FRISK Software International


fpscan - F-PROT Antivirus for UNIX, Command-Line Scanner  


fpscan [options] [file or directory]  


fpscan is a tool for scanning individual files or directory trees for viruses. The options selected determine which methods are used for scanning. By default fpscan scans all files, including inside archives, and reports to STDOUT. By default fpscan prompts for file disinfection when infected files are found.  



-f, --follow

Follow symbolic links. Symlinks, when specified as paths on the command line are always followed, regardless of this option.  

-m, --mount

For each path given, stay on that filesystem.  


Descend at most n levels of directories below a given scanpath (default 30 levels).  

-s n, --scanlevel=n (0 <= n <= 4)

0 => Disable regular scanning (only heuristics).
1 => Skip suspicious data files. Not recommended if filename is unavailable.
2 => (Default) Unknown and/or wrong extensions will be emulated.
3 => Unknown binaries emulated.
4 => For scanning virus collections, no limits for emulation.  

-u n, --heurlevel=n (0 <= n <= 4, default 2)

How aggressive heuristic should be used. Higher levels means more heuristic tests are done which increases both detection rates AND risk of false positives.  

-z n, --archive=n (0 <= n <= 99, default 5 levels)

How deep to scan inside nested archives.  


Scan for and report/act on adware in addition to viruses and worms.  


Scan for and report/act on applications that may constitute security risks. This includes remote access tools which users should regard as malware if installed without their knowledge or consent. The same program could be a perfectly valid and useful tools for another person, so the definition of what should be considered malware in this category must come from the user.  

-v n, --verbose=n (0 <= n <= 2)

0 => Report infections only
1 => (Default) Report infections and scan errors
2 => Report all files as they are processed, as well as all warnings and errors.  


Use a specific virus signature file (antivir.def). Refer to the file using its full path name. By default the virus signature file is loaded from the same directory as the command-line scanner binary.  

-o FILE, --output=FILE

Send output to FILE instead of stdout.  

-e LIST, --exclude=LIST

Do not scan files and directories that match entries in LIST. LIST should be a comma separated list of paths. The '*' character may be used as a wildcard. If entry ends with a path separator ('/' on Unix, '' on Windows), any directory that matches the entry will be skipped entirely. Examples:
--exclude=/tmp/ => skips /tmp and any and all files therein.
--exclude=/tmp/* => does the same thing, but is less efficient.
--exclude=*/tmp/ => skips all folders named 'tmp'.
--exclude=*.dat => skips all files ending in .dat.
--exclude=/boot/initrd,/tmp/ => skips the specific file /boot/initrd and the directory /tmp/. Please note that most Unix shells treat '*' as a special character so it must be escaped with a backslash ('\') or surrounded by quotation marks to be passed on to the program.  


The default behavior is to ask if disinfection should be attempted for each infected file encountered.  


Automatically disinfect files if possible.  


Only report infections. Do not disinfect.  


Default is to remove only known malware macros.  


Remove all macros from infected documents.  


Remove all macros from document when new variant is found.  


Remove all macros from all documents.  




Print version numbers and exit.  


Print statistics about malware from definition file and exit.  


List known malware and exit.  

-h, --help

Print the help text.  


The exit code of fpscan is a one byte decimal (0-255) where each bit corresponds to a certain event that can happen during scanning. Exit code 0 indicates that nothing unusual happened and no viruses or suspicious files were found.

Individually each bit stands for the following (decimal value in brackets):

bit 1 (1) ==> At least one virus-infected object was found (and remains).
bit 2 (2) ==> At least one suspicious (heuristic match) object was found (and remains).
bit 3 (4) ==> Interrupted by user (SIGINT, SIGBREAK).
bit 4 (8) ==> Scan restriction caused scan to skip files (maxdepth directories, maxdepth archives, exclusion list, etc).
bit 5 (16) ==> Platform error (out of memory, real I/O errors, insufficient file permission etc.)
bit 6 (32) ==> Internal engine error (whatever the engine fails at)
bit 7 (64) ==> At least one object was not scanned (encrypted file, unsupported/unknown compression method, corrupted or invalid file).
bit 8 (128) ==> At least one object was disinfected (clean now).

The following decimal values are special cases:

20 (bits 3 and 5) is also used for initilization error, i.e. every failure that occurs before any scanning starts.
48 (bits 5 and 6) is also used for catchable program crashes.

A full list of all possible exitcodes can be found in the html help pages (section 7.3) as well as in the installation folder (exitcodes.txt).  


For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.  


Please direct any feedback to:

Updates will be advertised on:  



F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.