wget https://github.com/Cisco-Talos/clamav/releases/download/clamav-1.3.1/clamav-1.3.1.linux.x86_64.deb dpkg -i clamav-1.3.1.linux.x86_64.deb cd /usr/local/etc/ && cp freshclam.conf.sample freshclam.conf # 编辑 freshclam.conf 注释包含字符串 Example 的行 touch /var/log/freshclam.log chown clamav.clamav /var/log/freshclam.log
/usr/local/bin/clamconf # 配置文件生成工具 /usr/local/bin/clamscan # 用于手工扫描的程序 /usr/local/bin/clamdscan # 依赖后台服务的扫描程序 /usr/local/bin/clamdtop # 监控守护程序 clamd /usr/local/bin/clamsubmit # ClamAV 的文件提交实用程序 /usr/local/bin/clamav-config # change libclamav prefix [default /usr/local] /usr/local/bin/clambc # 是 Clam Anti-Virus 的字节码签名测试工具。它可用于测试新制作的字节码签名或帮助验证现有字节码是否按预期针对样本执行 /usr/local/bin/freshclam # 病毒库文件 (.cvd) 下载、升级工具。在使用 ClamAV 扫描前,需执行病毒下载及升级 /usr/local/sbin/clamd # clamd 守护进程 /usr/local/sbin/clamonacc # 按需扫描程序(实时监控) <!-- more --> <!-- more --> # sigtool 命令行测试工具,用于帮助用户`创建和使用病毒签名` # 虽然 sigtool 有许多用途(包括制作签名),但值得注意的是 sigtool 能够帮助用户和分析人员确定 libclamav 病毒签名检测到的文件是否为误报 /usr/local/bin/sigtool # 默认配置模板 /usr/local/etc/clamd.conf.sample /usr/local/etc/freshclam.conf.sample
clamconf -g clamd.conf # clamd.conf freshclam.conf clamav-milter.conf
更新病毒库
freshclam #> ClamAV update process started at Thu Jul 11 09:13:49 2024 #> daily database available for download (remote version: 27333) #> Time: 14.7s, ETA: 0.0s [========================>] 60.91MiB/60.91MiB #> Testing database: '/var/lib/clamav/tmp.323dec9a1f/clamav-05a1dfc8f555474816a4959ac069095f.tmp-daily.cvd' ... #> Database test passed. #> daily.cvd updated (version: 27333, sigs: 2064131, f-level: 90, builder: raynman) #> main database available for download (remote version: 62) #> Time: 21.8s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB #> Testing database: '/var/lib/clamav/tmp.323dec9a1f/clamav-5fb574897c99d106694ccdebf3874608.tmp-main.cvd' ... #> Database test passed. #> main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) #> bytecode database available for download (remote version: 335) #> Time: 0.5s, ETA: 0.0s [========================>] 282.94KiB/282.94KiB #> Testing database: '/var/lib/clamav/tmp.323dec9a1f/clamav-2ab9699585fd9e9aaac156850c202456.tmp-bytecode.cvd' ... #> Database test passed. #> bytecode.cvd updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
命令行扫描 clamscan
clamscan 是一个命令行工具,它使用 libclamav 扫描文件或目录中的病毒,创建扫描报告,然后退出。与 clamdscan 不同,clamscan 不需要运行的 clamd 实例即可运行
执行病毒扫描 clamscan -r -i /etc/
# 选项 -r 递归扫描子目录,-i 仅打印已感染病毒的文件 ----------- SCAN SUMMARY ----------- Known viruses: 8695952 Engine version: 1.3.1 Scanned directories: 228 Scanned files: 708 Infected files: 0 # 已感染文件数 Data scanned: 3.20 MB Data read: 1.38 MB (ratio 2.32:1) Time: 25.450 sec (0 m 25 s) Start Date: 2024:07:11 09:18:04 End Date: 2024:07:11 09:18:29
cd /usr/local/etc && cp clamd.conf.sample clamd.conf
LogFile /tmp/clamd.log LogFileMaxSize 2M LogTime yes LogVerbose yes DatabaseDirectory /var/lib/clamav LocalSocket /tmp/clamd.sock TCPSocket 3310 # clamdscan 扫描时不扫描如下目录 ExcludePath ^/proc/ ExcludePath ^/sys/
[Unit] Description = clamd scanner daemon After = syslog.target nss-lookup.target network.target [Service] Type = forking ExecStart = /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf Restart = on-failure TimeoutStartSec = 420 [Install] WantedBy = multi-user.target
守护程序 clamd 大约占用内存 1.2 G,可通过命令systemctl status clamd.service查看
本文作者:小白
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!