Linux系统查毒软件ClamAV (在线安装)

ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

官网:http://www.clamav.net/

一、CentOS环境安装

# yum install -y epel-release
# yum install -y clamav

二、病毒库更新检查:freshclam

# freshclam
ClamAV update process started at Fri Sep 22 17:43:55 2017
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-23862.cdiff [100%]
daily.cld updated (version: 23862, sigs: 1743102, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 312, sigs: 74, f-level: 63, builder: neo)
Database updated (6309425 signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、帮助文档

# clamscan --help

                       Clam AntiVirus Scanner 0.99.2
           By The ClamAV Team: http://www.clamav.net/about.html#credits
           (C) 2007-2015 Cisco Systems, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav‘s debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don‘t scan file names matching REGEX
    --exclude-dir=REGEX                  Don‘t scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files
    --scan-hwp3[=yes(*)/no]              Scan HWP3 files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze
    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned
    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned
    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function
    --pcre-match-limit=#n                Maximum calls to the PCRE match function.
    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.
    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.
    --enable-stats                       Enable statistical reporting of malware
    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions
    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server
    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.
    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

四、病毒扫描:clamscan(递归扫描+扫描路径输出)

# clamscan -r /root/ --stdout
/root/.cshrc: OK
/root/.abrt/applet_dirlist: Empty file
/root/ossec-hids-2.8.3.tar.gz: OK
/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND
/root/.gconfd/saved_state: OK
/root/rootkit.exe: Empty file
/root/clam_log_170922.txt: OK
/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND
/root/.imsettings.log: OK
/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND
/root/chkrootkit-0.52/ifpromisc.c: OK
/root/chkrootkit-0.52/chkrootkit.lsm: OK
/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------
Known viruses: 6303718
Engine version: 0.99.2
Scanned directories: 342
Scanned files: 3927
Infected files: 23
Data scanned: 133.68 MB
Data read: 87.24 MB (ratio 1.53:1)
Time: 38.355 sec (0 m 38 s)
时间: 2025-01-08 02:40:07

Linux系统查毒软件ClamAV (在线安装)的相关文章

Linux系统Oracle 12cR2 RAC集群安装与维护管理(12.2)专题

风哥Linux系统Oracle 12cR2 RAC集群安装与维护管理(12.2)专题包括内容: Oracle数据库12cR2(项目实战之一):在Windows上安装Oracle12.2 Oracle数据库12cR2(项目实战之五):Oracle12.2 RAC集群实施与维护 Oracle数据库12cR2(项目实战之六):Oracle12.2 RAC集群管理之增删节点 Oracle数据库12cR2(项目实战之七):Oracle12.2 RAC集群管理之修改IP地址 视频学习地址:http://ed

Linux系统下定时任务软件种类

Linux系统下定时任务软件种类 严格的说,Linux系统下的定时任务软件真的不少,例如:at,crontab,anacron. at:适合仅执行一次就结束的调度任务命令,例如:某天晚上需要处理一个任务,仅仅是这一天的晚上,属于突发性的工作任务.要执行at命令,还需要启动一个名为atd的服务才行,在老男孩的工作中从来都不会有需求用这个.因此,建议大家不要深入研究了,到此我们讲解到此为止即可. [[email protected] study_20160420]# chkconfig --list

Linux 下安装ClamAV查毒软件

ClamAV查毒软件配置笔记 说明:只能查毒,杀毒也还需要管理员自己手动进行. 官网下载:http://www.clamav.net/downloads 写本文时候,稳定版是0.99 ClamAV的安装 # 先安装zlib yuminstall zlib -y # 添加账户 groupaddclamav useradd-g clamav -s /sbin/nologin clamav # 安装ClamAV wgethttp://www.clamav.net/downloads/productio

Linux,Unix各种版本的操作系统在线安装软件命令

摘自:http://blog.csdn.net/zjg555543/article/details/8278266 linux和unix,各个版本的操作系统都有自己的软件安装方式,最方便的莫过于在线安装软件,本文就是收集了各个版本在线安装的命令. 1.Solaris 10: pkgutil -i 2.FreeBSD: 进入/usr/ports/devel/*/  执行make,make install  就会自动下载安装依赖文件. *是对应的软件包. 3.Ubuntu: apt-get 4.re

Linux系统下Apache2.4.17的安装过程

Linux系统下安装Apache Server2.4.17.还是先声明一下,Linux命令我不进行讲解,因为我不是讲Linux命令的.有需要注意的地方,我会上图,没什么值得的注意的地方,我就不上图了.还有就是怎样将压缩包上传到Linux系统中去,我不进行讲解,还是那句话:网上教程太多了!最后,确保你的Linux是连网的! 工具/原料 Linux系列系统 Apache Server2.4.17源码包 APR源码包 APR-Util源码包 PCRE源码包 方法/步骤 1 首先,秉承我一贯的风格,来看

linux系统下Python2.7.6的安装

最近开始学习Python方面的知识,由于linux系统自带的最新版本是Python 2.6.6,然而我们学习的版本一般都是Python 2.7.6,下面就从linux系统下安装Python开始吧! 1.下载Python 2.7.6 #wget https://www.python.org/ftp/python/2.7.6/Python-2.7.6.tgz 2.解压并安装Python 2.7.6 # tar zxvf Python-2.7.6.tgz # cd Python-2.7.6 # yum

Linux系统上利用软件实现RAID

RAID磁盘阵列 RAID是英文Redundant Array of Independent Disks的缩写,中文简称为独立冗余磁盘阵列.简单的说,RAID是一种把多块独立的硬盘(物理硬盘)按不同的方式组合起来形成一个硬盘组(逻辑硬盘),从而提供比单个硬盘更高的存储性能和提供数据备份技术.组成磁盘阵列的不同方式称为RAID级别(RAID Levels).在用户看起来,组成的磁盘组就像是一个硬盘,用户可以对它进行分区,格式化等等.总之,对磁盘阵列的操作与单个硬盘一模一样.不同的是,磁盘阵列的存储

制作busybox完成自制Linux系统及远程登录和nginx安装测试

前言系统定制在前面的博文中我们就有谈到过了,不过那个裁减制作有简单了点,只是能让系统跑起来而,没有太多的功能,也没的用户登录入口,而这里我们将详细和深入的来谈谈Linux系统的详细定制过程和实现用户例如.远程登录和Nginx安装过程.一步一步从头开始定制属于我们自己的系统. 正文首先我们先来简单的介绍一下我们这里定制属于自己的Linux系统的基本元素,其中一些相关的信息也可以参考我前面写过的博文 一个定制的linux内核+一个定制的busybox就可以定制一个小型的Linux操作系统了,安装Dr

Linux系统下的Jenkins的简要安装方法

1 下载软件包 Jenkins 访问 https://jenkins.io/download/ 下载最新(LTS版本)的 war 包. Tomcat 访问 https://tomcat.apache.org/download-90.cgi 下载最新的 Tomcat 9.0 . cloudbees-folder 访问 http://ftp.icm.edu.pl/packages/jenkins/plugins/cloudbees-folder/ 下载最新的 cloudbees-folder 插件.