Hi Sean,
hope this help:
*$ clamscan --help*
Clam AntiVirus: Scanner 1.4.3
By The ClamAV Team: https://www.clamav.net/about.html#credits
(C) 2024 Cisco Systems, Inc.
clamscan [options] [file/directory/-]
--help -h Show this help
--version -V Print version number
--verbose -v Be verbose
--archive-verbose -a Show filenames inside scanned archives
--debug Enable libclamav's debug messages
--quiet Only output error messages
--stdout Write to stdout instead of stderr.
Does not affect 'debug' messages.
--no-summary Disable summary at end of scanning
--infected -i Only print infected files
--suppress-ok-results -o Skip printing OK files
--bell Sound bell on virus detection
--tempdir=DIRECTORY Create temporary files in DIRECTORY
--leave-temps[=yes/no(*)] Do not remove temporary files
--force-to-disk[=yes/no(*)] Create temporary files for nested file
scans that would otherwise be in-memory only
--gen-json[=yes/no(*)] Generate JSON metadata for the scanned
file(s). For testing & development use ONLY.
JSON will be printed if --debug is
enabled.
A JSON file will dropped to the temp
directory if --leave-temps is enabled.
--database=FILE/DIR -d FILE/DIR Load virus database from FILE or load
all supported db files from DIR
--official-db-only[=yes/no(*)] Only load official signatures
--fail-if-cvd-older-than=days Return with a nonzero error code if
virus database outdated.
--log=FILE -l FILE Save scan report to FILE
--recursive[=yes/no(*)] -r Scan subdirectories recursively
--allmatch[=yes/no(*)] -z Continue scanning within file after
finding a match
--cross-fs[=yes(*)/no] Scan files and directories on other
filesystems
--follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never,
1 = direct, 2 = always)
--follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 =
direct, 2 = always)
--file-list=FILE -f FILE Scan files from FILE
--remove[=yes/no(*)] Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--exclude=REGEX Don't scan file names matching REGEX
--exclude-dir=REGEX Don't scan directories matching REGEX
--include=REGEX Only scan file names matching REGEX
--include-dir=REGEX Only scan directories matching REGEX
--bytecode[=yes(*)/no] Load bytecode from the database
--bytecode-unsigned[=yes/no(*)] Load unsigned bytecode
**Caution**: You should NEVER run
bytecode signatures from untrusted sources.
Doing so may result in arbitrary code
execution.
--bytecode-timeout=N Set bytecode timeout (in milliseconds)
--statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
--detect-structured[=yes/no(*)] Detect structured data (SSN, Credit
Card)
--structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)
--structured-ssn-count=N Min SSN count to generate a detect
--structured-cc-count=N Min CC count to generate a detect
--structured-cc-mode=X CC mode (0=credit debit and private
label, 1=credit cards only
--scan-mail[=yes(*)/no] Scan mail files
--phishing-sigs[=yes(*)/no] Enable email signature-based phishing
detection
--phishing-scan-urls[=yes(*)/no] Enable URL signature-based phishing
detection
--heuristic-alerts[=yes(*)/no] Heuristic alerts
--heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a
heuristic match is found
--normalize[=yes(*)/no] Normalize html, script, and text
files. Use normalize=no for yara compatibility
--scan-pe[=yes(*)/no] Scan PE files
--scan-elf[=yes(*)/no] Scan ELF files
--scan-ole2[=yes(*)/no] Scan OLE2 containers
--scan-pdf[=yes(*)/no] Scan PDF files
--scan-swf[=yes(*)/no] Scan SWF files
--scan-html[=yes(*)/no] Scan HTML files
--scan-xmldocs[=yes(*)/no] Scan xml-based document files
--scan-hwp3[=yes(*)/no] Scan HWP3 files
--scan-onenote[=yes(*)/no] Scan OneNote files
--scan-archive[=yes(*)/no] Scan archive files (supported by
libclamav)
--scan-image[=yes(*)/no] Scan image (graphics) files
--scan-image-fuzzy-hash[=yes(*)/no] Detect files by calculating image
(graphics) fuzzy hashes
--alert-broken[=yes/no(*)] Alert on broken executable files (PE &
ELF)
--alert-broken-media[=yes/no(*)] Alert on broken graphics files (JPEG,
TIFF, PNG, GIF)
--alert-encrypted[=yes/no(*)] Alert on encrypted archives and
documents
--alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives
--alert-encrypted-doc[=yes/no(*)] Alert on encrypted documents
--alert-macros[=yes/no(*)] Alert on OLE2 files containing VBA
macros
--alert-exceeds-max[=yes/no(*)] Alert on files that exceed max file
size, max scan size, or max recursion limit
--alert-phishing-ssl[=yes/no(*)] Alert on emails containing SSL
mismatches in URLs
--alert-phishing-cloak[=yes/no(*)] Alert on emails containing cloaked URLs
--alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files
containing partition intersections
--nocerts Disable authenticode certificate chain
verification in PE files
--dumpcerts Dump authenticode certificate chain in
PE files
--max-scantime=#n Scan time longer than this will be
skipped and assumed clean (milliseconds)
--max-filesize=#n Files larger than this will be skipped
and assumed clean
--max-scansize=#n The maximum amount of data to scan for
each container file (**)
--max-files=#n The maximum number of files to scan
for each container file (**)
--max-recursion=#n Maximum archive recursion level for
container file (**)
--max-dir-recursion=#n Maximum directory recursion level
--max-embeddedpe=#n Maximum size file to check for
embedded PE
--max-htmlnormalize=#n Maximum size of HTML file to normalize
--max-htmlnotags=#n Maximum size of normalized HTML file
to scan
--max-scriptnormalize=#n Maximum size of script file to
normalize
--max-ziptypercg=#n Maximum size zip to type reanalyze
--max-partitions=#n Maximum number of partitions in disk
image to be scanned
--max-iconspe=#n Maximum number of icons in PE file to
be scanned
--max-rechwp3=#n Maximum recursive calls to HWP3
parsing function
--pcre-match-limit=#n Maximum calls to the PCRE match
function.
--pcre-recmatch-limit=#n Maximum recursive calls to the PCRE
match function.
--pcre-max-filesize=#n Maximum size file to perform PCRE
subsig matching.
--disable-cache Disable caching and cache checks for
hash sums of scanned files.
Pass in - as the filename for stdin.
(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
files inside. The above options ensure safe processing of this kind of data.
*$ clamdscan --help*
Clam AntiVirus: Daemon Client 1.4.3
By The ClamAV Team: https://www.clamav.net/about.html#credits
(C) 2024 Cisco Systems, Inc.
clamdscan [options] [file/directory/-]
--help -h Show this help
--version -V Print version number and exit
--verbose -v Be verbose
--quiet Be quiet, only output error messages
--stdout Write to stdout instead of stderr. Does
not affect 'debug' messages.
(this help is always written to stdout)
--log=FILE -l FILE Save scan report in FILE
--file-list=FILE -f FILE Scan files from FILE
--ping -p A[:I] Ping clamd up to [A] times at optional
interval [I] until it responds.
--wait -w Wait up to 30 seconds for clamd to
start. Optionally use alongside --ping to set attempts [A] and interval [I] to
check clamd.
--remove Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--config-file=FILE -c Read configuration from FILE.
--allmatch -z Continue scanning within file after
finding a match.
--multiscan -m Force MULTISCAN mode
--infected -i Only print infected files
--no-summary Disable summary at end of scanning
--reload Request clamd to reload virus database
--fdpass Pass filedescriptor to clamd (useful if
clamd is running as a different user)
--stream Force streaming files to clamd (for
debugging and unit testing)
Marc
Von / From: Sean Curran Via Clamav-Users
<mailto:[email protected]>
An / To: Newcomer01 <mailto:[email protected]>
CC / CC: Sean Curran <mailto:[email protected]>
Gesendet / Sent: Montag, Oktober 06, 2025 um 15:11 (at 03:11 PM) +0200
Betreff / Subject: [clamav-users] Clamdscan recurses
Newbie Question,
I use the clamscan util to recursively scan a given filesystem.
Am I missing something about how to get clamdscan to recurse... Because I
cannot find a setting to get it to recurse even one dir level without hard
coding something like /myfs/*/* ... ?
It ignores the "-r" from clamscan.
I'd like to scan a multi-TB filesystem periodically and clamscan will take
forever, so looking at clamdscan possibly.
Thanks
Sean
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
