Linux系统查毒软件ClamAV (online)
ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。
官网:http://www.clamav.net/
一、CentOS环境安装
# yum install -y epel-release
# yum install -y clamav
二、病毒库更新检查:freshclam
# freshclam
ClamAV update process started at Fri Sep ::
main.cld is up to date (version: , sigs: , f-level: , builder: sigmgr)
Downloading daily-.cdiff [%]
daily.cld updated (version: , sigs: , f-level: , builder: neo)
bytecode.cld is up to date (version: , sigs: , f-level: , builder: neo)
Database updated ( signatures) from db.local.clamav.net (IP: 203.178.137.175)
三、帮助文档
# clamscan --help Clam AntiVirus Scanner 0.99.
By The ClamAV Team: http://www.clamav.net/about.html#credits
(C) - Cisco Systems, Inc. --help -h Print this help screen
--version -V Print version number
--verbose -v Be verbose
--archive-verbose -a Show filenames inside scanned archives
--debug Enable libclamav's debug messages
--quiet Only output error messages
--stdout Write to stdout instead of stderr
--no-summary Disable summary at end of scanning
--infected -i Only print infected files
--suppress-ok-results -o Skip printing OK files
--bell Sound bell on virus detection --tempdir=DIRECTORY Create temporary files in DIRECTORY
--leave-temps[=yes/no(*)] Do not remove temporary files
--database=FILE/DIR -d FILE/DIR Load virus database from FILE or load
all supported db files from DIR
--official-db-only[=yes/no(*)] Only load official signatures
--log=FILE -l FILE Save scan report to FILE
--recursive[=yes/no(*)] -r Scan subdirectories recursively
--allmatch[=yes/no(*)] -z Continue scanning within file after finding a match
--cross-fs[=yes(*)/no] Scan files and directories on other filesystems
--follow-dir-symlinks[=/(*)/] Follow directory symlinks ( = never, = direct, = always)
--follow-file-symlinks[=/(*)/] Follow file symlinks ( = never, = direct, = always)
--file-list=FILE -f FILE Scan files from FILE
--remove[=yes/no(*)] Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--exclude=REGEX Don't scan file names matching REGEX
--exclude-dir=REGEX Don't scan directories matching REGEX
--include=REGEX Only scan file names matching REGEX
--include-dir=REGEX Only scan directories matching REGEX --bytecode[=yes(*)/no] Load bytecode from the database
--bytecode-unsigned[=yes/no(*)] Load unsigned bytecode
--bytecode-timeout=N Set bytecode timeout (in milliseconds)
--statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
--detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card)
--structured-ssn-format=X SSN format (=normal,=stripped,=both)
--structured-ssn-count=N Min SSN count to generate a detect
--structured-cc-count=N Min CC count to generate a detect
--scan-mail[=yes(*)/no] Scan mail files
--phishing-sigs[=yes(*)/no] Signature-based phishing detection
--phishing-scan-urls[=yes(*)/no] URL-based phishing detection
--heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
--phishing-ssl[=yes/no(*)] Always block SSL mismatches in URLs (phishing module)
--phishing-cloak[=yes/no(*)] Always block cloaked URLs (phishing module)
--partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.
--algorithmic-detection[=yes(*)/no] Algorithmic detection
--scan-pe[=yes(*)/no] Scan PE files
--scan-elf[=yes(*)/no] Scan ELF files
--scan-ole2[=yes(*)/no] Scan OLE2 containers
--scan-pdf[=yes(*)/no] Scan PDF files
--scan-swf[=yes(*)/no] Scan SWF files
--scan-html[=yes(*)/no] Scan HTML files
--scan-xmldocs[=yes(*)/no] Scan xml-based document files
--scan-hwp3[=yes(*)/no] Scan HWP3 files
--scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)
--detect-broken[=yes/no(*)] Try to detect broken executable files
--block-encrypted[=yes/no(*)] Block encrypted archives
--block-macros[=yes/no(*)] Block OLE2 files with VBA macros
--nocerts Disable authenticode certificate chain verification in PE files
--dumpcerts Dump authenticode certificate chain in PE files --max-filesize=#n Files larger than this will be skipped and assumed clean
--max-scansize=#n The maximum amount of data to scan for each container file (**)
--max-files=#n The maximum number of files to scan for each container file (**)
--max-recursion=#n Maximum archive recursion level for container file (**)
--max-dir-recursion=#n Maximum directory recursion level
--max-embeddedpe=#n Maximum size file to check for embedded PE
--max-htmlnormalize=#n Maximum size of HTML file to normalize
--max-htmlnotags=#n Maximum size of normalized HTML file to scan
--max-scriptnormalize=#n Maximum size of script file to normalize
--max-ziptypercg=#n Maximum size zip to type reanalyze
--max-partitions=#n Maximum number of partitions in disk image to be scanned
--max-iconspe=#n Maximum number of icons in PE file to be scanned
--max-rechwp3=#n Maximum recursive calls to HWP3 parsing function
--pcre-match-limit=#n Maximum calls to the PCRE match function.
--pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function.
--pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching.
--enable-stats Enable statistical reporting of malware
--disable-pe-stats Disable submission of individual PE sections in stats submissions
--stats-timeout=#n Number of seconds to wait for waiting a response back from the stats server
--stats-host-id=UUID Set the Host ID used when submitting statistical info.
--disable-cache Disable caching and cache checks for hash sums of scanned files. (*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
files inside. The above options ensure safe processing of this kind of data.
四、病毒扫描:clamscan(递归扫描+扫描路径输出)
# clamscan -r /root/ --stdout
/root/.cshrc: OK
/root/.abrt/applet_dirlist: Empty file
/root/ossec-hids-2.8..tar.gz: OK
/root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND
/root/.gconfd/saved_state: OK
/root/rootkit.exe: Empty file
/root/clam_log_170922.txt: OK
/root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND
/root/.imsettings.log: OK
/root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND
/root/chkrootkit-0.52/ifpromisc.c: OK
/root/chkrootkit-0.52/chkrootkit.lsm: OK
/root/chkrootkit-0.52/COPYRIGHT: OK ... ----------- SCAN SUMMARY -----------
Known viruses:
Engine version: 0.99.
Scanned directories:
Scanned files:
Infected files: 23
Data scanned: 133.68 MB
Data read: 87.24 MB (ratio 1.53:)
Time: 38.355 sec ( m s)
Linux系统查毒软件ClamAV (online)的更多相关文章
- linux系统查毒软件ClamAV
安装方法: 长久使用参考: http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined 临时使用参考: htt ...
- Ubuntu等Linux系统显卡性能测试软件 Unigine 3D
Ubuntu等Linux系统显卡性能测试软件 Unigine 3D Ubuntu Intel显卡驱动安装,请参考: http://blog.csdn.net/zhangrelay/article/de ...
- Linux系统中安装软件方法总结
Linux系统中安装软件方法总结 [1]Linux系统中安装软件的几种方式 [2] Linux配置yum源(本地源和网络源) [3] SuSE下zypper源配置 [4] SUSE zypper 本地 ...
- Linux上的防病毒软件ClamAV
Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布.目前ClamAV主要是使用在由Linux.FreeBSD等Unix-like系统架设的邮 ...
- Linux系统及常用软件的安装
注释:看了很多人说在Windows下面跑机器学习就和大人一直用勺子吃饭一样,应该用更...刚写到这里Linux又奔溃了-- 以后就在Linux上跑程序了,告别Windows的时代... 别看下面的安装 ...
- Linux系统学习07-Centos软件安装几种方法
配置好Centos一些基础设置后,接下来就是学习平时使用最多的软件安装. windwos下软件安装非常简单,就是下载好安装包,然后双击就会自动安装. 而Centos里面安装软件的方式方法有区别,熟悉几 ...
- Linux系统上安装软件(JDK以及tomcat服务器)
一:安装jdk linux系统上面如果运行java程序,就需要安装java的运行环境(jdk) 1:下载linux版本的jdk 地址:http://www.oracle.com/technetwork ...
- Linux系统上安装软件(ftp服务器)
一:安装ftp服务器 在安装linux系统的时候,自定义软件包安装时,我已经勾选了ftp服务器,所以已经 安装过了,如果没有勾选,需要额外下载ftp的安装包,进行安装. ftp服务器搭建过程中遇到的问 ...
- VMware下安装Linux系统,ORACLE软件,DBCA建库
操作系统安装 在vmware下安装Linux (OEL5.6),用于数据库服务器 1.打开vmware,选择"创建新的虚拟机" 2.选择自定义安装 3.选择虚拟 ...
随机推荐
- python 数据结构之二叉树
二叉树关键在构建和遍历,python实现相对简单,我们在实现需要用到类,分别设置爱左右子树,根节点,然后从根进行遍历,进行判断,若为空进行树的构建,非空则返回到列表中即可,我在进行遍历时产生了一个错误 ...
- HTTP STATUS CODE: 521的解决办法
https://blog.csdn.net/wangdepei/article/details/84798601
- asp.net core 上使用redis探索(3)--redis示例demo
由于是基于.net-core平台,所以,我们最好是基于IDistributedCache接口来实现.ASP.NET-CORE下的官方redis客户端实现是基于StackExchange的.但是官方提供 ...
- sql的简单操作
mysql 一.mysql简介和安装 MySQL是一个关系型数据库管理系统,由瑞典MySQL AB 公司开发,目前属于 Oracle 旗下公司.MySQL 最流行的关系型数据库管理系统,在 WEB 应 ...
- BZOJ.3992.[SDOI2015]序列统计(DP NTT 原根)
题目链接 \(Description\) 给定\(n,m,x\)和集合\(S\).求\(\prod_{i=1}^na_i\equiv x\ (mod\ m)\)的方案数.其中\(a_i\in S\). ...
- (转)HashMap底层实现原理/HashMap与HashTable区别/HashMap与HashSet区别
①HashMap的工作原理 HashMap基于hashing原理,我们通过put()和get()方法储存和获取对象.当我们将键值对传递给put()方法时,它调用键对象的hashCode()方法来计算h ...
- python网络编程(十一)
epoll版-TCP服务器 1. epoll的优点: 没有最大并发连接的限制,能打开的FD(指的是文件描述符,通俗的理解就是套接字对应的数字编号)的上限远大于1024 效率提升,不是轮询的方式,不会随 ...
- Wooden Sticks [POJ1065] [DP]
Description 有N根木棍等待处理.机器在处理第一根木棍时需要准备1分钟,此后遇到长宽都不大于前一根木棍的木棍就不需要时间准备,反之则需要1分钟重新准备.比如木棍按照(3,3).(1,3).( ...
- js计算总页数
前端js取余是a%b 取除数parseInt(a / b) /** * 总页数@param(总条数,每页总条数) */ function pageTotal(rowCount, pageSize) { ...
- Spring-context 实现Hello World
Spring-context 实现Hello World 本文作为Spring入门笔记,用Spring-context实现控制台的hello world Spring简介 Spring是一个开放源代码 ...