This Article Applies to:
- Avast Business Antivirus
Scan manual page
Scan is the basic command line scanner that comes with Avast for Linux. It searches the given PATH(s) for infected files and reports such files to the standard output. If no PATH is given, the scan paths are read from the standard input, line by line.
The scan tool is a client that connects to the Avast scan service; it cannot work separately without a running scan service.
The manual scan page format is:
scan [-s SOCKET] [-e PATH] [-abfipux] [PATH]...
scan [-s SOCKET] [-a] -U [URL]...
scan [-s SOCKET] -V
scan -h | -v
-h: Print short usage info and exit
-v: Print program version and exit
-V: Print the virus definitions (VPS) version and exit. The VPS version is retrieved from the scan service
-U: Check URLs. Checks whether an URL is malicious
- The URL is checked against a blacklist, so no network request to the given URL is done
-s SOCKET: Use SOCKET to connect to the scan service. The default scan socket path is
-e PATH: Exclude PATH from the scan. Use this option multiple times when more than one exclude path is required
-a: Print all scanned files/URLs, not just infected.
-b: Report decompression bombs as infections. When set, files suspected of being decompression bombs are reported as infected, not as errors.
-f: Scan full files. When set, the entire file contents are scanned, not just the relevant file parts.
- -i: Print verbose infection info. When set, verbose info about all infections found in the scanned file is printed.
-l LEVEL: Set heuristics level to LEVEL (0-100)
-p: Print archive content. When set, the files in an archive are listed separately, with the scan status for each shown
-u: Report potentially unwanted programs (PUP). When set, PUP files are reported as infected
-x: Do not extract archives. When set, compressed files are not extracted during scan
Every detected malicious file is reported on a separate line in the format:
- If all files are printed using the -a option, then the clean files have an "[OK]" string as the infection name and files that could not be scanned (insufficient permissions, corrupted archives, ...) have an "[ERROR]" string as the infection name.
- Files that were excluded from the scan using the -e option have an "[EXCLUDED]" string as the infection name.
If the -p option is set,
PATH contains the archive path delimited by a "|>".
It is the scan service that is accessing the files being scanned, not the scan utility itself. Therefore, the scan service must have access rights to the scanned files. Connections to the scan service may be restricted to clients with the same UID/GID if enabled in the scan service configuration.
- 0: if no infected files are found
- 1: if infected files are found
- 2: if an error occurred
Infected status takes precedence over error status, thus a scan where some file could not be scanned and some infection was found returns 1.
Other Articles In This Section: