ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

官网:http://www.clamav.net/

一、CentOS环境安装

# yum install -y epel-release

# yum install -y clamav

二、病毒库更新检查:freshclam

# freshclam

ClamAV update process started at Fri Sep  ::

main.cld is up to date (version: , sigs: , f-level: , builder: sigmgr)

Downloading daily-.cdiff [%]

daily.cld updated (version: , sigs: , f-level: , builder: neo)

bytecode.cld is up to date (version: , sigs: , f-level: , builder: neo)

Database updated ( signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、帮助文档

# clamscan --help

                       Clam AntiVirus Scanner 0.99.

           By The ClamAV Team: http://www.clamav.net/about.html#credits

           (C) - Cisco Systems, Inc.

    --help                -h             Print this help screen

    --version             -V             Print version number

    --verbose             -v             Be verbose

    --archive-verbose     -a             Show filenames inside scanned archives

    --debug                              Enable libclamav's debug messages

    --quiet                              Only output error messages

    --stdout                             Write to stdout instead of stderr

    --no-summary                         Disable summary at end of scanning

    --infected            -i             Only print infected files

    --suppress-ok-results -o             Skip printing OK files

    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY

    --leave-temps[=yes/no(*)]            Do not remove temporary files

    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load

                                         all supported db files from DIR

    --official-db-only[=yes/no(*)]       Only load official signatures

    --log=FILE            -l FILE        Save scan report to FILE

    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively

    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match

    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems

    --follow-dir-symlinks[=/(*)/]     Follow directory symlinks ( = never,  = direct,  = always)

    --follow-file-symlinks[=/(*)/]    Follow file symlinks ( = never,  = direct,  = always)

    --file-list=FILE      -f FILE        Scan files from FILE

    --remove[=yes/no(*)]                 Remove infected files. Be careful!

    --move=DIRECTORY                     Move infected files into DIRECTORY

    --copy=DIRECTORY                     Copy infected files into DIRECTORY

    --exclude=REGEX                      Don't scan file names matching REGEX

    --exclude-dir=REGEX                  Don't scan directories matching REGEX

    --include=REGEX                      Only scan file names matching REGEX

    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database

    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode

    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)

    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics

    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications

    --exclude-pua=CAT                    Skip PUA sigs of category CAT

    --include-pua=CAT                    Load PUA sigs of category CAT

    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)

    --structured-ssn-format=X            SSN format (=normal,=stripped,=both)

    --structured-ssn-count=N             Min SSN count to generate a detect

    --structured-cc-count=N              Min CC count to generate a detect

    --scan-mail[=yes(*)/no]              Scan mail files

    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection

    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection

    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found

    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)

    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)

    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.

    --algorithmic-detection[=yes(*)/no]  Algorithmic detection

    --scan-pe[=yes(*)/no]                Scan PE files

    --scan-elf[=yes(*)/no]               Scan ELF files

    --scan-ole2[=yes(*)/no]              Scan OLE2 containers

    --scan-pdf[=yes(*)/no]               Scan PDF files

    --scan-swf[=yes(*)/no]               Scan SWF files

    --scan-html[=yes(*)/no]              Scan HTML files

    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files

    --scan-hwp3[=yes(*)/no]              Scan HWP3 files

    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)

    --detect-broken[=yes/no(*)]          Try to detect broken executable files

    --block-encrypted[=yes/no(*)]        Block encrypted archives

    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros

    --nocerts                            Disable authenticode certificate chain verification in PE files

    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean

    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)

    --max-files=#n                       The maximum number of files to scan for each container file (**)

    --max-recursion=#n                   Maximum archive recursion level for container file (**)

    --max-dir-recursion=#n               Maximum directory recursion level

    --max-embeddedpe=#n                  Maximum size file to check for embedded PE

    --max-htmlnormalize=#n               Maximum size of HTML file to normalize

    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan

    --max-scriptnormalize=#n             Maximum size of script file to normalize

    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned

    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned

    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function

    --pcre-match-limit=#n                Maximum calls to the PCRE match function.

    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.

    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.

    --enable-stats                       Enable statistical reporting of malware

    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions

    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server

    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.

    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings

(**) Certain files (e.g. documents, archives, etc.) may in turn contain other

   files inside. The above options ensure safe processing of this kind of data.

四、病毒扫描:clamscan(递归扫描+扫描路径输出)

# clamscan -r /root/ --stdout

/root/.cshrc: OK

/root/.abrt/applet_dirlist: Empty file

/root/ossec-hids-2.8..tar.gz: OK

/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND

/root/.gconfd/saved_state: OK

/root/rootkit.exe: Empty file

/root/clam_log_170922.txt: OK

/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND

/root/.imsettings.log: OK

/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND

/root/chkrootkit-0.52/ifpromisc.c: OK

/root/chkrootkit-0.52/chkrootkit.lsm: OK

/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------

Known viruses:

Engine version: 0.99.

Scanned directories:

Scanned files: 

Infected files: 23

Data scanned: 133.68 MB

Data read: 87.24 MB (ratio 1.53:)

Time: 38.355 sec ( m  s)

Linux系统查毒软件ClamAV (online)的更多相关文章

  1. linux系统查毒软件ClamAV

    安装方法: 长久使用参考: http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined 临时使用参考: htt ...

  2. Ubuntu等Linux系统显卡性能测试软件 Unigine 3D

    Ubuntu等Linux系统显卡性能测试软件 Unigine 3D Ubuntu Intel显卡驱动安装,请参考: http://blog.csdn.net/zhangrelay/article/de ...

  3. Linux系统中安装软件方法总结

    Linux系统中安装软件方法总结 [1]Linux系统中安装软件的几种方式 [2] Linux配置yum源(本地源和网络源) [3] SuSE下zypper源配置 [4] SUSE zypper 本地 ...

  4. Linux上的防病毒软件ClamAV

    Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix-like系统架设的邮 ...

  5. Linux系统及常用软件的安装

    注释:看了很多人说在Windows下面跑机器学习就和大人一直用勺子吃饭一样,应该用更...刚写到这里Linux又奔溃了-- 以后就在Linux上跑程序了,告别Windows的时代... 别看下面的安装 ...

  6. Linux系统学习07-Centos软件安装几种方法

    配置好Centos一些基础设置后,接下来就是学习平时使用最多的软件安装. windwos下软件安装非常简单,就是下载好安装包,然后双击就会自动安装. 而Centos里面安装软件的方式方法有区别,熟悉几 ...

  7. Linux系统上安装软件(JDK以及tomcat服务器)

    一:安装jdk linux系统上面如果运行java程序,就需要安装java的运行环境(jdk) 1:下载linux版本的jdk 地址:http://www.oracle.com/technetwork ...

  8. Linux系统上安装软件(ftp服务器)

    一:安装ftp服务器 在安装linux系统的时候,自定义软件包安装时,我已经勾选了ftp服务器,所以已经 安装过了,如果没有勾选,需要额外下载ftp的安装包,进行安装. ftp服务器搭建过程中遇到的问 ...

  9. VMware下安装Linux系统,ORACLE软件,DBCA建库

    操作系统安装   在vmware下安装Linux (OEL5.6),用于数据库服务器 1.打开vmware,选择"创建新的虚拟机"       2.选择自定义安装   3.选择虚拟 ...

随机推荐

  1. 快速上手Git

    本文主要摘录于廖雪峰的Git教程,个别地方做了可能不恰当的修改或补充,主要方便自己回顾.查看更详细内容请移步廖老师博客.同时,感谢廖老师写出这么好的入门指导. (有彩蛋!!!) 一.热身 1.初始化一 ...

  2. Django之模板1

    Django模板 一.变量(只需要记住两种特殊符号) {{ }} 和{% %} {{ }}表示变量,在模板渲染的时候替换成值,变量名由字母数字和下划线组成. {% %}表示逻辑相关的操作. 点(.)在 ...

  3. Ue4管线中的灯光信息

    http://www.tomlooman.com/disneyfaciliershadow/ 看了这篇Blog我有了一个惊喜的发现: float4 GetPerPixelLightAttenuatio ...

  4. BZOJ.3293.[CQOI2011]分金币(思路)

    3293 双倍经验 1045 先考虑能否断环为链.显然是可以的,因为金币不可能在整个环上平移.所以我们枚举断点\(k\),表示\(k\)和\(k+1\)之间不交换金币. 令\(d_i=a_i-aver ...

  5. Java发邮件基础篇

    1. 电子邮件协议 电子邮件的在网络中传输和网页一样需要遵从特定的协议,常用的电子邮件协议包括 SMTP,POP3,IMAP.其中邮件的创建和发送只需要用到 SMTP协议,所以本文也只会涉及到SMTP ...

  6. BZOJ1290 : [Ctsc2009]序列变换

    设$f[i][j]$表示$a[i]$改成$j$时的最小总代价. 若$a[i]<A(i-1)+1$,则不妨将其强行改成$A(i-1)+1$,如此处理之后$\min(f[n][1..Q])$就是答案 ...

  7. 策略梯度训练cartpole小游戏

    我原来已经安装了anaconda,在此基础上进入cmd进行pip install tensorflow和pip install gym就可以了. 在win10的pycharm做的. policy_gr ...

  8. ./configure && make && make install 编译安装和卸载 (Linux)

    ./configure && make && make install 编译安装和卸载 (Linux) 正常的编译安装/卸载:   源码的安装一般由3个步骤组成:配置( ...

  9. vue路由打开新窗口

    一. <router-link>标签实现新窗口打开: 官方文档中说 v-link 指令被 <router-link> 组件指令替代,且 <router-link> ...

  10. Intel处理器技术文档

    1.intel程序员手册(1986).pdf 下载地址 2.Intel® 64 and IA-32 Architectures Software Developer Manuals   下载链接 3. ...