Clamav on Net Boy https://lian.st/tags/clamav/ Recent content in Clamav on Net Boy Hugo -- gohugo.io en-gb Tue, 12 Mar 2024 17:36:15 +0800 Debian安裝ClamAV病毒掃描工具 https://lian.st/posts/976927fe/ Tue, 12 Mar 2024 17:36:15 +0800 https://lian.st/posts/976927fe/ <p><img alt="Debian安裝ClamAV病毒掃描工具" src="https://b2.ccc.re/images/2024/12/18/clamav.png"></p> <h2 id="安裝">安裝</h2> <pre tabindex="0"><code>## Debian sudo apt-get update sudo apt-get install clamav clamav-daemon ## Centos sudo yum install epel-release sudo yum install clamav clamav-update </code></pre><h2 id="配置">配置</h2> <pre tabindex="0"><code># 如果日志文件不存在的話,需要手動創建。 sudo touch /var/log/clamav/freshclam.log sudo chown clamav:clamav /var/log/clamav/freshclam.log sudo chmod 644 /var/log/clamav/freshclam.log </code></pre><h2 id="使用">使用</h2> <p>安裝之後,需要重啓一下機器,否則啓動服務不生效(至少我操作的時候是這樣的)。</p> <h3 id="啓動服務">啓動服務</h3> <pre tabindex="0"><code>sudo systemctl start clamav-daemon # 或者 sudo systemctl restart clamav-daemon </code></pre><h3 id="查看服務狀態">查看服務狀態</h3> <pre tabindex="0"><code>root@debian:/home/ghost# systemctl status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Wed 2024-12-18 00:27:03 EST; 2min 27s ago TriggeredBy: ● clamav-daemon.socket Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ Process: 823 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 830 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Main PID: 831 (clamd) Tasks: 2 (limit: 2264) Memory: 1.5G CPU: 12.447s CGroup: /system.slice/clamav-daemon.service └─831 /usr/sbin/clamd --foreground=true Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -&gt; Portable Executable support enabled. Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -&gt; ELF support enabled. Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -&gt; Mail files support enabled. Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -&gt; OLE2 support enabled. </code></pre><h3 id="更新病毒庫">更新病毒庫</h3> <pre tabindex="0"><code>root@debian:/home/ghost# freshclam Wed Dec 18 00:29:38 2024 -&gt; ClamAV update process started at Wed Dec 18 00:29:38 2024 Wed Dec 18 00:29:38 2024 -&gt; daily.cld database is up-to-date (version: 27490, sigs: 2070490, f-level: 90, builder: raynman) Wed Dec 18 00:29:38 2024 -&gt; main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Wed Dec 18 00:29:38 2024 -&gt; bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)xxxxxxxxxx6 1更新 Cla•mAV 的病毒數據庫root@debian:/home/ghost# freshclam2Wed Dec 18 00:29:38 2024 -&gt; ClamAV update process started at Wed Dec 18 00:29:38 20243Wed Dec 18 00:29:38 2024 -&gt; daily.cld database is up-to-date (version: 27490, sigs: 2070490, f-level: 90, builder: raynman)4Wed Dec 18 00:29:38 2024 -&gt; main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)5Wed Dec 18 00:29:38 2024 -&gt; bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)6 </code></pre><h3 id="常用命令">常用命令</h3> <h4 id="掃描單個文件">掃描單個文件</h4> <pre tabindex="0"><code>語法:clamscan /path/to/your/file root@debian:/home/ghost# clamscan /etc/passwd Loading: 15s, ETA: 0s [========================&gt;] 8.70M/8.70M sigs Compiling: 6s, ETA: 0s [========================&gt;] 41/41 tasks /etc/passwd: OK ----------- SCAN SUMMARY ----------- Known viruses: 8702280 Engine version: 1.0.7 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 22.179 sec (0 m 22 s) Start Date: 2024:12:18 00:37:07 End Date: 2024:12:18 00:37:29 </code></pre><h4 id="掃描整個目錄">掃描整個目錄</h4> <pre tabindex="0"><code>clamscan -r /path/to/directory </code></pre><h4 id="自動刪除檢測到的病毒">自動刪除檢測到的病毒</h4> <pre tabindex="0"><code>clamscan --remove -r /path/to/directory </code></pre><h4 id="掃描結果生成報告">掃描結果生成報告</h4> <pre tabindex="0"><code>clamscan -r /path/to/directory &gt; scanreport.txt </code></pre><h4 id="顯示掃描到的病毒信息">顯示掃描到的病毒信息</h4> <pre tabindex="0"><code>clamscan -r --bell -i /path/to/directory </code></pre><h2 id="clamdscan">clamdscan</h2> <p><code>clamdscan</code> 是 Cla­mAV 防病毒服务器 <code>clamd</code> 的客户端,用于与后台持续运行并加载病毒数据库的 <code>clamd</code> 进行交互以执行病毒扫描,使得频繁或大规模的扫描任务更加高效。</p>