FRISK Software International

NAME

f-prot - F-Prot Antivirus for UNIX, Command-Line Scanner  

SYNTAX

f-prot [options] [file or directory]  

DESCRIPTION

f-prot is a tool for scanning individual files or directory trees for viruses. The options selected determine which methods are used for scanning. By default f-prot scans all files, including inside archives, and reports to STDOUT. F-prot only lists files which are found to be infected.

NB! When using a Command-Line Scanner, nothing is done to viruses when you run f-prot unless you include the -delete or -disinf options during a scan.  

REPORTING OPTIONS

By default f-prot reports to STDOUT, and only lists files which have been found to be infected.
-append
Append to existing report file.
-help
Displays short summary of available options for F-Prot Antivirus.
-list
Show a list of all files which have been checked.
-nobreak
Do not abort scan if ESC is pressed.
-old
Do not give a warning message when using outdated DEF files.
-page
Only show one screen output at a time.
-report=<report_name>
Save output to the <report_name> file.
-silent
Do not generate any screen output. This can be useful in the case of running f-prot in a cron job and using the -report option.
-wrap
Wrap text output so it fits in 78 columns. This also applies to the file used with the -report option.
 

SCANNING OPTIONS

By default f-prot scans all files, including inside archives.
-ai
Enable neural-network virus detection. The -ai option should not be used with the -noheur option.
-archive=n [default is 5]
Scan inside supported archives n levels deep, the supported range is between 1 and 99. The older form '-archive' is supported for compatibility reasons, in which case n is set to 5. Supported archives are .zip, .cab, .tar, .gz, .lzh and .arj files. Currently F-Prot Antivirus does not support disinfection or removal of infected files within archives. Unix mailboxes are considered to be archives and therefore F-Prot Antivirus is not able to remove infected attachments from mailboxes.
-server [default]
Attempts to identify infections within password protected archives. "-server" implies "-archive=5".
-noserver
Does not attempt to identify infections within password protected archives.
-auto
Automatically remove detected viruses. As noted above, this will not work on archived files.
-collect
Scan a virus collection. This option is intended for advanced users. When this option is used it will, e.g. scan for bootsector viruses within files, even though the virus resides within a file instead of a bootsector.
-delete
Delete infected files. User confirmation is required. However, the -auto option can be used to automatically confirm the action. F-Prot Antivirus does not support removal of infected objects located in archives. Also, the -delete option has no effect on office documents, since that could cause the loss of work.
-disinf
Disinfect whenever possible. User confirmation is required. However, the -auto option can be used to automatically confirm the action. F-Prot Antivirus does not support disinfection of infected objects located in archives.
-dumb [default]
Scans all files
-type
Scan files by content. By default f-prot scans all files. By using the -type option, you are instructing the scanner to limit the search to scanning by content.
-ext
Scan only files with default extensions. By default f-prot scans all files. By using the -ext option, you are instructing the scanner to limit the search to files with default extensions.
-follow
Follow symbolic links. This should be used with care, as the program does not detect "circular" directories, and may get stuck in an endless loop.
-noheur
Disable heuristic scanning. The -noheur option should not be used with the -ai option.
-nosub
Do not scan subdirectories.
-onlyheur
Only use heuristics, do not scan for known virus signatures. By using this option F-Prot Antivirus will only detect a fraction of infected files.
-packed [default]
Unpack compressed executables. There is no corresponding -nopacked option. This option is provided for legacy reasons.
-rename
Rename extensions of infected files to prevent them from being executed, e.g. renaming file.com to file.vom and file.exe to file.vxe. This will not prevent files from being executed on Unix since on the one hand .exe files and .com files from Windows are not executable on a Unix platform by default, and on the other hand file extensions are not used on Unix systems with regards to executability.
 

MACRO SCANNING OPTIONS

By default f-prot scans for macro's within known file-types.
-nomacro
Do not scan for macro viruses.
-onlymacro
Only scan for macro viruses.
-removeall
Remove all macros from all documents. When this option is used with -disinf or -delete all identified macros will be removed.
-removenew
Remove new variants of macro viruses by removing all macros from infected documents.
-saferemove
Remove all macros from documents, if a known virus is found.
 

INFORMATION OPTIONS

These information options are stand-alone, you can not combine them with other options. (The version information displayed by -verno are included in the beginning of every scan report by default).
-verno
Show version information.
-virlist
List viruses known to F-Prot Antivirus with the current virus signature files.
-virno
Give statistical information about viruses known to F-Prot Antivirus with the current virus signature files.
 

PROGRAM EXIT CODES

0
Normal exit. Nothing found, nothing done.
1
Unrecoverable error (e.g., missing virus signature files).
2
Self test failed (program has been modified).
3
At least one virus-infected object was found.
4
Reserved, not currently in use.
5
Abnormal termination (scanning did not finish).
6
At least one virus was removed.
7
Error, out of memory.
8
At least one suspicious object was found.
9
At least one object was not scanned (encrypted file, unsupported/unknown compression method, unsupported/unknown file format, corrupted or invalid file).
10
At lest one archive object was not scanned (contains more then N levels of nested archives, as specified with -archive switch).
 

LICENSING

For information about Licensing, see the LICENSE file that comes with F-Prot Antivirus.  

CONTACT INFORMATION

Please direct any feedback to:

http://www.f-prot.com/support/contact_support.html

Updates will be advertised on: http://www.f-prot.com/  

BUGS

We have received a request for the ability to scan stdin. This is actually rather difficult, as the engine design requires that the size of any scan able object is known before starting a scan.  

SEE ALSO

f-prot.conf(5)
f-prot.so(8)
f-protd(8)

 
Frequently Asked Questions by platform
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Helpfiles
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Life cyle policy
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
more...
Glossary of Terms
Definitions of common antivirus terminology.
more...