ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

官网:http://www.clamav.net/

一、CentOS环境安装

# yum install -y epel-release

# yum install -y clamav

二、病毒库更新检查:freshclam

# freshclam

ClamAV update process started at Fri Sep  ::

main.cld is up to date (version: , sigs: , f-level: , builder: sigmgr)

Downloading daily-.cdiff [%]

daily.cld updated (version: , sigs: , f-level: , builder: neo)

bytecode.cld is up to date (version: , sigs: , f-level: , builder: neo)

Database updated ( signatures) from db.local.clamav.net (IP: 203.178.137.175)

三、帮助文档

# clamscan --help

                       Clam AntiVirus Scanner 0.99.

           By The ClamAV Team: http://www.clamav.net/about.html#credits

           (C) - Cisco Systems, Inc.

    --help                -h             Print this help screen

    --version             -V             Print version number

    --verbose             -v             Be verbose

    --archive-verbose     -a             Show filenames inside scanned archives

    --debug                              Enable libclamav's debug messages

    --quiet                              Only output error messages

    --stdout                             Write to stdout instead of stderr

    --no-summary                         Disable summary at end of scanning

    --infected            -i             Only print infected files

    --suppress-ok-results -o             Skip printing OK files

    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY

    --leave-temps[=yes/no(*)]            Do not remove temporary files

    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load

                                         all supported db files from DIR

    --official-db-only[=yes/no(*)]       Only load official signatures

    --log=FILE            -l FILE        Save scan report to FILE

    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively

    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match

    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems

    --follow-dir-symlinks[=/(*)/]     Follow directory symlinks ( = never,  = direct,  = always)

    --follow-file-symlinks[=/(*)/]    Follow file symlinks ( = never,  = direct,  = always)

    --file-list=FILE      -f FILE        Scan files from FILE

    --remove[=yes/no(*)]                 Remove infected files. Be careful!

    --move=DIRECTORY                     Move infected files into DIRECTORY

    --copy=DIRECTORY                     Copy infected files into DIRECTORY

    --exclude=REGEX                      Don't scan file names matching REGEX

    --exclude-dir=REGEX                  Don't scan directories matching REGEX

    --include=REGEX                      Only scan file names matching REGEX

    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database

    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode

    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)

    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics

    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications

    --exclude-pua=CAT                    Skip PUA sigs of category CAT

    --include-pua=CAT                    Load PUA sigs of category CAT

    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)

    --structured-ssn-format=X            SSN format (=normal,=stripped,=both)

    --structured-ssn-count=N             Min SSN count to generate a detect

    --structured-cc-count=N              Min CC count to generate a detect

    --scan-mail[=yes(*)/no]              Scan mail files

    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection

    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection

    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found

    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)

    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)

    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.

    --algorithmic-detection[=yes(*)/no]  Algorithmic detection

    --scan-pe[=yes(*)/no]                Scan PE files

    --scan-elf[=yes(*)/no]               Scan ELF files

    --scan-ole2[=yes(*)/no]              Scan OLE2 containers

    --scan-pdf[=yes(*)/no]               Scan PDF files

    --scan-swf[=yes(*)/no]               Scan SWF files

    --scan-html[=yes(*)/no]              Scan HTML files

    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files

    --scan-hwp3[=yes(*)/no]              Scan HWP3 files

    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)

    --detect-broken[=yes/no(*)]          Try to detect broken executable files

    --block-encrypted[=yes/no(*)]        Block encrypted archives

    --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros

    --nocerts                            Disable authenticode certificate chain verification in PE files

    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean

    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)

    --max-files=#n                       The maximum number of files to scan for each container file (**)

    --max-recursion=#n                   Maximum archive recursion level for container file (**)

    --max-dir-recursion=#n               Maximum directory recursion level

    --max-embeddedpe=#n                  Maximum size file to check for embedded PE

    --max-htmlnormalize=#n               Maximum size of HTML file to normalize

    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan

    --max-scriptnormalize=#n             Maximum size of script file to normalize

    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned

    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned

    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function

    --pcre-match-limit=#n                Maximum calls to the PCRE match function.

    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.

    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.

    --enable-stats                       Enable statistical reporting of malware

    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions

    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server

    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.

    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

(*) Default scan settings

(**) Certain files (e.g. documents, archives, etc.) may in turn contain other

   files inside. The above options ensure safe processing of this kind of data.

四、病毒扫描:clamscan(递归扫描+扫描路径输出)

# clamscan -r /root/ --stdout

/root/.cshrc: OK

/root/.abrt/applet_dirlist: Empty file

/root/ossec-hids-2.8..tar.gz: OK

/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND

/root/.gconfd/saved_state: OK

/root/rootkit.exe: Empty file

/root/clam_log_170922.txt: OK

/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND

/root/.imsettings.log: OK

/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND

/root/chkrootkit-0.52/ifpromisc.c: OK

/root/chkrootkit-0.52/chkrootkit.lsm: OK

/root/chkrootkit-0.52/COPYRIGHT: OK

...

----------- SCAN SUMMARY -----------

Known viruses:

Engine version: 0.99.

Scanned directories:

Scanned files: 

Infected files: 23

Data scanned: 133.68 MB

Data read: 87.24 MB (ratio 1.53:)

Time: 38.355 sec ( m  s)

Linux系统查毒软件ClamAV (online)的更多相关文章

  1. linux系统查毒软件ClamAV

    安装方法: 长久使用参考: http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined 临时使用参考: htt ...

  2. Ubuntu等Linux系统显卡性能测试软件 Unigine 3D

    Ubuntu等Linux系统显卡性能测试软件 Unigine 3D Ubuntu Intel显卡驱动安装,请参考: http://blog.csdn.net/zhangrelay/article/de ...

  3. Linux系统中安装软件方法总结

    Linux系统中安装软件方法总结 [1]Linux系统中安装软件的几种方式 [2] Linux配置yum源(本地源和网络源) [3] SuSE下zypper源配置 [4] SUSE zypper 本地 ...

  4. Linux上的防病毒软件ClamAV

    Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix-like系统架设的邮 ...

  5. Linux系统及常用软件的安装

    注释:看了很多人说在Windows下面跑机器学习就和大人一直用勺子吃饭一样,应该用更...刚写到这里Linux又奔溃了-- 以后就在Linux上跑程序了,告别Windows的时代... 别看下面的安装 ...

  6. Linux系统学习07-Centos软件安装几种方法

    配置好Centos一些基础设置后,接下来就是学习平时使用最多的软件安装. windwos下软件安装非常简单,就是下载好安装包,然后双击就会自动安装. 而Centos里面安装软件的方式方法有区别,熟悉几 ...

  7. Linux系统上安装软件(JDK以及tomcat服务器)

    一:安装jdk linux系统上面如果运行java程序,就需要安装java的运行环境(jdk) 1:下载linux版本的jdk 地址:http://www.oracle.com/technetwork ...

  8. Linux系统上安装软件(ftp服务器)

    一:安装ftp服务器 在安装linux系统的时候,自定义软件包安装时,我已经勾选了ftp服务器,所以已经 安装过了,如果没有勾选,需要额外下载ftp的安装包,进行安装. ftp服务器搭建过程中遇到的问 ...

  9. VMware下安装Linux系统,ORACLE软件,DBCA建库

    操作系统安装   在vmware下安装Linux (OEL5.6),用于数据库服务器 1.打开vmware,选择"创建新的虚拟机"       2.选择自定义安装   3.选择虚拟 ...

随机推荐

  1. POJ1742----Coins

    背包专题:http://www.cnblogs.com/qq188380780/p/6409474.html //多重背包 #include<cstdio> ],a[][]; int Ro ...

  2. 洛谷 P2814 家谱(gen)

    题目背景 现代的人对于本家族血统越来越感兴趣. 题目描述 给出充足的父子关系,请你编写程序找到某个人的最早的祖先. 输入输出格式 输入格式: 输入由多行组成,首先是一系列有关父子关系的描述,其中每一组 ...

  3. 洛谷.3369.[模板]普通平衡树(fhq Treap)

    题目链接 第一次(2017.12.24): #include<cstdio> #include<cctype> #include<algorithm> //#def ...

  4. 常用的Lambda表达式

     Java 8 引入Lambda表达式,对于Java开发人员来说是一大福利,简化了代码,提高了开发效率. 本文主要讲解日常开发中使用频率比较高的几类Lambda表达式. 集合 Lambda表达式的引入 ...

  5. 狄克斯特拉算法(Python实现)

    概述 狄克斯特拉算法--用于在加权图中找到最短路径 ps: 广度优先搜索--用于解决非加权图的最短路径问题 存在负权边时--贝尔曼-福德算法 下面是来自维基百科的权威解释. 戴克斯特拉算法(英语:Di ...

  6. 面试题fugui02

    一.概念题 1.描述对super.pass.yield.lambda关键字修饰的理解 2.大致描述一下python GIL的机制,以及python中多线程和多进程的区别 GIL全局解释器锁,是pyth ...

  7. python网络编程(九)

    单进程服务器-非堵塞模式 服务器 #coding=utf-8 from socket import * import time # 用来存储所有的新链接的socket g_socketList = [ ...

  8. 超详细 Spring @RequestMapping 注解使用技巧

    @RequestMapping 是 Spring Web 应用程序中最常被用到的注解之一.这个注解会将 HTTP 请求映射到 MVC 和 REST 控制器的处理方法上. 在这篇文章中,你将会看到 @R ...

  9. C_狐狸和兔子的故事

    题目描述 围绕着山顶有10个洞,一只狐狸和一只兔子各住一个洞.狐狸总想吃掉兔子.一天兔子对狐狸说:“你想吃我有一个条件,先把洞从1-10编上号,你从10号洞出发,先到1号洞找我:第二次隔1个洞找我,第 ...

  10. swiper默认显示三个,中间放大且显示全部图片两边显示部分图片的实现方法

    本页面内容最后的红色部分有惊喜哦! 最近在做一个活动页面,要求触摸切换图片时,默认在可视区域中显示三张图片,其中中间的一张图片比其他两张都大且全部显示,而其他两张图片只显示部分即可,于是就想到了swi ...