ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

官网:http://www.clamav.net/

一、CentOS环境安装

# yum install -y epel-release

# yum install -y clamav

二、病毒库更新检查:freshclam

# freshclam

ClamAV update process started at Fri Sep  ::

main.cld is up to date (version: , sigs: , f-level: , builder: sigmgr)

Downloading daily-.cdiff [%]

daily.cld updated (version: , sigs: , f-level: , builder: neo)

bytecode.cld is up to date (version: , sigs: , f-level: , builder: neo)

Database updated ( signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、帮助文档

# clamscan --help

                       Clam AntiVirus Scanner 0.99.

           By The ClamAV Team: http://www.clamav.net/about.html#credits

           (C) - Cisco Systems, Inc.

    --help                -h             Print this help screen

    --version             -V             Print version number

    --verbose             -v             Be verbose

    --archive-verbose     -a             Show filenames inside scanned archives

    --debug                              Enable libclamav's debug messages

    --quiet                              Only output error messages

    --stdout                             Write to stdout instead of stderr

    --no-summary                         Disable summary at end of scanning

    --infected            -i             Only print infected files

    --suppress-ok-results -o             Skip printing OK files

    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY

    --leave-temps[=yes/no(*)]            Do not remove temporary files

    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load

                                         all supported db files from DIR

    --official-db-only[=yes/no(*)]       Only load official signatures

    --log=FILE            -l FILE        Save scan report to FILE

    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively

    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match

    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems

    --follow-dir-symlinks[=/(*)/]     Follow directory symlinks ( = never,  = direct,  = always)

    --follow-file-symlinks[=/(*)/]    Follow file symlinks ( = never,  = direct,  = always)

    --file-list=FILE      -f FILE        Scan files from FILE

    --remove[=yes/no(*)]                 Remove infected files. Be careful!

    --move=DIRECTORY                     Move infected files into DIRECTORY

    --copy=DIRECTORY                     Copy infected files into DIRECTORY

    --exclude=REGEX                      Don't scan file names matching REGEX

    --exclude-dir=REGEX                  Don't scan directories matching REGEX

    --include=REGEX                      Only scan file names matching REGEX

    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database

    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode

    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)

    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics

    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications

    --exclude-pua=CAT                    Skip PUA sigs of category CAT

    --include-pua=CAT                    Load PUA sigs of category CAT

    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)

    --structured-ssn-format=X            SSN format (=normal,=stripped,=both)

    --structured-ssn-count=N             Min SSN count to generate a detect

    --structured-cc-count=N              Min CC count to generate a detect

    --scan-mail[=yes(*)/no]              Scan mail files

    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection

    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection

    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found

    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)

    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)

    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.

    --algorithmic-detection[=yes(*)/no]  Algorithmic detection

    --scan-pe[=yes(*)/no]                Scan PE files

    --scan-elf[=yes(*)/no]               Scan ELF files

    --scan-ole2[=yes(*)/no]              Scan OLE2 containers

    --scan-pdf[=yes(*)/no]               Scan PDF files

    --scan-swf[=yes(*)/no]               Scan SWF files

    --scan-html[=yes(*)/no]              Scan HTML files

    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files

    --scan-hwp3[=yes(*)/no]              Scan HWP3 files

    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)

    --detect-broken[=yes/no(*)]          Try to detect broken executable files

    --block-encrypted[=yes/no(*)]        Block encrypted archives

    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros

    --nocerts                            Disable authenticode certificate chain verification in PE files

    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean

    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)

    --max-files=#n                       The maximum number of files to scan for each container file (**)

    --max-recursion=#n                   Maximum archive recursion level for container file (**)

    --max-dir-recursion=#n               Maximum directory recursion level

    --max-embeddedpe=#n                  Maximum size file to check for embedded PE

    --max-htmlnormalize=#n               Maximum size of HTML file to normalize

    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan

    --max-scriptnormalize=#n             Maximum size of script file to normalize

    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned

    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned

    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function

    --pcre-match-limit=#n                Maximum calls to the PCRE match function.

    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.

    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.

    --enable-stats                       Enable statistical reporting of malware

    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions

    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server

    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.

    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings

(**) Certain files (e.g. documents, archives, etc.) may in turn contain other

   files inside. The above options ensure safe processing of this kind of data.

四、病毒扫描:clamscan(递归扫描+扫描路径输出)

# clamscan -r /root/ --stdout

/root/.cshrc: OK

/root/.abrt/applet_dirlist: Empty file

/root/ossec-hids-2.8..tar.gz: OK

/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND

/root/.gconfd/saved_state: OK

/root/rootkit.exe: Empty file

/root/clam_log_170922.txt: OK

/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND

/root/.imsettings.log: OK

/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND

/root/chkrootkit-0.52/ifpromisc.c: OK

/root/chkrootkit-0.52/chkrootkit.lsm: OK

/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------

Known viruses:

Engine version: 0.99.

Scanned directories:

Scanned files: 

Infected files: 23

Data scanned: 133.68 MB

Data read: 87.24 MB (ratio 1.53:)

Time: 38.355 sec ( m  s)

Linux系统查毒软件ClamAV (online)的更多相关文章

  1. linux系统查毒软件ClamAV

    安装方法: 长久使用参考: http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined 临时使用参考: htt ...

  2. Ubuntu等Linux系统显卡性能测试软件 Unigine 3D

    Ubuntu等Linux系统显卡性能测试软件 Unigine 3D Ubuntu Intel显卡驱动安装,请参考: http://blog.csdn.net/zhangrelay/article/de ...

  3. Linux系统中安装软件方法总结

    Linux系统中安装软件方法总结 [1]Linux系统中安装软件的几种方式 [2] Linux配置yum源(本地源和网络源) [3] SuSE下zypper源配置 [4] SUSE zypper 本地 ...

  4. Linux上的防病毒软件ClamAV

    Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix-like系统架设的邮 ...

  5. Linux系统及常用软件的安装

    注释:看了很多人说在Windows下面跑机器学习就和大人一直用勺子吃饭一样,应该用更...刚写到这里Linux又奔溃了-- 以后就在Linux上跑程序了,告别Windows的时代... 别看下面的安装 ...

  6. Linux系统学习07-Centos软件安装几种方法

    配置好Centos一些基础设置后,接下来就是学习平时使用最多的软件安装. windwos下软件安装非常简单,就是下载好安装包,然后双击就会自动安装. 而Centos里面安装软件的方式方法有区别,熟悉几 ...

  7. Linux系统上安装软件(JDK以及tomcat服务器)

    一:安装jdk linux系统上面如果运行java程序,就需要安装java的运行环境(jdk) 1:下载linux版本的jdk 地址:http://www.oracle.com/technetwork ...

  8. Linux系统上安装软件(ftp服务器)

    一:安装ftp服务器 在安装linux系统的时候,自定义软件包安装时,我已经勾选了ftp服务器,所以已经 安装过了,如果没有勾选,需要额外下载ftp的安装包,进行安装. ftp服务器搭建过程中遇到的问 ...

  9. VMware下安装Linux系统,ORACLE软件,DBCA建库

    操作系统安装   在vmware下安装Linux (OEL5.6),用于数据库服务器 1.打开vmware,选择"创建新的虚拟机"       2.选择自定义安装   3.选择虚拟 ...

随机推荐

  1. SPOJ.TLE - Time Limit Exceeded(DP 高维前缀和)

    题目链接 \(Description\) 给定长为\(n\)的数组\(c_i\)和\(m\),求长为\(n\)的序列\(a_i\)个数,满足:\(c_i\not\mid a_i,\quad a_i\& ...

  2. Java并发程序设计(一) 基础概念

    Java并发程序设计(一) 基础概念 一.必须知道的几个概念 一)同步(Synchronous)和异步(Asynchronous) 同步:同步方法调用一旦开始,调用者必须等到方法调用返回后,才能继续后 ...

  3. php 将两个数组进行相加 http://blog.csdn.net/lcstrive/article/details/38331487

    刚刚在网上看到一个提问. 数组Array ( [0] => 1 [1] => 2 )和数组Array ( [0] => 5 [1] => 6 ) 怎么让他们想加得出: 数组Ar ...

  4. 树形动态规划(树状DP)小结

    树状动态规划定义 之所以这样命名树规,是因为树形DP的这一特殊性:没有环,dfs是不会重复,而且具有明显而又严格的层数关系.利用这一特性,我们可以很清晰地根据题目写出一个在树(型结构)上的记忆化搜索的 ...

  5. OpenCV3.2.0+VS2017环境配置与常见问题(巨细坑爹版)

    目录 安装 常见问题 题外话:首先,配环境一定要有耐心... 本博客是本小白第一次装OpenCV成功后第一时间整理发布.用的是刚下载好的OpenCV3.2.0版,用x64编译器Debug运行(当然Re ...

  6. Navicat Premium for Mac的破解教程

          Navicat Premium for Mac破解教程 https://www.jianshu.com/p/f3ef78deadaa 时间戳: https://tool.lu/timest ...

  7. PAT Basic 1007

    1007 素数对猜想 (20 分) 让我们定义d​n​​为:d​n​​=p​n+1​​−p​n​​,其中p​i​​是第i个素数.显然有d​1​​=1,且对于n>1有d​n​​是偶数.“素数对猜想 ...

  8. python3.5环境配置

    前言: python3应该是python的趋势所在,当然目前争议也比较大,这篇随笔的主要目的是记录在linux6.4下搭建python3环境的过程 以及碰到的问题和解决过程. 另外,如果本机安装了py ...

  9. JSP(6)—JavaBean及案例

    基础: 一.JavaBean ①用作JavaBean的类必须是具有一个公共的无参数的构造方法 ②JavaBean的属性是以方法定义的形式出现的. ③JavaBean的属性名是根据Setter和gett ...

  10. HRD Emulator in HTML5

    Posted on March 21, 2012 by Moto Just like MPEG-2 video uses VBV (Video Buffer Verifier), H.264 stan ...