Linux系統查毒軟件ClamAV (在線安裝)

阿新 • • 發佈：2017-09-22

ims class ngs deb collect tag raw don system

ClamAV是一個可用於Linux平臺上的開源殺毒引擎，可檢測木馬、病毒、惡意軟件和其他惡意的威脅。

官網：http://www.clamav.net/

一、CentOS環境安裝

# yum install -y epel-release
# yum install -y clamav

二、病毒庫更新檢查：freshclam

# freshclam 
ClamAV update process started at Fri Sep 22 17:43:55 2017
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily 
-23862.cdiff [100%]
daily.cld updated (version: 23862, sigs: 1743102, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 312, sigs: 74, f-level: 63, builder: neo)
Database updated (6309425 signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、幫助文檔

# clamscan --help

                       Clam AntiVirus Scanner  
0.99.2
           By The ClamAV Team: http://www.clamav.net/about.html#credits
           (C) 2007-2015 Cisco Systems, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
     
--archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav‘s debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don‘t scan file names matching REGEX
    --exclude-dir=REGEX                  Don‘t scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files
    --scan-hwp3[=yes(*)/no]              Scan HWP3 files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze
    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned
    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned
    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function
    --pcre-match-limit=#n                Maximum calls to the PCRE match function.
    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.
    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.
    --enable-stats                       Enable statistical reporting of malware
    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions
    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server
    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.
    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

View Code

四、病毒掃描：clamscan（遞歸掃描+掃描路徑輸出）

# clamscan -r /root/ --stdout
/root/.cshrc: OK
/root/.abrt/applet_dirlist: Empty file
/root/ossec-hids-2.8.3.tar.gz: OK
/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND
/root/.gconfd/saved_state: OK
/root/rootkit.exe: Empty file
/root/clam_log_170922.txt: OK
/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND
/root/.imsettings.log: OK
/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND
/root/chkrootkit-0.52/ifpromisc.c: OK
/root/chkrootkit-0.52/chkrootkit.lsm: OK
/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------
Known viruses: 6303718
Engine version: 0.99.2
Scanned directories: 342
Scanned files: 3927
Infected files: 23
Data scanned: 133.68 MB
Data read: 87.24 MB (ratio 1.53:1)
Time: 38.355 sec (0 m 38 s)

Linux系統查毒軟件ClamAV (在線安裝)

ims class ngs deb collect tag raw don system ClamAV是一個可用於Linux平臺上的開源殺毒引擎，可檢測木馬、病毒、惡意軟件和其他惡意的威脅。官網：http://www.clamav.net/ 一、CentOS環境安裝 #

Linux下殺毒軟件clamav的安裝和使用

nologin ref prefix make mark update example borde content 發表於：2017年6月30日分類：Linux/Unix 最近發現有臺服務器中毒了，手動去查殺總是會有遺漏，最

Linux下殺毒軟件Clamav的安裝和使用.md

one 命令行遇到最後一行 net v-on sco and zip 操作系統版本信息 CentOS Linux release 7.4.1708 (Core) ClamAV 簡單介紹 ClamAV 殺毒是Linux平臺最受歡迎的殺毒軟件，ClamAV屬於免費開源產品，

殺毒軟件clamav的安裝和使用

方法安裝 direct lease roo emd .net www 執行 mail 系統rhel7.5 clamav-0.100.2.tar.gz 官網下載clamav：http://www.clamav.net開始安裝：根據自己的系統版本下載相應的epel安裝

linux系統查看硬件及系統信息常用命令匯總

art 參數 pro 常用 -s 運行時間 load 活動 ota uname –a # 查看內核/操作系統/CPU信息的linux系統信息命令 head -n 1 /etc/issue # 查看操作系統版本，是數字1不是字母L cat /proc/cpuin

Ubuntu下查看軟件版本及安裝位置

blog apt ubuntu下 nbsp apt-get -m clas mod dpkg 查看軟件版本:aptitude show xxx 也可用apt-show-versions (要先安裝sudo apt-get install apt-show-version

linux clamav殺毒軟件的安裝

direct bzip2 antivirus blog sed font window conn images 一、概述　　 Linux比其它操作系統更穩定更安全。理論上Linux是有可能被病毒侵害的。但實際上 Linux機器幾乎不可能遭受病毒的攻擊。所以我這裏

安裝Nginx須要系統的輔助軟件(linux)

1.7 yum lin ++ ie8 http nginx負載均衡 openss pen 安裝Nginx須要系統的輔助軟件(linux)： yum -y install make gcc gcc-c++ ncurses-devel yum -y install

clamav殺毒軟件部署筆記

clamav殺毒軟件部署筆記環境：Centos 7.2 軟件：clamav第一步：Clamav下載wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz第二步：創建clamav用戶和組groupadd clamav us

Linux系統centOS7在虛擬機下的安裝及XShell軟件的配置

系統centos7 nbsp 開啟 lan red 選中 linu 畫面創建前面的話　　本文將詳細介紹Linux系統centOS7在虛擬機下的安裝準備工作【系統下載】　　在安裝centOS7之前，首先在官網下載合適的版本　　然後，選擇一個鏈

利用saltstack對minion端安裝clamav殺毒軟件

config tac 執行 manage -- configure amp 如果 pac 首先應該編寫sls文件 1 clamav_source: 2 file.managed: 3 - name: /tmp/clamav-0.99.2.tar.gz

Centos6安裝和使用ClamAV殺毒軟件

centos6 clamav 1.ClamAV殺毒軟件的安裝2.下載病毒庫3.開啟服務4.查殺病毒5.計劃任務1.ClamAV殺毒軟件的安裝[root@localhost ~]# yum -y install epel-releaseRunning Transaction Installing :

linux下如何查看某軟件是否已安裝

container yum class 軟件包 pad sbin oot padding 軟件因為linux安裝軟件的方式比較多，所以沒有一個通用的辦法能查到某些軟件是否安裝了。總結起來就是這樣幾類： 1、rpm包安裝的，可以用rpm -qa看到，如果要查

linux中查找文件屬於那個軟件包的方法

too .gz http oot x86_64 swd pro lin HERE 一、linux中查找文件屬於那個軟件包的方法 [root@salt prod]# whereis htpasswdhtpasswd: /usr/bin/htpasswd /usr/shar

如何在域中電腦安裝被殺毒軟件直接查殺的財務軟件？

sym 客戶端軟件才會電腦安裝三方問題安全視頻部署如何在域中電腦安裝被殺毒軟件直接查殺的財務軟件？ ?Lander Zhang 專註外企按需IT基礎架構運維服務，IT Helpdesk 實戰培訓踐行者博客：https://blog.51cto.com/lan

linux簡單命令8---軟件包安裝

yum安裝 .com 軟件包 rpm http span 軟件包安裝 image size 1:使用yum安裝，它不能包查詢和包校驗。它安裝的是RPM格式文件。沒有yum文件 ------------------------------------------

錯誤卸載軟件導致Windows7系統中的軟件無法播放視頻

gb2 content win net window text bsp 技術分享 pan 1、錯誤描寫敘述 2、錯誤原因在卸載軟件時。不小心將Windows7中的服務給刪除了 3、解決的方法又一次安裝操作系統錯誤卸載軟件導致Wind

linux系統掛載windows文件夾

linux系統掛載windows文件夾首先啊,我在網上查了,都是直接mount或者mount.cifs 用戶密碼目錄就行了,但是我死活都掛載不上,各種無語,網上查了好多的前輩的掛載方法,但是我就是掛在不上,報錯如下:[[email protected]/* */ tuxiang]# mount.c

殺毒軟件框架設計

文本文圖片繼續查找文件方式找文件使用特點 folder 這個軟件，既可以對文件夾殺毒，也可以對某個指定的文件進行殺毒。可以根據不同文件的特點，為不同的文件提供不同的殺毒方式。圖片文件和文本文件的殺毒方式是有差異的。文件夾中包含文件和文件夾，在文件夾中可以包含

Linux系統查看系統是32位還是64位方法總結 in 創新實訓

-a 如果 rep 分享查看 blog cpu 整理 ble 這篇博客是總結、歸納查看Linux系統是32位還是64位的一些方法，很多內容來自網上網友的博客。本篇只是整理、梳理這方面的知識，方便自己忘記的時候隨時查看。方法1：getconf LONG_BIT 查看如下

Linux系統查毒軟件ClamAV (在線安裝)

相關推薦