fpscan - F-PROT Antivirus for UNIX, Command-Line Scanner
fpscan [options] [file or directory]
is a tool for scanning individual files or directory trees for viruses.
The options selected determine which methods are used for scanning.
By default fpscan scans all files, including inside archives, and reports to STDOUT.
By default fpscan prompts for file disinfection when infected files are found.
Follow symbolic links. Symlinks, when specified as paths on
the command line are always followed, regardless of this option.
For each path given, stay on that filesystem.
Descend at most n levels of directories below a given scanpath
(default 30 levels).
-s n, --scanlevel=n (0 <= n <= 4)
0 => Disable regular scanning (only heuristics).
1 => Skip suspicious data files. Not recommended if filename is unavailable.
2 => (Default) Unknown and/or wrong extensions will be emulated.
3 => Unknown binaries emulated.
4 => For scanning virus collections, no limits for emulation.
-u n, --heurlevel=n (0 <= n <= 4, default 2)
How aggressive heuristic should be used. Higher levels means
more heuristic tests are done which increases both detection rates
AND risk of false positives.
-z n, --archive=n (0 <= n <= 99, default 5 levels)
How deep to scan inside nested archives.
Scan for and report/act on adware in addition to viruses and worms.
Scan for and report/act on applications that may constitute security
risks. This includes remote access tools which users should regard as
malware if installed without their knowledge or consent. The same
program could be a perfectly valid and useful tools for another person,
so the definition of what should be considered malware in this category
must come from the user.
-v n, --verbose=n (0 <= n <= 2)
0 => Report infections only
1 => (Default) Report infections and scan errors
2 => Report all files as they are processed, as well as all warnings and errors.
Use a specific virus signature file (antivir.def).
Refer to the file using its full path name.
By default the virus signature file is loaded from the same directory
as the command-line scanner binary.
-o FILE, --output=FILE
Send output to FILE instead of stdout.
-e LIST, --exclude=LIST
Do not scan files and directories that match entries in LIST.
LIST should be a comma separated list of paths.
The '*' character may be used as a wildcard. If entry ends with
a path separator ('/' on Unix, '' on Windows), any directory that
matches the entry will be skipped entirely.
--exclude=/tmp/ => skips /tmp and any and all files therein.
--exclude=/tmp/* => does the same thing, but is less efficient.
--exclude=*/tmp/ => skips all folders named 'tmp'.
--exclude=*.dat => skips all files ending in .dat.
--exclude=/boot/initrd,/tmp/ => skips the specific file /boot/initrd and the directory /tmp/.
Please note that most Unix shells treat '*' as a special character
so it must be escaped with a backslash ('\') or surrounded by
quotation marks to be passed on to the program.
The default behavior is to ask if disinfection should be attempted for each infected file encountered.
Automatically disinfect files if possible.
Only report infections. Do not disinfect.
EXTRA MACRO DISINFECTION OPTIONS
Default is to remove only known malware macros.
Remove all macros from infected documents.
Remove all macros from document when new variant is found.
Remove all macros from all documents.
HELP AND INFORMATION OPTIONS
Print version numbers and exit.
Print statistics about malware from definition file and exit.
List known malware and exit.
Print the help text.
The exit code of
is a one byte decimal (0-255) where each bit corresponds to a certain event that can happen
during scanning. Exit code 0 indicates that nothing unusual happened and no viruses or
suspicious files were found.
Individually each bit stands for the following (decimal value in brackets):
bit 1 (1) ==> At least one virus-infected object was found (and remains).
bit 2 (2) ==> At least one suspicious (heuristic match) object was found (and remains).
bit 3 (4) ==> Interrupted by user (SIGINT, SIGBREAK).
bit 4 (8) ==> Scan restriction caused scan to skip files (maxdepth directories, maxdepth archives, exclusion list, etc).
bit 5 (16) ==> Platform error (out of memory, real I/O errors, insufficient file permission etc.)
bit 6 (32) ==> Internal engine error (whatever the engine fails at)
bit 7 (64) ==> At least one object was not scanned (encrypted file, unsupported/unknown compression method, corrupted or invalid
bit 8 (128) ==> At least one object was disinfected (clean now).
The following decimal values are special cases:
20 (bits 3 and 5) is also used for initilization error, i.e. every failure that occurs before any scanning starts.
48 (bits 5 and 6) is also used for catchable program crashes.
A full list of all possible exitcodes can be found in the html help pages (section 7.3) as well as in the installation folder
For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.
Please direct any feedback to:
Updates will be advertised on: http://www.f-prot.com/