FRISK Software International


fpscand - F-PROT Antivirus for UNIX Daemon Scanner



fpscand [-options]



fpscand is a daemon that binds itself to a port and waits for scan requests to be submitted to that port. When a scan request is sent, the daemon scans the file or stream and returns the result string to the client.

If no commandline argument is given, fpscand will assume the virus signature files are in the same directory as the executable. By default fpscand scans all files, including inside archives, and runs in the background.



The Daemon Scanner binds itself by default to a port 10200 on the loopback address. To request that the daemon scans a file or stream a connection must be made to the port and then, subsequently, the scan requests are submitted.

The scan request is of the form:

SCAN [OPTIONS] FILE </path/to/file>


SCAN [OPTIONS] STREAM <nameofstream> SIZE <n>
<stream of n bytes>

(Note that the SIZE <n> must be followed by a newline symbol before the stream is fed in.)


QUEUE followed by scan requests to queue. The queue is then started by giving an empty SCAN request and the result strings follow, not necessarily in the same order as the SCAN requests were given.

The results string is of the form
n <descriptive text> /path/to/scanned/object
where n is the summary code (see below) for the scan result.

By default the daemon forks, detaches from the tty and runs as a daemon. This can be avoided by using the '--foreground' startup option (see below).



-f, --foreground
Causes the Daemon Scanner to run in the foreground. The default behavior is to detach from the tty and run as a daemon.
-d, --defpath </path/to/deffile>
Instructs the Daemon Scanner to look for antivir.def inside the specified directory instead of the default location, which is the directory the binary is located in.
-a, --address <inet_address:port>
Instructs the Daemon Scanner to listen for scanning requests on the specified addres:port instead of the default (
--logfile </path/to/logfile>
Instructs the daemon to use the specified logfile instead of the default of the log facility being used.
-h, --help
Displays commandline usage and quits.



Instructs the daemon which scanlevel to use:
0 => Disable regular scanning (only heuristics).
1 => Skip suspicious data files. Not recommended if filename is unavailable.
2 => (Default) Unknown and/or wrong extensions will be emulated.
3 => Unknown binaries emulated.
4 => For scanning virus collections, no limits for emulation.
Where 0 <= n <= 4, default 2

How aggressive heuristic should be used. Higher levels means more heuristic tests are done which increases both detection rates AND risk of false positives.

Scan inside supported archives n levels deep, the supported range is between 1 and 99, the default is 5.

Supported archives are .zip, .cab, .tar, .gz, .lzh and .arj files. Currently F-PROT Antivirus does not support disinfection or removal of infected files within archives. Unix mailboxes are considered to be archives and therefore F-PROT Antivirus is not able to remove infected attachments from mailboxes.

Instructs the daemon to flag adware.
Instructs the daemon to flag potentially unwanted applications.
Disinfect whenever possible. F-PROT Antivirus does not support disinfection of infected objects located in archives.
Remove all macros from infected documents.
Remove all macros from document when new variant is found.
Remove all macros from document.



For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.



Please direct any feedback to:

Updates will be advertised on:




F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.