|
...
|
...
|
@@ -10,7 +10,8 @@ clamd [options]
|
|
10
|
10
|
The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
|
|
11
|
11
|
.SH "COMMANDS"
|
|
12
|
12
|
.LP
|
|
13
|
|
-It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a newline is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
|
|
|
13
|
+It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
|
|
|
14
|
+If clamd doesn't recognize the command, or the command doesn't follow the requirements specified below, it will reply with an error message, and close the connection.
|
|
14
|
15
|
.LP
|
|
15
|
16
|
Clamd recognizes the following commands:
|
|
16
|
17
|
|
|
...
|
...
|
@@ -37,23 +38,47 @@ Scan file or directory (recursively) with archive support enabled and don't stop
|
|
37
|
37
|
Scan file in a standard way or scan directory (recursively) using multiple threads (to make the scanning faster on SMP machines).
|
|
38
|
38
|
.TP
|
|
39
|
39
|
\fBINSTREAM\fR
|
|
|
40
|
+It is mandatory to prefix this command with \fBn\fR or \fBz\fR.
|
|
|
41
|
+
|
|
40
|
42
|
Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent.
|
|
41
|
|
-This avoids the overhead of establishing new TCP connections and problems with NAT. The format of the chunk is: '<lenght><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf.
|
|
|
43
|
+This avoids the overhead of establishing new TCP connections and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with \fBINSTREAM size limit exceeded\fR and close the connection.
|
|
42
|
44
|
.TP
|
|
43
|
45
|
\fBFILDES\fR
|
|
44
|
|
-Scan a file descriptor. After issuing a FILDES command a subsequent rfc2292/bsd4.4 style packet is sent to clamd carrying the file descriptor to be scanned inside the ancillary data.
|
|
|
46
|
+It is mandatory to newline terminate this command, or prefix with \fBn\fR or \fBz\fR.
|
|
|
47
|
+
|
|
|
48
|
+This command only works on UNIX domain sockets.
|
|
|
49
|
+Scan a file descriptor. After issuing a FILDES command a subsequent rfc2292/bsd4.4 style packet (with at least one dummy character) is sent to clamd carrying the file descriptor to be scanned inside the ancillary data.
|
|
|
50
|
+Alternatively the file descriptor may be sent in the same packet, including the extra character.
|
|
|
51
|
+.TP
|
|
|
52
|
+\fBSTATS\fR
|
|
|
53
|
+IIt is mandatory to newline terminate this command, or prefix with \fBn\fR or \fBz\fR, it is recommended to only use the \fBz\fR prefix.
|
|
|
54
|
+
|
|
|
55
|
+Replies with statistics about the scan queue, contents of scan queue, and memory
|
|
|
56
|
+usage. The exact reply format is subject to change in future releases.
|
|
45
|
57
|
.TP
|
|
46
|
58
|
\fBIDSESSION, END\fR
|
|
47
|
|
-Start/end a clamd session. Within a session multiple SCAN, INSTREAM, FILDES commands can be sent on the same socket without opening new connections. Replies from clamd will be in the form '<id>:<response>' where <id> is the request number (in ascii, starting from 1) and <response> is the usual clamd reply.
|
|
|
59
|
+It is mandatory to prefix this command with \fBn\fR or \fBz\fR, and all commands inside IDSESSION must be prefixed.
|
|
|
60
|
+
|
|
|
61
|
+Start/end a clamd session. Within a session multiple SCAN, INSTREAM, FILDES, VERSION, STATS commands can be sent on the same socket without opening new connections. Replies from clamd will be in the form '<id>: <response>' where <id> is the request number (in ascii, starting from 1) and <response> is the usual clamd reply.
|
|
|
62
|
+The reply lines have same delimiter as the corresponding command had.
|
|
|
63
|
+Clamd will process the commands asynchronously, and reply as soon as it has finished processing.
|
|
|
64
|
+
|
|
|
65
|
+Clamd requires clients to read all the replies it sent, before sending more commands to prevent send() deadlocks. The recommended way to implement a client that uses IDSESSION is with non-blocking sockets, and a select()/poll() loop: whenever send would block, sleep in select/poll until either you can write more data, or read more replies.
|
|
|
66
|
+\fINote that using non-blocking sockets without the select/poll loop and alternating recv()/send() doesn't comply with clamd's requirements.\fR
|
|
|
67
|
+
|
|
|
68
|
+If clamd detects that a client has deadlocked, it will close the connection. Note that clamd may close an IDSESSION connection too if you don't follow the protocol's requirements.
|
|
48
|
69
|
.LP
|
|
49
|
70
|
.TP
|
|
50
|
71
|
\fBDEPRECATED COMMANDS\fR
|
|
51
|
72
|
.TP
|
|
52
|
73
|
\fBSTREAM\fR
|
|
53
|
74
|
Scan stream \- on this command clamd will return "PORT number" you should connect to and send data to scan. (\fBDEPRECATED\fR, use INSTREAM instead)
|
|
|
75
|
+.LP
|
|
|
76
|
+.TP
|
|
|
77
|
+\fBNOT SUPPORTED COMMANDS\fR
|
|
54
|
78
|
.TP
|
|
55
|
79
|
\fBSESSION, END\fR
|
|
56
|
|
-Start/end a clamd session which will allow you to run multiple commands per TCP session. (\fBDEPRECATED\fR, use IDSESSION instead)
|
|
|
80
|
+Start/end a clamd session which will allow you to run multiple commands per TCP session. (use IDSESSION instead)
|
|
57
|
81
|
.SH "OPTIONS"
|
|
58
|
82
|
.LP
|
|
59
|
83
|
|
