ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

官网:http://www.clamav.net/

一、CentOS环境安装

# yum install -y epel-release

# yum install -y clamav

二、病毒库更新检查:freshclam

# freshclam

ClamAV update process started at Fri Sep  ::

main.cld is up to date (version: , sigs: , f-level: , builder: sigmgr)

Downloading daily-.cdiff [%]

daily.cld updated (version: , sigs: , f-level: , builder: neo)

bytecode.cld is up to date (version: , sigs: , f-level: , builder: neo)

Database updated ( signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、帮助文档

# clamscan --help

                       Clam AntiVirus Scanner 0.99.

           By The ClamAV Team: http://www.clamav.net/about.html#credits

           (C) - Cisco Systems, Inc.

    --help                -h             Print this help screen

    --version             -V             Print version number

    --verbose             -v             Be verbose

    --archive-verbose     -a             Show filenames inside scanned archives

    --debug                              Enable libclamav's debug messages

    --quiet                              Only output error messages

    --stdout                             Write to stdout instead of stderr

    --no-summary                         Disable summary at end of scanning

    --infected            -i             Only print infected files

    --suppress-ok-results -o             Skip printing OK files

    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY

    --leave-temps[=yes/no(*)]            Do not remove temporary files

    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load

                                         all supported db files from DIR

    --official-db-only[=yes/no(*)]       Only load official signatures

    --log=FILE            -l FILE        Save scan report to FILE

    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively

    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match

    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems

    --follow-dir-symlinks[=/(*)/]     Follow directory symlinks ( = never,  = direct,  = always)

    --follow-file-symlinks[=/(*)/]    Follow file symlinks ( = never,  = direct,  = always)

    --file-list=FILE      -f FILE        Scan files from FILE

    --remove[=yes/no(*)]                 Remove infected files. Be careful!

    --move=DIRECTORY                     Move infected files into DIRECTORY

    --copy=DIRECTORY                     Copy infected files into DIRECTORY

    --exclude=REGEX                      Don't scan file names matching REGEX

    --exclude-dir=REGEX                  Don't scan directories matching REGEX

    --include=REGEX                      Only scan file names matching REGEX

    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database

    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode

    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)

    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics

    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications

    --exclude-pua=CAT                    Skip PUA sigs of category CAT

    --include-pua=CAT                    Load PUA sigs of category CAT

    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)

    --structured-ssn-format=X            SSN format (=normal,=stripped,=both)

    --structured-ssn-count=N             Min SSN count to generate a detect

    --structured-cc-count=N              Min CC count to generate a detect

    --scan-mail[=yes(*)/no]              Scan mail files

    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection

    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection

    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found

    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)

    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)

    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.

    --algorithmic-detection[=yes(*)/no]  Algorithmic detection

    --scan-pe[=yes(*)/no]                Scan PE files

    --scan-elf[=yes(*)/no]               Scan ELF files

    --scan-ole2[=yes(*)/no]              Scan OLE2 containers

    --scan-pdf[=yes(*)/no]               Scan PDF files

    --scan-swf[=yes(*)/no]               Scan SWF files

    --scan-html[=yes(*)/no]              Scan HTML files

    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files

    --scan-hwp3[=yes(*)/no]              Scan HWP3 files

    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)

    --detect-broken[=yes/no(*)]          Try to detect broken executable files

    --block-encrypted[=yes/no(*)]        Block encrypted archives

    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros

    --nocerts                            Disable authenticode certificate chain verification in PE files

    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean

    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)

    --max-files=#n                       The maximum number of files to scan for each container file (**)

    --max-recursion=#n                   Maximum archive recursion level for container file (**)

    --max-dir-recursion=#n               Maximum directory recursion level

    --max-embeddedpe=#n                  Maximum size file to check for embedded PE

    --max-htmlnormalize=#n               Maximum size of HTML file to normalize

    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan

    --max-scriptnormalize=#n             Maximum size of script file to normalize

    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned

    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned

    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function

    --pcre-match-limit=#n                Maximum calls to the PCRE match function.

    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.

    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.

    --enable-stats                       Enable statistical reporting of malware

    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions

    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server

    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.

    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings

(**) Certain files (e.g. documents, archives, etc.) may in turn contain other

   files inside. The above options ensure safe processing of this kind of data.

四、病毒扫描:clamscan(递归扫描+扫描路径输出)

# clamscan -r /root/ --stdout

/root/.cshrc: OK

/root/.abrt/applet_dirlist: Empty file

/root/ossec-hids-2.8..tar.gz: OK

/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND

/root/.gconfd/saved_state: OK

/root/rootkit.exe: Empty file

/root/clam_log_170922.txt: OK

/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND

/root/.imsettings.log: OK

/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND

/root/chkrootkit-0.52/ifpromisc.c: OK

/root/chkrootkit-0.52/chkrootkit.lsm: OK

/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------

Known viruses:

Engine version: 0.99.

Scanned directories:

Scanned files: 

Infected files: 23

Data scanned: 133.68 MB

Data read: 87.24 MB (ratio 1.53:)

Time: 38.355 sec ( m  s)

Linux系统查毒软件ClamAV (online)的更多相关文章

  1. linux系统查毒软件ClamAV

    安装方法: 长久使用参考: http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined 临时使用参考: htt ...

  2. Ubuntu等Linux系统显卡性能测试软件 Unigine 3D

    Ubuntu等Linux系统显卡性能测试软件 Unigine 3D Ubuntu Intel显卡驱动安装,请参考: http://blog.csdn.net/zhangrelay/article/de ...

  3. Linux系统中安装软件方法总结

    Linux系统中安装软件方法总结 [1]Linux系统中安装软件的几种方式 [2] Linux配置yum源(本地源和网络源) [3] SuSE下zypper源配置 [4] SUSE zypper 本地 ...

  4. Linux上的防病毒软件ClamAV

    Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix-like系统架设的邮 ...

  5. Linux系统及常用软件的安装

    注释:看了很多人说在Windows下面跑机器学习就和大人一直用勺子吃饭一样,应该用更...刚写到这里Linux又奔溃了-- 以后就在Linux上跑程序了,告别Windows的时代... 别看下面的安装 ...

  6. Linux系统学习07-Centos软件安装几种方法

    配置好Centos一些基础设置后,接下来就是学习平时使用最多的软件安装. windwos下软件安装非常简单,就是下载好安装包,然后双击就会自动安装. 而Centos里面安装软件的方式方法有区别,熟悉几 ...

  7. Linux系统上安装软件(JDK以及tomcat服务器)

    一:安装jdk linux系统上面如果运行java程序,就需要安装java的运行环境(jdk) 1:下载linux版本的jdk 地址:http://www.oracle.com/technetwork ...

  8. Linux系统上安装软件(ftp服务器)

    一:安装ftp服务器 在安装linux系统的时候,自定义软件包安装时,我已经勾选了ftp服务器,所以已经 安装过了,如果没有勾选,需要额外下载ftp的安装包,进行安装. ftp服务器搭建过程中遇到的问 ...

  9. VMware下安装Linux系统,ORACLE软件,DBCA建库

    操作系统安装   在vmware下安装Linux (OEL5.6),用于数据库服务器 1.打开vmware,选择"创建新的虚拟机"       2.选择自定义安装   3.选择虚拟 ...

随机推荐

  1. MySQL数据库基本用法-聚合-分组

    聚合 为了快速得到统计数据,提供了5个聚合函数 count(*)表示计算总行数,括号中写星与列名,结果是相同的 查询学生总数 select count(*) from students; max(列) ...

  2. BZOJ.4182.Shopping(点分治/dsu on tree 树形依赖背包 多重背包 单调队列)

    BZOJ 题目的限制即:给定一棵树,只能任选一个连通块然后做背包,且每个点上的物品至少取一个.求花费为\(m\)时最大价值. 令\(f[i][j]\)表示在点\(i\),已用体积为\(j\)的最大价值 ...

  3. 潭州课堂25班:Ph201805201 django 项目 第三十九课 后台 文章发布,图片上传到 FastDFS后端实现 七牛云讲解(课堂笔记)

    文章发布: # 1,从前台获取参数# 2,校验参数# 3,把数据保存到数据库# 4,返回执行结果到前台,(创建成功或失败) 自定义 froms.py 校验参数 上传图片到七牛云 注册 https:// ...

  4. [CSAcademy]Sum of Powers

    [CSAcademy]Sum of Powers 题目大意: 给定\(n,m,k(n,m,k\le4096)\).一个无序可重集\(A\)为合法的,当且仅当\(|A|=m\)且\(\sum A_i=n ...

  5. JavaScript中date 对象常用方法

    Date 对象 Date 对象用于处理日期和时间. //创建 Date 对象的语法: var datetime = new Date();//Date 对象会自动把当前日期和时间保存为其初始值. co ...

  6. Set集合架构和常用实现类的源码分析以及实例应用

    说明:Set的实现类都是基于Map来实现的(HashSet是通过HashMap实现的,TreeSet是通过TreeMap实现的). (01) Set 是继承于Collection的接口.它是一个不允许 ...

  7. 利用Ajax和JSON实现关于查找省市名称的二级联动功能

    功能实现的思路:我们经常碰见网上购物时候填写收件地址会用到这个查找省市县的三级联动查找功能,我们可以利用Ajax和JSON技术模拟这个功能,说白了同样是使用Ajax的局部数据更新功能这个特性.因为省市 ...

  8. HTTP中的重定向和请求转发的区别(转)

    一.调用方式 我们知道,在servlet中调用转发.重定向的语句如下: request.getRequestDispatcher("new.jsp").forward(reques ...

  9. 【模拟】[NOIP2014]螺旋矩阵[c++]

    题目描述 一个n行n列的螺旋矩阵可由如下方法生成: 从矩阵的左上角(第1行第1列)出发,初始时向右移动:如果前方是未曾经过的格子,则继续前进,否则右转:重复上述操作直至经过矩阵中所有格子.根据经过顺序 ...

  10. Servlet(2)—java项目下web应用程序

    在java项目下手动写一个web程序 步骤: ①创建一个java项目并在根目录创建一个WebContent目录文件 ②WebContent下创建WEB-INF目录文件 ③WEB-INF下创建class ...