new file mode 100644

@@ -0,0 +1,61 @@

+.\" Manual page created by Tomasz Kojm, 20020929

+.TH "Clam Daemon" "8" "November 11, 2003" "Tomasz Kojm" "Clam AntiVirus"

+.SH "NAME"

+.LP 

+clamd \- an anti\-virus daemon

+.SH "SYNOPSIS"

+.LP 

+clamd [options]

+.SH "DESCRIPTION"

+.LP 

+The daemon listens for incoming connections on Unix or TCP socket and scans files or directories on demand. It's a part of the Clam AntiVirus package. It reads its configuration information from a clamd.conf file. It provides on\-access scanning feature (clamuko) under Linux.

+.SH "COMMANDS"

+.LP 

+clamd recognizes the following commands:

+.TP 

+\fBPING\fR

+Check the server's state. It should reply with "PONG".

+.TP 

+\fBVERSION\fR

+Print a version information.

+.TP 

+\fBRELOAD\fR

+Reload the virus databases.

+.TP 

+\fBQUIT\fR

+Perform a clean exit.

+.TP 

+\fBSCAN file/directory\fR

+Scan a file or directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required.

+.TP 

+\fBRAWSCAN file/directory\fR

+Scan a file or directory (recursively) with archive support disabled. A full path is required.

+.TP 

+\fBCONTSCAN file/directory\fR

+Scan a file or directory (recursively) with archive support enabled and continue scanning even when virus is found. A full path is required.

+.TP 

+\fBSTREAM\fR

+Scan stream \- on this command clamd will return "PORT number" and you can connect to that port and send a data to scan.

+.SH "OPTIONS"

+.LP 

+

+.TP 

+\fB\-h, \-\-help\fR

+Output help information and exit.

+.TP 

+\fB\-V, \-\-version\fR

+Print the version number and exit.

+.TP 

+\fB\-c FILE, \-\-config\-file=FILE\fR

+Read configuration from FILE.

+.SH "FILES"

+.LP 

+@CFGDIR@/clamd.conf

+.SH "CREDITS"

+Please check the full documentation for credits.

+.SH "AUTHOR"

+.LP 

+Tomasz Kojm <tkojm@clamav.net>

+.SH "SEE ALSO"

+.LP 

+clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamd.conf(5), clamav\-milter(8)

new file mode 100644

@@ -0,0 +1,283 @@

+.\" Manual page created by Tomasz Kojm, 20021001.

+.TH "clamd.conf" "5" "September 2, 2004" "Tomasz Kojm" "Clam AntiVirus"

+.SH "NAME"

+.LP 

+\fBclamd.conf\fR \- a configuration file for Clam AntiVirus Daemon

+.SH "DESCRIPTION"

+.LP 

+clamd.conf configures the Clam AntiVirus daemon, clamd(8).

+.SH "FILE FORMAT"

+The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options are are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:

+.TP 

+\fBSTRING\fR

+String without blank characters.

+.TP 

+\fBSIZE\fR

+Size in bytes. You can use a 'M' or 'm' modifiers for megabytes and a 'K' or 'k' for kilobytes.

+.TP 

+\fBNUMBER\fR

+Unsigned integer.

+.SH "DIRECTIVES"

+.LP 

+When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action.

+.TP 

+\fBExample\fR

+If this option is set clamd will not run.

+.TP 

+\fBLogFile STRING\fR

+Enable logging to selected file.

+.br 

+Default: disabled.

+.TP 

+\fBLogFileUnlock\fR

+Disable a system lock that protects against running clamd with a same configuration file multiple times.

+.br 

+Default: disabled.

+.TP 

+\fBLogFileMaxSize SIZE\fR

+Limit a size of a log file. The logger will be automatically disabled  if the file is greater than SIZE. Value of 0 disables the limit.

+.br 

+Default: 1M

+.TP 

+\fBLogTime\fR

+Log time with each message.

+.br 

+Default: disabled.

+.TP 

+\fBLogClean\fR

+Log clean files.

+.br 

+Default: disabled.

+.TP 

+\fBLogSyslog\fR

+Use system logger (can work together with LogFile).

+.br 

+Default: disabled.

+.TP 

+\fBLogVerbose\fR

+Enable verbose logging.

+.br 

+Default: disabled.

+.TP 

+\fBPidFile STRING\fR

+Save a process identifier of a listening daemon (main thread) to a specified file.

+.br 

+Default: disabled.

+.TP 

+\fBDatabaseDirectory STRING\fR

+Path to a directory containing database files.

+.br 

+Default: hardcoded directory.

+.TP 

+\fBLocalSocket STRING\fR

+Path to a local (Unix) socket the daemon will listen on.

+.br 

+Default: disabled.

+.TP 

+\fBFixStaleSocket\fR

+Remove stale socket after unclean shutdown.

+.br 

+Default: disabled.

+.TP 

+\fBTCPSocket NUMBER\fR

+TCP port number the daemon will listen on.

+.br 

+Default: disabled.

+.TP 

+\fBTCPAddr STRING\fR

+TCP address to bind to. By default clamd binds to INADDR_ANY.

+.br 

+Default: disabled.

+.TP 

+\fBMaxConnectionQueueLength NUMBER\fR

+Maximum length the queue of pending connections may grow to.

+.br 

+Default: 15

+.TP 

+\fBMaxThreads NUMBER\fR

+Maximal number of threads running at the same time.

+.br 

+Default: 5.

+.TP 

+\fBThreadTimeout NUMBER\fR

+Stop thread\-scanner after specified time (in seconds). Value of 0 disables the timeout.

+.br 

+Default: 180

+.TP 

+\fBMaxDirectoryRecursion NUMBER\fR

+Maximal depth a directories are scanned at.

+.br 

+Default: disabled.

+.TP 

+\fBFollowDirectorySymlinks\fR

+Follow a directory symlinks. You should have enabled directory recursion limit to avoid a potential problems.

+.br 

+Default: disabled.

+.TP 

+\fBFollowFileSymlinks\fR

+Follow regular file symlinks.

+.br 

+Default: disabled.

+.TP 

+\fBSelfCheck NUMBER\fR

+Do internal checks every NUMBER seconds.

+.br 

+Default: 3600

+.TP 

+\fBVirusEvent COMMAND\fR

+Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.

+\fR

+.br 

+Default: disabled.

+.TP 

+\fBUser STRING\fR

+Drop priviledges to a selected user.

+.br 

+Default: disabled.

+.TP 

+\fBAllowSupplementaryGroups\fR

+When started by root and the User option is activated, it will initialize all the groups from /etc/group for which user is a member.

+.br 

+Default: disabled.

+.TP 

+\fBForeground\fR

+Don't fork into background. Useful in debugging.

+.br 

+Default: disabled.

+.TP 

+\fBDebug\fR

+Enable debug messages from libclamav. You need to enable the \fBForeground\fR option to see them.

+.TP 

+\fBStreamSaveToDisk\fR

+When activated the input stream (see STREAM command) will be saved to disk before scanning \- this allows scanning within archives.

+.br 

+Default: disabled.

+.TP 

+\fBStreamMaxLength SIZE\fR

+Close the connection when this limit is exceeded.

+.br 

+Default: disabled.

+.TP 

+\fBScanPE\fR

+PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.

+.br 

+Default: enabled.

+.TP 

+\fBDetectBrokenExecutables\fR

+With this option clamav will try to detect broken executables and mark them as Broken.Executable.

+.br 

+Default: disabled.

+.TP 

+\fBScanOLE2\fR

+Enables scanning of Microsoft Office document macros.

+.br 

+Default: enabled.

+.TP 

+\fBScanHTML\fR

+Enables HTML detection and normalisation.

+.br 

+Default: enabled.

+.TP 

+\fBScanMail\fR

+Enable scanning of mail files.

+.br 

+Default: enabled.

+.TP 

+\fBMailFollowURLs\fR

+If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR

+.br 

+Default: disabled.

+.TP 

+\fBScanArchive\fR

+Enable archive scanning.

+.br 

+Default: disabled.

+.TP 

+\fBScanRAR\fR

+The built\-in RAR unpacker is disabled by default because the code leaks.

+.br 

+Default: disabled.

+.TP 

+\fBArchiveMaxFileSize SIZE\fR

+Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.

+.br 

+Default: 10M

+.TP 

+\fBArchiveMaxRecursion NUMBER\fR

+Limit archive recursion level. Value of 0 disables the limit.

+.br 

+Default: 5

+.TP 

+\fBArchiveMaxFiles NUMBER\fR

+Number of files to be scanned within archive. Value of 0 disables the limit.

+.br 

+Default: 1000

+.TP 

+\fBArchiveMaxCompressionRatio NUMBER\fR

+Analyze compression ratio and mark potential archive bombs as viruses (0 disables the limit).

+.br 

+Default: 200

+.TP 

+\fBArchiveLimitMemoryUsage\fR

+Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.

+.br 

+Default: disabled

+.TP 

+\fBArchiveBlockEncrypted\fR

+Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

+.br 

+Default: disabled

+.TP 

+\fBArchiveBlockMax\fR

+Mark archives as viruses if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached.

+.br 

+Default: disabled

+.TP 

+\fBClamukoScanOnLine\fR

+Enable Clamuko \- on\-access scanner for Linux. Dazuko must be already running.

+.br 

+Default: disabled.

+.TP 

+\fBClamukoScanOnOpen\fR

+Scan a file on open.

+.br 

+Default: disabled.

+.TP 

+\fBClamukoScanOnClose\fR

+Scan a file on close.

+.br 

+Default: disabled.

+.TP 

+\fBClamukoScanOnExec\fR

+Scan a file on execute.

+.br 

+Default: disabled.

+.TP 

+\fBClamukoIncludePath STRING\fR

+Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath options but each directory must be added with a seperate option.

+.br 

+Default: disabled. Required.

+.TP 

+\fBClamukoExcludePath\fR

+Set the exclude paths. All subdirectories are also excluded.

+.br 

+Default: disabled.

+.TP 

+\fBClamukoMaxFileSize SIZE\fR

+Don't scan files larger than SIZE.

+.br 

+Default: 5M

+.TP 

+\fBClamukoScanArchive\fR

+Enable archive scanning. It uses ArchiveMax* limits.

+.br 

+Default: disabled.

+.SH "FILES"

+.LP 

+@CFGDIR@/clamd.conf

+.SH "AUTHOR"

+.LP 

+Tomasz Kojm <tkojm@clamav.net>

+.SH "SEE ALSO"

+.LP 

+clamd(8), clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamav\-milter(8)

new file mode 100644

@@ -0,0 +1,114 @@

+.\" Manual page created by Tomasz Kojm, 20020415

+.TH "freshclam" "1" "September 1, 2004" "Tomasz Kojm" "Clam AntiVirus"

+.SH "NAME"

+.LP 

+freshclam \- update virus databases

+.SH "SYNOPSIS"

+.LP 

+freshclam [options]

+.SH "DESCRIPTION"

+.LP 

+freshclam updates the virus database. It's a part of the Clam AntiVirus package. It requires an Internet connection.

+.SH "OPTIONS"

+.LP 

+Freshclam reads its configuration from freshclam.conf. The settings can be overwritten with command line options.

+.TP 

+\fB\-h, \-\-help\fR

+Output help information and exit.

+.TP 

+\fB\-V, \-\-version\fR

+Print version number and exit.

+.TP 

+\fB\-v, \-\-verbose\fR

+Be verbose. This option causes freshclam to print many additional informations.

+.TP 

+\fB\-\-quiet\fR

+Be quiet \- output only error messages.

+.TP 

+\fB\-\-stdout\fR

+Write all messages to the standard output (stdout), instead of the standard error output (stderr).

+.TP 

+\fB\-l FILE, \-\-log=FILE\fR

+Save download report in FILE.

+.TP 

+\fB\-\-datadir=DIRECTORY\fR

+Install new database in DIRECTORY. The directory must be writeable for the 'clamav' user or unprivileged user running freshclam.

+.TP 

+\fB\-u USER, \-\-user USER\fR

+Run as USER. By default (when started by root) freshclam drops privileges and works as the 'clamav' user.

+.TP 

+\fB\-d, \-\-daemon\fR

+Run in a daemon mode. This option requires \-\-checks.

+.TP 

+\fB\-p FILE, \-\-pid=FILE\fR

+Save daemon's pid in FILE.

+.TP 

+\fB\-\-no\-dns\fR

+This option forces old non\-DNS verification method (without a TTL delay).

+.TP 

+\fB\-c #n, \-\-checks=#n\fR

+Check #n times per day for a new database. #n must be between 1 and 50.

+.TP 

+\fB\-\-daemon\-notify=/path/to/clamd.conf\fR

+Notify the daemon about the new database. By default it reads a hardcoded config file but you can use an another one. Both local and TCP sockets are supported.

+.TP 

+\fB\-\-on\-error\-execute=COMMAND\fR

+Execute COMMAND if error occured. Remeber, that virus database freshness is the most important thing in anti\-virus system. With this option freshclam can alert you (eg. send SMS) when something is going wrong.

+.TP 

+\fB\-\-on\-update\-execute=COMMAND\fR

+Execute COMMAND after succesful update.

+.SH "EXAMPLES"

+.LP 

+.TP 

+(0) Download database to default directory:

+

+\fBfreshclam\fR

+.TP 

+(1) Download database to current directory:

+

+\fBfreshclam \-\-datadir=.\fR

+.TP 

+(2) Run as a daemon and check 2 times per day for new database:

+

+\fBfreshclam \-d \-c 2\fR

+.SH "RETURN CODES"

+0 : Database succesfully updated.

+.TP 

+1 : Database is up\-to\-date.

+.TP 

+40: Unknown option passed.

+.TP 

+50: Can't change directory.

+.TP 

+51: Can't check MD5 sum.

+.TP 

+52: Connection (network) problem.

+.TP 

+53: Can't unlink a file.

+.TP 

+54: MD5 or digital signature verification error.

+.TP 

+55: Error reading file.

+.TP 

+56: Config file error.

+.TP 

+57: Can't create a new file.

+.TP 

+58: Can't read database from remote server.

+.TP 

+59: Mirrors are not fully synchronized (try again later).

+.TP 

+60: Can't get information about clamav user from /etc/passwd.

+.TP 

+61: Can't drop privileges.

+.SH "FILES"

+.LP 

+@CFGDIR@/freshclam.conf

+.SH "CREDITS"

+Please check the full documentation for credits.

+.SH "AUTHOR"

+.LP 

+Tomasz Kojm <tkojm@clamav.net>

+.SH "SEE ALSO"

+.LP 

+clamd(8), clamdscan(1), clamscan(1), sigtool(1), clamd.conf(5)

new file mode 100644

@@ -0,0 +1,92 @@

+.\" Manual page created by Magnus Ekdahl and Thomas Lamy

+.TH "freshclam.conf" "5" "September 2, 2004" "Thomas Lamy" "Clam AntiVirus"

+.SH "NAME"

+.LP 

+\fBfreshclam.conf\fR \- Configuration file for Clam AntiVirus Database Updater

+.SH "DESCRIPTION"

+.LP 

+The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1).

+.SH "FILE FORMAT"

+The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options are are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:

+.TP 

+\fBSTRING\fR

+String without blank characters.

+.TP 

+\fBSIZE\fR

+Size in bytes. You can use a 'M' or 'm' modifiers for megabytes and a 'K' or 'k' for kilobytes.

+.TP 

+\fBNUMBER\fR

+Unsigned integer.

+.SH "DIRECTIVES"

+.LP 

+When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action.

+.TP 

+\fBExample\fR

+If this option is set clamd will not run.

+.TP 

+\fBDatabaseOwner STRING\fR

+When started by root, drop privileges to a specified user. Default is \"clamav\".

+.TP 

+\fBDatabaseDirectory STRING\fR

+Path to a directory containing database files.

+.br 

+Default: hardcoded directory

+.TP 

+\fBChecks NUM\fR

+Number of database checks per day. 12 is the recommended number.

+.TP 

+\fBUpdateLogFile STRING\fR

+Enable logging to a specified file. Highly recommended.

+.br 

+Default: disabled.

+.TP 

+\fBLogSyslog\fR

+Enable logging to Syslog.  May be used in combination with UpdateLogFile

+.br 

+Default: disabled.

+.TP 

+\fBLogVerbose\fR

+Enable verbose logging.

+.TP 

+\fBDatabaseMirror STRING\fR

+Server name where database updates are downloaded from. The default is database.clamav.net, which points to all official mirrors.

+.br .

+If this option is given multiple times, freshclam(1) tries them in the order given if one download fails.

+.br 

+There is no default, which results in an error when running freshclam(1).

+.TP 

+\fBMaxAttempts NUM\fR

+Freshclam(1) tries every mirror this number of times before switching to the next mirror.

+.br .

+Default is to try once per mirror.

+.TP 

+\fBHTTPProxyServer STR\fR, \fBHTTPProxyPort NUM\fR

+Use given proxy server and TCP port for database downloads.

+.TP 

+\fBHTTPProxyUsername STR\fR,\fBHTTPProxyPassword STR\fR

+Proxy usage is authenticated through given username and password.

+.br .

+Default: no proxy authentication

+.TP 

+\fBNotifyClamd \[STRING\]\fR

+Notify a running clamd(8) to reload it\'s database after a download has occured. Optionally a clamd.conf(5) file location may be given to tell freshclam(1) how to communicate with clamd(8).

+.br .

+The default is to not notify clamd. See clamd.conf(5)\'s option SelfCheck for how clamd(8) handles database updates in this case.

+.TP 

+\fBOnUpdateExecute STRING\fR

+Execute this command after the database has been successfully updated.

+.TP 

+\fBOnErrorExecute\fR

+Execute this command after a database update has failed.

+.SH "NOTE"

+While not reasonable, any configuration option from clamd.conf(5) may be given.

+.SH "FILES"

+.LP 

+@CFGDIR@/freshclam.conf

+.SH "AUTHOR"

+.LP 

+Thomas Lamy <thomas.lamy@netwake.de>

+.SH "SEE ALSO"

+.LP 

+freshclam(1), clamd.conf(5), clamd(8), clamscan(1)

+