fpscan(1)fpscan(1)NAMEfpscan - F-PROT Antivirus for UNIX, Command-Line Scanner
SYNTAXfpscan [options] [file or directory]
DESCRIPTIONfpscan is a tool for scanning individual files or directory trees for
viruses. The options selected determine which methods are used for
scanning. By default fpscan scans all files, including inside ar‐
chives, and reports to STDOUT. By default fpscan prompts for file dis‐
infection when infected files are found.
OPTIONS-f, --follow
Follow symbolic links. Symlinks, when specified as paths on the command
line are always followed, regardless of this option.
-m, --mount
For each path given, stay on that filesystem.
--maxdepth=n
Descend at most n levels of directories below a given scanpath (default
30 levels).
-s n, --scanlevel=n (0 <= n <= 4)
0 => Disable regular scanning (only heuristics).
1 => Skip suspicious data files. Not recommended if filename is
unavailable.
2 => (Default) Unknown and/or wrong extensions will be emulated.
3 => Unknown binaries emulated.
4 => For scanning virus collections, no limits for emulation.
-u n, --heurlevel=n (0 <= n <= 4, default 2)
How aggressive heuristic should be used. Higher levels means more
heuristic tests are done which increases both detection rates AND risk
of false positives.
-z n, --archive=n (0 <= n <= 99, default 5 levels)
How deep to scan inside nested archives.
--adware
Scan for and report/act on adware in addition to viruses and worms.
--applications
Scan for and report/act on applications that may constitute security
risks. This includes remote access tools which users should regard as
malware if installed without their knowledge or consent. The same pro‐
gram could be a perfectly valid and useful tools for another person, so
the definition of what should be considered malware in this category
must come from the user.
-v n, --verbose=n (0 <= n <= 2)
0 => Report infections only
1 => (Default) Report infections and scan errors
2 => Report all files as they are processed, as well as all warnings
and errors.
--signatures=FILE
Use a specific virus signature file (antivir.def). Refer to the file
using its full path name. By default the virus signature file is
loaded from the same directory as the command-line scanner binary.
-o FILE, --output=FILE
Send output to FILE instead of stdout.
-e LIST, --exclude=LIST
Do not scan files and directories that match entries in LIST. LIST
should be a comma separated list of paths. The '*' character may be
used as a wildcard. If entry ends with a path separator ('/' on Unix,
'´ on Windows), any directory that matches the entry will be skipped
entirely.
Examples:
--exclude=/tmp/ => skips /tmp and any and all files therein.
--exclude=/tmp/* => does the same thing, but is less efficient.
--exclude=*/tmp/ => skips all folders named 'tmp'.
--exclude=*.dat => skips all files ending in .dat.
--exclude=/boot/initrd,/tmp/ => skips the specific file /boot/initrd
and the directory /tmp/.
Please note that most Unix shells treat '*' as a special character so
it must be escaped with a backslash ('\') or surrounded by quotation
marks to be passed on to the program.
DISINFECTION OPTIONS
The default behavior is to ask if disinfection should be attempted for
each infected file encountered.
--disinfect
Automatically disinfect files if possible.
--report
Only report infections. Do not disinfect.
EXTRA MACRO DISINFECTION OPTIONS
Default is to remove only known malware macros.
--macros_safe
Remove all macros from infected documents.
--macros_new
Remove all macros from document when new variant is found.
--stripallmacros
Remove all macros from all documents.
HELP AND INFORMATION OPTIONS--version
Print version numbers and exit.
--virno
Print statistics about malware from definition file and exit.
--virlist
List known malware and exit.
-h, --help
Print the help text.
EXIT CODES
The exit code of fpscan is a one byte decimal (0-255) where each bit
corresponds to a certain event that can happen during scanning. Exit
code 0 indicates that nothing unusual happened and no viruses or suspi‐
cious files were found.
Individually each bit stands for the following (decimal value in brack‐
ets):
bit 1 (1) ==> At least one virus-infected object was found (and
remains).
bit 2 (2) ==> At least one suspicious (heuristic match) object was
found (and remains).
bit 3 (4) ==> Interrupted by user (SIGINT, SIGBREAK).
bit 4 (8) ==> Scan restriction caused scan to skip files (maxdepth
directories, maxdepth archives, exclusion list, etc).
bit 5 (16) ==> Platform error (out of memory, real I/O errors, insuf‐
ficient file permission etc.)
bit 6 (32) ==> Internal engine error (whatever the engine fails at)
bit 7 (64) ==> At least one object was not scanned (encrypted file,
unsupported/unknown compression method, corrupted or invalid file).
bit 8 (128) ==> At least one object was disinfected (clean now).
The following decimal values are special cases:
20 (bits 3 and 5) is also used for initilization error, i.e. every
failure that occurs before any scanning starts.
48 (bits 5 and 6) is also used for catchable program crashes.
A full list of all possible exitcodes can be found in the html help
pages (section 7.3) as well as in the installation folder (exit‐
codes.txt).
LICENSING
For information about licensing, see the LICENSE file that comes with
F-PROT Antivirus.
CONTACT INFORMATION
Please direct any feedback to: http://www.f-prot.com/support/con‐
tact_support.html
Updates will be advertised on: http://www.f-prot.com/
SEE ALSOf-prot.conf(5), fp.so(8), fpscand(8), fpmon(8)
2007 fpscan(1)
