ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

官网:http://www.clamav.net/

一、CentOS环境安装

# yum install -y epel-release

# yum install -y clamav

二、病毒库更新检查:freshclam

# freshclam

ClamAV update process started at Fri Sep  ::

main.cld is up to date (version: , sigs: , f-level: , builder: sigmgr)

Downloading daily-.cdiff [%]

daily.cld updated (version: , sigs: , f-level: , builder: neo)

bytecode.cld is up to date (version: , sigs: , f-level: , builder: neo)

Database updated ( signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、帮助文档

# clamscan --help

                       Clam AntiVirus Scanner 0.99.

           By The ClamAV Team: http://www.clamav.net/about.html#credits

           (C) - Cisco Systems, Inc.

    --help                -h             Print this help screen

    --version             -V             Print version number

    --verbose             -v             Be verbose

    --archive-verbose     -a             Show filenames inside scanned archives

    --debug                              Enable libclamav's debug messages

    --quiet                              Only output error messages

    --stdout                             Write to stdout instead of stderr

    --no-summary                         Disable summary at end of scanning

    --infected            -i             Only print infected files

    --suppress-ok-results -o             Skip printing OK files

    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY

    --leave-temps[=yes/no(*)]            Do not remove temporary files

    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load

                                         all supported db files from DIR

    --official-db-only[=yes/no(*)]       Only load official signatures

    --log=FILE            -l FILE        Save scan report to FILE

    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively

    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match

    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems

    --follow-dir-symlinks[=/(*)/]     Follow directory symlinks ( = never,  = direct,  = always)

    --follow-file-symlinks[=/(*)/]    Follow file symlinks ( = never,  = direct,  = always)

    --file-list=FILE      -f FILE        Scan files from FILE

    --remove[=yes/no(*)]                 Remove infected files. Be careful!

    --move=DIRECTORY                     Move infected files into DIRECTORY

    --copy=DIRECTORY                     Copy infected files into DIRECTORY

    --exclude=REGEX                      Don't scan file names matching REGEX

    --exclude-dir=REGEX                  Don't scan directories matching REGEX

    --include=REGEX                      Only scan file names matching REGEX

    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database

    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode

    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)

    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics

    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications

    --exclude-pua=CAT                    Skip PUA sigs of category CAT

    --include-pua=CAT                    Load PUA sigs of category CAT

    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)

    --structured-ssn-format=X            SSN format (=normal,=stripped,=both)

    --structured-ssn-count=N             Min SSN count to generate a detect

    --structured-cc-count=N              Min CC count to generate a detect

    --scan-mail[=yes(*)/no]              Scan mail files

    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection

    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection

    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found

    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)

    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)

    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.

    --algorithmic-detection[=yes(*)/no]  Algorithmic detection

    --scan-pe[=yes(*)/no]                Scan PE files

    --scan-elf[=yes(*)/no]               Scan ELF files

    --scan-ole2[=yes(*)/no]              Scan OLE2 containers

    --scan-pdf[=yes(*)/no]               Scan PDF files

    --scan-swf[=yes(*)/no]               Scan SWF files

    --scan-html[=yes(*)/no]              Scan HTML files

    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files

    --scan-hwp3[=yes(*)/no]              Scan HWP3 files

    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)

    --detect-broken[=yes/no(*)]          Try to detect broken executable files

    --block-encrypted[=yes/no(*)]        Block encrypted archives

    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros

    --nocerts                            Disable authenticode certificate chain verification in PE files

    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean

    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)

    --max-files=#n                       The maximum number of files to scan for each container file (**)

    --max-recursion=#n                   Maximum archive recursion level for container file (**)

    --max-dir-recursion=#n               Maximum directory recursion level

    --max-embeddedpe=#n                  Maximum size file to check for embedded PE

    --max-htmlnormalize=#n               Maximum size of HTML file to normalize

    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan

    --max-scriptnormalize=#n             Maximum size of script file to normalize

    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned

    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned

    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function

    --pcre-match-limit=#n                Maximum calls to the PCRE match function.

    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.

    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.

    --enable-stats                       Enable statistical reporting of malware

    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions

    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server

    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.

    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings

(**) Certain files (e.g. documents, archives, etc.) may in turn contain other

   files inside. The above options ensure safe processing of this kind of data.

四、病毒扫描:clamscan(递归扫描+扫描路径输出)

# clamscan -r /root/ --stdout

/root/.cshrc: OK

/root/.abrt/applet_dirlist: Empty file

/root/ossec-hids-2.8..tar.gz: OK

/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND

/root/.gconfd/saved_state: OK

/root/rootkit.exe: Empty file

/root/clam_log_170922.txt: OK

/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND

/root/.imsettings.log: OK

/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND

/root/chkrootkit-0.52/ifpromisc.c: OK

/root/chkrootkit-0.52/chkrootkit.lsm: OK

/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------

Known viruses:

Engine version: 0.99.

Scanned directories:

Scanned files: 

Infected files: 23

Data scanned: 133.68 MB

Data read: 87.24 MB (ratio 1.53:)

Time: 38.355 sec ( m  s)

Linux系统查毒软件ClamAV (online)的更多相关文章

  1. linux系统查毒软件ClamAV

    安装方法: 长久使用参考: http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined 临时使用参考: htt ...

  2. Ubuntu等Linux系统显卡性能测试软件 Unigine 3D

    Ubuntu等Linux系统显卡性能测试软件 Unigine 3D Ubuntu Intel显卡驱动安装,请参考: http://blog.csdn.net/zhangrelay/article/de ...

  3. Linux系统中安装软件方法总结

    Linux系统中安装软件方法总结 [1]Linux系统中安装软件的几种方式 [2] Linux配置yum源(本地源和网络源) [3] SuSE下zypper源配置 [4] SUSE zypper 本地 ...

  4. Linux上的防病毒软件ClamAV

    Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix-like系统架设的邮 ...

  5. Linux系统及常用软件的安装

    注释:看了很多人说在Windows下面跑机器学习就和大人一直用勺子吃饭一样,应该用更...刚写到这里Linux又奔溃了-- 以后就在Linux上跑程序了,告别Windows的时代... 别看下面的安装 ...

  6. Linux系统学习07-Centos软件安装几种方法

    配置好Centos一些基础设置后,接下来就是学习平时使用最多的软件安装. windwos下软件安装非常简单,就是下载好安装包,然后双击就会自动安装. 而Centos里面安装软件的方式方法有区别,熟悉几 ...

  7. Linux系统上安装软件(JDK以及tomcat服务器)

    一:安装jdk linux系统上面如果运行java程序,就需要安装java的运行环境(jdk) 1:下载linux版本的jdk 地址:http://www.oracle.com/technetwork ...

  8. Linux系统上安装软件(ftp服务器)

    一:安装ftp服务器 在安装linux系统的时候,自定义软件包安装时,我已经勾选了ftp服务器,所以已经 安装过了,如果没有勾选,需要额外下载ftp的安装包,进行安装. ftp服务器搭建过程中遇到的问 ...

  9. VMware下安装Linux系统,ORACLE软件,DBCA建库

    操作系统安装   在vmware下安装Linux (OEL5.6),用于数据库服务器 1.打开vmware,选择"创建新的虚拟机"       2.选择自定义安装   3.选择虚拟 ...

随机推荐

  1. Windows下MySQL绿色版安装配置与使用

    Mysql-5.7.11-winx64操作步骤: 一.安装MySQL数据库 1.下载. 下载地址: http://downloads.mysql.com/archives/get/file/mysql ...

  2. Callable与Runable接口 submit与execute区别

    execute(Runnable x) 没有返回值.可以执行任务,但无法判断任务是否成功完成. submit(Runnable x) 返回一个future.可以用这个future来判断任务是否成功完成 ...

  3. XamarinAndroid组件教程设置动画的时长参数

    XamarinAndroid组件教程设置动画的时长参数 在添加动画的时候,开发者还可以动画参数进行设置,如动画持续的时长.插值器等.下面依次讲解动画参数的设置方法. 1.设置动画时长 设置动画持续的时 ...

  4. DTL

    DTL:Django模板语言(Django Template Language). 一.变量 1.视图函数可以通过两种方式将变量传递给模板页面: ① render(request, 'test_pag ...

  5. 潭州课堂25班:Ph201805201 django 项目 第二十五课 文章多级评论前后台实现 (课堂笔记)

    添加新闻评论功能 1.分析 业务处理流程: 判断前端传的新闻id是否为空,是否为整数.是否不存在 判断评论的内容是否为空 判断是否有父评论,父评论的id是否与新闻id匹配 判断用户是否登录 保存新闻评 ...

  6. 全局解释器锁 GIL

    1.什么是GIL? GIL本质上是互斥锁,可以将并发运行变为串行,以此来控制同一时间内共享数据只能被一个任务修改,保证时间安全 2.GIL应用场景 使用原因:Cpython解释器自带垃圾回收机制不是线 ...

  7. BZOJ3490 : Pa2011 Laser Pool

    与横线以及竖线的交点个数很容易求,那么只要求出横线竖线交点与运动轨迹的交点数即可. 运动轨迹可以划分成若干条贯穿边界的斜线,对于第一条和最后一条,可以用bitset暴力统计. 对于中间的部分,斜线都是 ...

  8. Node爬取简书首页文章

    Node爬取简书首页文章 博主刚学node,打算写个爬虫练练手,这次的爬虫目标是简书的首页文章 流程分析 使用superagent发送http请求到服务端,获取HTML文本 用cheerio解析获得的 ...

  9. unique_ptr_c++11

    unique_ptr 替代了原来的auto_ptr,指向对象具有唯一性,即同一时间只能有unique_ptr指向给定对象(和auto_ptr不同是禁止拷贝语义,通过移动语义替代) unique_ptr ...

  10. 深入理解this,bind、call

    直接看this 直接看call和bind 首先放一道题: var a={ a:'haha', getA: function(){ console.log(this.a); } } var b= { a ...