FRISK Software International

NAME

fpscand - F-PROT Antivirus for UNIX Daemon Scanner

 

SYNOPSIS

fpscand [-options]

 

DESCRIPTION

fpscand is a daemon that binds itself to a port and waits for scan requests to be submitted to that port. When a scan request is sent, the daemon scans the file or stream and returns the result string to the client.

If no commandline argument is given, fpscand will assume the virus signature files are in the same directory as the executable. By default fpscand scans all files, including inside archives, and runs in the background.

 

DETAILED DESCRIPTION

The Daemon Scanner binds itself by default to a port 10200 on the loopback address. To request that the daemon scans a file or stream a connection must be made to the port and then, subsequently, the scan requests are submitted.

The scan request is of the form:

SCAN [OPTIONS] FILE </path/to/file>

or

SCAN [OPTIONS] STREAM <nameofstream> SIZE <n>
<stream of n bytes>

(Note that the SIZE <n> must be followed by a newline symbol before the stream is fed in.)

or

QUEUE followed by scan requests to queue. The queue is then started by giving an empty SCAN request and the result strings follow, not necessarily in the same order as the SCAN requests were given.

The results string is of the form
n <descriptive text> /path/to/scanned/object
where n is the summary code (see below) for the scan result.

By default the daemon forks, detaches from the tty and runs as a daemon. This can be avoided by using the '--foreground' startup option (see below).

 

STARTUP OPTIONS

-f, --foreground
Causes the Daemon Scanner to run in the foreground. The default behavior is to detach from the tty and run as a daemon.
-d, --defpath </path/to/deffile>
Instructs the Daemon Scanner to look for antivir.def inside the specified directory instead of the default location, which is the directory the binary is located in.
-a, --address <inet_address:port>
Instructs the Daemon Scanner to listen for scanning requests on the specified addres:port instead of the default (127.0.0.1:10200).
--logfile </path/to/logfile>
Instructs the daemon to use the specified logfile instead of the default of the log facility being used.
-h, --help
Displays commandline usage and quits.

 

SCANNING OPTIONS

--scanlevel=n
Instructs the daemon which scanlevel to use:
0 => Disable regular scanning (only heuristics).
1 => Skip suspicious data files. Not recommended if filename is unavailable.
2 => (Default) Unknown and/or wrong extensions will be emulated.
3 => Unknown binaries emulated.
4 => For scanning virus collections, no limits for emulation.
--heurlevel=n
Where 0 <= n <= 4, default 2

How aggressive heuristic should be used. Higher levels means more heuristic tests are done which increases both detection rates AND risk of false positives.

--archive=n
Scan inside supported archives n levels deep, the supported range is between 1 and 99, the default is 5.

Supported archives are .zip, .cab, .tar, .gz, .lzh and .arj files. Currently F-PROT Antivirus does not support disinfection or removal of infected files within archives. Unix mailboxes are considered to be archives and therefore F-PROT Antivirus is not able to remove infected attachments from mailboxes.

--adware
Instructs the daemon to flag adware.
--applications
Instructs the daemon to flag potentially unwanted applications.
--disinfect
Disinfect whenever possible. F-PROT Antivirus does not support disinfection of infected objects located in archives.
--macros_safe
Remove all macros from infected documents.
--macros_new
Remove all macros from document when new variant is found.
--stripallmacros
Remove all macros from document.

 

LICENSING

For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.

 

CONTACT INFORMATION

Please direct any feedback to: http://www.f-prot.com/support/contact_support.html

Updates will be advertised on: http://www.f-prot.com/

 

SEE ALSO

fpscan(1)
fp.so(8)
fpmon(8)
f-prot.conf(5)
scan-mail.pl(8)

 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.