clamscan --help
帮助原文:
--help -h Show this help --version -V Print version number --verbose -v Be verbose --archive-verbose -a Show filenames inside scanned archives --debug Enable libclamav's debug messages --quiet Only output error messages --stdout Write to stdout instead of stderr --no-summary Disable summary at end of scanning --infected -i Only print infected files --suppress-ok-results -o Skip printing OK files --bell Sound bell on virus detection --tempdir=DIRECTORY Create temporary files in DIRECTORY --leave-temps[=yes/no(*)] Do not remove temporary files --gen-json[=yes/no(*)] Generate JSON description of scanned file(s). JSON will be printed and also- dropped to the temp directory if --leave-temps is enabled. --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load all supported db files from DIR --official-db-only[=yes/no(*)] Only load official signatures --log=FILE -l FILE Save scan report to FILE --recursive[=yes/no(*)] -r Scan subdirectories recursively --allmatch[=yes/no(*)] -z Continue scanning within file after finding a match --cross-fs[=yes(*)/no] Scan files and directories on other filesystems --follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never, 1 = direct, 2 = always) --follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 = direct, 2 = always) --file-list=FILE -f FILE Scan files from FILE --remove[=yes/no(*)] Remove infected files. Be careful! --move=DIRECTORY Move infected files into DIRECTORY --copy=DIRECTORY Copy infected files into DIRECTORY --exclude=REGEX Don't scan file names matching REGEX --exclude-dir=REGEX Don't scan directories matching REGEX --include=REGEX Only scan file names matching REGEX --include-dir=REGEX Only scan directories matching REGEX --bytecode[=yes(*)/no] Load bytecode from the database --bytecode-unsigned[=yes/no(*)] Load unsigned bytecode --bytecode-timeout=N Set bytecode timeout (in milliseconds) --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications --exclude-pua=CAT Skip PUA sigs of category CAT --include-pua=CAT Load PUA sigs of category CAT --detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card) --structured-ssn-format=X SSN format (0=normal,1=stripped,2=both) --structured-ssn-count=N Min SSN count to generate a detect --structured-cc-count=N Min CC count to generate a detect --scan-mail[=yes(*)/no] Scan mail files --phishing-sigs[=yes(*)/no] Enable email signature-based phishing detection --phishing-scan-urls[=yes(*)/no] Enable URL signature-based phishing detection --heuristic-alerts[=yes(*)/no] Heuristic alerts --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found --normalize[=yes(*)/no] Normalize html, script, and text files. Use normalize=no for yara compatibility --scan-pe[=yes(*)/no] Scan PE files --scan-elf[=yes(*)/no] Scan ELF files --scan-ole2[=yes(*)/no] Scan OLE2 containers --scan-pdf[=yes(*)/no] Scan PDF files --scan-swf[=yes(*)/no] Scan SWF files --scan-html[=yes(*)/no] Scan HTML files --scan-xmldocs[=yes(*)/no] Scan xml-based document files --scan-hwp3[=yes(*)/no] Scan HWP3 files --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav) --alert-broken[=yes/no(*)] Alert on broken executable files (PE & ELF) --alert-encrypted[=yes/no(*)] Alert on encrypted archives and documents --alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives --alert-encrypted-doc[=yes/no(*)] Alert on encrypted documents --alert-macros[=yes/no(*)] Alert on OLE2 files containing VBA macros --alert-exceeds-max[=yes/no(*)] Alert on files that exceed max file size, max scan size, or max recursion limit --alert-phishing-ssl[=yes/no(*)] Alert on emails containing SSL mismatches in URLs --alert-phishing-cloak[=yes/no(*)] Alert on emails containing cloaked URLs --alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files containing partition intersections --nocerts Disable authenticode certificate chain verification in PE files --dumpcerts Dump authenticode certificate chain in PE files --max-scantime=#n Scan time longer than this will be skipped and assumed clean --max-filesize=#n Files larger than this will be skipped and assumed clean --max-scansize=#n The maximum amount of data to scan for each container file (**) --max-files=#n The maximum number of files to scan for each container file (**) --max-recursion=#n Maximum archive recursion level for container file (**) --max-dir-recursion=#n Maximum directory recursion level --max-embeddedpe=#n Maximum size file to check for embedded PE --max-htmlnormalize=#n Maximum size of HTML file to normalize --max-htmlnotags=#n Maximum size of normalized HTML file to scan --max-scriptnormalize=#n Maximum size of script file to normalize --max-ziptypercg=#n Maximum size zip to type reanalyze --max-partitions=#n Maximum number of partitions in disk image to be scanned --max-iconspe=#n Maximum number of icons in PE file to be scanned --max-rechwp3=#n Maximum recursive calls to HWP3 parsing function --pcre-match-limit=#n Maximum calls to the PCRE match function. --pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function. --pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching. --disable-cache Disable caching and cache checks for hash sums of scanned files.google翻译如下:
--help -h显示此帮助 --version -V打印版本号 --verbose -v详细 --archive-verbose -a在扫描的档案中显示文件名 --debug启用libclamav的调试消息 --quiet仅输出错误消息 --stdout写到stdout而不是stderr --no-summary在扫描结束时禁用摘要 --infected -i仅打印受感染的文件 --suppress-ok-results -o跳过打印OK文件 --bell病毒检测的声音 --tempdir =目录在目录中创建临时文件 --leave-temps [=是/否(*)]不要删除临时文件 --gen-json [=是/否(*)]生成扫描文件的JSON描述。 JSON将被打印,并且- 如果启用--leave-temps,则删除到temp目录。 --database = FILE / DIR -d FILE / DIR从FILE加载病毒数据库或从DIR加载所有受支持的db文件 --official-db-only [=是/否(*)]仅加载官方签名 --log = FILE -l FILE将扫描报告保存到FILE --recursive [=是/否(*)] -r递归扫描子目录 --allmatch [=是/否(*)] -z找到匹配项后继续在文件内扫描 --cross-fs [= yes(*)/ no]扫描其他文件系统上的文件和目录 --follow-dir-symlinks [= 0/1(*)/ 2]跟随目录符号链接(0 =永不,1 =直接,2 =始终) --follow-file-symlinks [= 0/1(*)/ 2]跟随文件符号链接(0 =从不,1 =直接,2 =始终) --file-list = FILE -f FILE从FILE扫描文件 --remove [=是/否(*)]删除受感染的文件。小心! --move =目录将受感染的文件移到目录中 --copy = DIRECTORY将受感染的文件复制到目录中 --exclude = REGEX不扫描与REGEX匹配的文件名 --exclude-dir = REGEX不扫描与REGEX匹配的目录 --include = REGEX仅扫描匹配REGEX的文件名 --include-dir = REGEX仅扫描与REGEX匹配的目录 --bytecode [=是(*)/ no]从数据库加载字节码 --bytecode-unsigned [=是/否(*)]加载未签名的字节码 --bytecode-timeout = N设置字节码超时(以毫秒为单位) --statistics [= none(*)/ bytecode / pcre]收集并打印执行统计信息 --detect-pua [=是/否(*)]检测可能有害的应用程序 --exclude-pua = CAT跳过类别CAT的PUA信号 --include-pua = CAT加载CAT类的PUA信号 --detect-structured [=是/否(*)]检测结构化数据(SSN,信用卡) --structured-ssn-format = X SSN格式(0 =正常,1 =剥离,2 =两者) --structured-ssn-count = N最小SSN计数以生成检测 --structured-cc-count = N最小CC计数以生成检测 --scan-mail [=是(*)/否]扫描邮件文件 --phishing-sigs [=是(*)/ no]启用基于电子邮件签名的网络钓鱼检测 --phishing-scan-urls [=是(*)/ no]启用基于URL签名的网络钓鱼检测 --heuristic-alerts [=是(*)/ no]启发式警报 --heuristic-scan-precedence [=是/否(*)]找到启发式匹配项后立即停止扫描 --normalize [=是(*)/ no]标准化html,脚本和文本文件。使用normalize = no获得yara兼容性 --scan-pe [=是(*)/否]扫描PE文件 --scan-elf [=是(*)/ no]扫描ELF文件 --scan-ole2 [=是(*)/否]扫描OLE2容器 --scan-pdf [=是(*)/否]扫描PDF文件 --scan-swf [=是(*)/否]扫描SWF文件 --scan-html [=是(*)/否]扫描HTML文件 --scan-xmldocs [=是(*)/否]扫描基于xml的文档文件 --scan-hwp3 [=是(*)/否]扫描HWP3文件 --scan-archive [= yes(*)/ no]扫描存档文件(libclamav支持) --alert-broken [=是/否(*)]警报损坏的可执行文件(PE和ELF) --alert-encrypted [=是/否(*)]关于加密档案和文档的警报 --alert-encrypted-archive [=是/否(*)]加密存档警报 --alert-encrypted-doc [=是/否(*)]加密文档警报 --alert-macros [=是/否(*)]包含VBA宏的OLE2文件警报 --alert-exceeds-max [= yes / no(*)]对超过最大文件大小,最大扫描大小或最大递归限制的文件发出警报 --alert-phishing-ssl [=是/否(*)]在URL中包含SSL不匹配的电子邮件时发出警报 --alert-phishing-cloak [=是/否(*)]对包含隐藏URL的电子邮件发出警报 --alert-partition-intersection [=是/否(*)]对包含分区交集的原始DMG图像文件发出警报 --nocerts禁用PE文件中的authenticode证书链验证 --dumpcerts在PE文件中转储Authenticode证书链 --max-scantime =#n扫描时间长于此时间且将被认为是干净的 --max-filesize =#n大于此大小的文件将被跳过并认为是干净的 --max-scansize =#n每个容器文件要扫描的最大数据量(**) --max-files =#n每个容器文件要扫描的最大文件数(**) --max-recursion =#n容器文件的最大归档递归级别(**) --max-dir-recursion =#n最大目录递归级别 --max-embeddedpe =#n检查嵌入式PE的最大大小文件 --max-htmlnormalize =#n要规范化的HTML文件的最大大小 --max-htmlnotags =#n要扫描的规范化HTML文件的最大大小 --max-scriptnormalize =#n要规范化的脚本文件的最大大小 --max-ziptypercg =#n键入的最大大小zip重新分析 --max-partitions =#n磁盘映像中要扫描的最大分区数 --max-iconspe =#n PE文件中要扫描的最大图标数 --max-rechwp3 =#n对HWP3解析函数的最大递归调用 --pcre-match-limit =#n对PCRE匹配函数的最大调用数。 --pcre-recmatch-limit =#n对PCRE匹配函数的最大递归调用。 --pcre-max-filesize =#n执行PCRE subsig匹配的最大文件大小。 --disable-cache禁用对扫描文件的哈希和进行缓存和缓存检查。
