zoukankan      html  css  js  c++  java
  • Linux系统查毒软件ClamAV (online)

    ClamAV是一个可用于Linux平台上的开源杀毒引擎,可检测木马、病毒、恶意软件和其他恶意的威胁。

    官网:http://www.clamav.net/

    一、CentOS环境安装

    # yum install -y epel-release
    # yum install -y clamav

    二、病毒库更新检查:freshclam 

    # freshclam 
    ClamAV update process started at Fri Sep 22 17:43:55 2017
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily-23862.cdiff [100%]
    daily.cld updated (version: 23862, sigs: 1743102, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 312, sigs: 74, f-level: 63, builder: neo)
    Database updated (6309425 signatures) from db.local.clamav.net (IP: 203.178.137.175)

    三、帮助文档

    # clamscan --help
    
                           Clam AntiVirus Scanner 0.99.2
               By The ClamAV Team: http://www.clamav.net/about.html#credits
               (C) 2007-2015 Cisco Systems, Inc.
    
        --help                -h             Print this help screen
        --version             -V             Print version number
        --verbose             -v             Be verbose
        --archive-verbose     -a             Show filenames inside scanned archives
        --debug                              Enable libclamav's debug messages
        --quiet                              Only output error messages
        --stdout                             Write to stdout instead of stderr
        --no-summary                         Disable summary at end of scanning
        --infected            -i             Only print infected files
        --suppress-ok-results -o             Skip printing OK files
        --bell                               Sound bell on virus detection
    
        --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
        --leave-temps[=yes/no(*)]            Do not remove temporary files
        --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                             all supported db files from DIR
        --official-db-only[=yes/no(*)]       Only load official signatures
        --log=FILE            -l FILE        Save scan report to FILE
        --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
        --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
        --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
        --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
        --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
        --file-list=FILE      -f FILE        Scan files from FILE
        --remove[=yes/no(*)]                 Remove infected files. Be careful!
        --move=DIRECTORY                     Move infected files into DIRECTORY
        --copy=DIRECTORY                     Copy infected files into DIRECTORY
        --exclude=REGEX                      Don't scan file names matching REGEX
        --exclude-dir=REGEX                  Don't scan directories matching REGEX
        --include=REGEX                      Only scan file names matching REGEX
        --include-dir=REGEX                  Only scan directories matching REGEX
    
        --bytecode[=yes(*)/no]               Load bytecode from the database
        --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
        --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
        --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
        --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
        --exclude-pua=CAT                    Skip PUA sigs of category CAT
        --include-pua=CAT                    Load PUA sigs of category CAT
        --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
        --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
        --structured-ssn-count=N             Min SSN count to generate a detect
        --structured-cc-count=N              Min CC count to generate a detect
        --scan-mail[=yes(*)/no]              Scan mail files
        --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
        --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
        --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
        --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
        --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
        --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.
        --algorithmic-detection[=yes(*)/no]  Algorithmic detection
        --scan-pe[=yes(*)/no]                Scan PE files
        --scan-elf[=yes(*)/no]               Scan ELF files
        --scan-ole2[=yes(*)/no]              Scan OLE2 containers
        --scan-pdf[=yes(*)/no]               Scan PDF files
        --scan-swf[=yes(*)/no]               Scan SWF files
        --scan-html[=yes(*)/no]              Scan HTML files
        --scan-xmldocs[=yes(*)/no]           Scan xml-based document files
        --scan-hwp3[=yes(*)/no]              Scan HWP3 files
        --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
        --detect-broken[=yes/no(*)]          Try to detect broken executable files
        --block-encrypted[=yes/no(*)]        Block encrypted archives
        --block-macros[=yes/no(*)]           Block OLE2 files with VBA macros
        --nocerts                            Disable authenticode certificate chain verification in PE files
        --dumpcerts                          Dump authenticode certificate chain in PE files
    
        --max-filesize=#n                    Files larger than this will be skipped and assumed clean
        --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
        --max-files=#n                       The maximum number of files to scan for each container file (**)
        --max-recursion=#n                   Maximum archive recursion level for container file (**)
        --max-dir-recursion=#n               Maximum directory recursion level
        --max-embeddedpe=#n                  Maximum size file to check for embedded PE
        --max-htmlnormalize=#n               Maximum size of HTML file to normalize
        --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
        --max-scriptnormalize=#n             Maximum size of script file to normalize
        --max-ziptypercg=#n                  Maximum size zip to type reanalyze
        --max-partitions=#n                  Maximum number of partitions in disk image to be scanned
        --max-iconspe=#n                     Maximum number of icons in PE file to be scanned
        --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function
        --pcre-match-limit=#n                Maximum calls to the PCRE match function.
        --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.
        --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.
        --enable-stats                       Enable statistical reporting of malware
        --disable-pe-stats                   Disable submission of individual PE sections in stats submissions
        --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server
        --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.
        --disable-cache                      Disable caching and cache checks for hash sums of scanned files.
    
    (*) Default scan settings
    (**) Certain files (e.g. documents, archives, etc.) may in turn contain other
       files inside. The above options ensure safe processing of this kind of data.
    View Code

     四、病毒扫描:clamscan(递归扫描+扫描路径输出)

    # clamscan -r /root/ --stdout
    /root/.cshrc: OK
    /root/.abrt/applet_dirlist: Empty file
    /root/ossec-hids-2.8.3.tar.gz: OK
    /root/virusDemo/virus/s.zip: Win.Trojan.HollandGirl-1 FOUND
    /root/.gconfd/saved_state: OK
    /root/rootkit.exe: Empty file
    /root/clam_log_170922.txt: OK
    /root/virusDemo/virus/l.zip: Win.Trojan.Radyum-2 FOUND
    /root/.imsettings.log: OK
    /root/virusDemo/virus/n.zip: Win.Trojan.Nympho-2 FOUND
    /root/chkrootkit-0.52/ifpromisc.c: OK
    /root/chkrootkit-0.52/chkrootkit.lsm: OK
    /root/chkrootkit-0.52/COPYRIGHT: OK
    
    ...
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 6303718
    Engine version: 0.99.2
    Scanned directories: 342
    Scanned files: 3927
    Infected files: 23
    Data scanned: 133.68 MB
    Data read: 87.24 MB (ratio 1.53:1)
    Time: 38.355 sec (0 m 38 s)
  • 相关阅读:
    彻底解决Spring MVC 中文乱码 问题
    侯捷 c++面向对象程序设计
    folly学习心得(转)
    vcpkg —— VC++ 打包工具
    Windows下安装GCC
    Linux下编写 makefile 详细教程
    侯捷stl学习笔记链接
    《Effective C++(第三版)》-笔记
    CentOS 7 安装Boost 1.61
    Windbg查看w3wp进程占用的内存及.NET内存泄露,死锁分析
  • 原文地址:https://www.cnblogs.com/tdcqma/p/7576183.html
Copyright © 2011-2022 走看看