FRISK Software International

NAME

fpscan - F-PROT Antivirus for UNIX, Command-Line Scanner  

SYNTAX

fpscan [options] [file or directory]  

DESCRIPTION

fpscan is a tool for scanning individual files or directory trees for viruses. The options selected determine which methods are used for scanning. By default fpscan scans all files, including inside archives, and reports to STDOUT. By default fpscan prompts for file disinfection when infected files are found.  

OPTIONS

 

-f, --follow

Follow symbolic links. Symlinks, when specified as paths on the command line are always followed, regardless of this option.  

-m, --mount

For each path given, stay on that filesystem.  

--maxdepth=n

Descend at most n levels of directories below a given scanpath (default 30 levels).  

-s n, --scanlevel=n (0 <= n <= 4)

0 => Disable regular scanning (only heuristics).
1 => Skip suspicious data files. Not recommended if filename is unavailable.
2 => (Default) Unknown and/or wrong extensions will be emulated.
3 => Unknown binaries emulated.
4 => For scanning virus collections, no limits for emulation.  

-u n, --heurlevel=n (0 <= n <= 4, default 2)

How aggressive heuristic should be used. Higher levels means more heuristic tests are done which increases both detection rates AND risk of false positives.  

-z n, --archive=n (0 <= n <= 99, default 5 levels)

How deep to scan inside nested archives.  

--adware

Scan for and report/act on adware in addition to viruses and worms.  

--applications

Scan for and report/act on applications that may constitute security risks. This includes remote access tools which users should regard as malware if installed without their knowledge or consent. The same program could be a perfectly valid and useful tools for another person, so the definition of what should be considered malware in this category must come from the user.  

-v n, --verbose=n (0 <= n <= 2)

0 => Report infections only
1 => (Default) Report infections and scan errors
2 => Report all files as they are processed, as well as all warnings and errors.  

--signatures=FILE

Use a specific virus signature file (antivir.def). Refer to the file using its full path name. By default the virus signature file is loaded from the same directory as the command-line scanner binary.  

-o FILE, --output=FILE

Send output to FILE instead of stdout.  

-e LIST, --exclude=LIST

Do not scan files and directories that match entries in LIST. LIST should be a comma separated list of paths. The '*' character may be used as a wildcard. If entry ends with a path separator ('/' on Unix, '' on Windows), any directory that matches the entry will be skipped entirely. Examples:
--exclude=/tmp/ => skips /tmp and any and all files therein.
--exclude=/tmp/* => does the same thing, but is less efficient.
--exclude=*/tmp/ => skips all folders named 'tmp'.
--exclude=*.dat => skips all files ending in .dat.
--exclude=/boot/initrd,/tmp/ => skips the specific file /boot/initrd and the directory /tmp/. Please note that most Unix shells treat '*' as a special character so it must be escaped with a backslash ('\') or surrounded by quotation marks to be passed on to the program.  

DISINFECTION OPTIONS

The default behavior is to ask if disinfection should be attempted for each infected file encountered.  

--disinfect

Automatically disinfect files if possible.  

--report

Only report infections. Do not disinfect.  

EXTRA MACRO DISINFECTION OPTIONS

Default is to remove only known malware macros.  

--macros_safe

Remove all macros from infected documents.  

--macros_new

Remove all macros from document when new variant is found.  

--stripallmacros

Remove all macros from all documents.  

HELP AND INFORMATION OPTIONS

 

--version

Print version numbers and exit.  

--virno

Print statistics about malware from definition file and exit.  

--virlist

List known malware and exit.  

-h, --help

Print the help text.  

EXIT CODES

The exit code of fpscan is a one byte decimal (0-255) where each bit corresponds to a certain event that can happen during scanning. Exit code 0 indicates that nothing unusual happened and no viruses or suspicious files were found.

Individually each bit stands for the following (decimal value in brackets):

bit 1 (1) ==> At least one virus-infected object was found (and remains).
bit 2 (2) ==> At least one suspicious (heuristic match) object was found (and remains).
bit 3 (4) ==> Interrupted by user (SIGINT, SIGBREAK).
bit 4 (8) ==> Scan restriction caused scan to skip files (maxdepth directories, maxdepth archives, exclusion list, etc).
bit 5 (16) ==> Platform error (out of memory, real I/O errors, insufficient file permission etc.)
bit 6 (32) ==> Internal engine error (whatever the engine fails at)
bit 7 (64) ==> At least one object was not scanned (encrypted file, unsupported/unknown compression method, corrupted or invalid file).
bit 8 (128) ==> At least one object was disinfected (clean now).

The following decimal values are special cases:

20 (bits 3 and 5) is also used for initilization error, i.e. every failure that occurs before any scanning starts.
48 (bits 5 and 6) is also used for catchable program crashes.

A full list of all possible exitcodes can be found in the html help pages (section 7.3) as well as in the installation folder (exitcodes.txt).  

LICENSING

For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.  

CONTACT INFORMATION

Please direct any feedback to: http://www.f-prot.com/support/contact_support.html

Updates will be advertised on: http://www.f-prot.com/  

SEE ALSO

f-prot.conf(5)
fp.so(8)
fpscand(8)
fpmon(8)

 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.