to set attempts [A] and interval [I] to check clamd.
--remove: Remove infected files. Be careful.
--move=DIRECTORY: Move infected files into DIRECTORY.
--copy=DIRECTORY: Copy infected files into DIRECTORY.
-c FILE, --config-file=FILE: Read configuration from FILE.
--allmatch: Continue scanning within file after finding a match.
--fdpass: Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket.
--stream: Forces file streaming to clamd. This is generally not needed as clamdscan detects automatically if streaming is required. This option only exists for debugging and testing purposes, in all other cases --fdpass is preferred.

SIGNALS

ClamOnAcc recognizes the following signals:

SIGHUP: Reopen the logfile.
SIGUSR2: Reload the signature databases.
SIGTERM: Perform a clean exit.

FILES

/etc/clamd.conf

CREDITS

Please check the full documentation for credits.

AUTHOR

Tomasz Kojm <tkojm@clamav.net>