在Linux 上使用clamav 扫描文件,检查文件是否异常
sudo yum install clamav clamav-scanner-sysvinit clamav-update -y
DataBaseDirectory: /var/lib/clamav
UpdateLogFile: /var/log/freshclam.log
DatabaseOwner: clamupdate
更新配置文件 freshclam.conf
sed -i -e "s/Example/#Example/" freshclam.conf
sed -i -e "s:#DatabaseDirectory /var/lib/clamav:DatabaseDirectory /var/lib/clamav:" freshclam.conf
sed -i -e "s:#UpdateLogFile /var/log/freshclam.log:UpdateLogFile /var/log/freshclam.log:" freshclam.conf
sed -i -e "s/#DatabaseOwner clamupdate/DatabaseOwner clamupdate/" freshclam.conf
配置生效:
sudo freshclam
扫描配置文件: /etc/clamd.d/scan.conf
主要配置:
LocalSocket :/var/run/clamd.scan/clamd.sock
FixStaleSocket: yes
TCPSocket :3310
TCPAddr :127.0.0.1
更新系统文件扫描配置:
sed -i -e "s/Example/#Example/" /etc/clamd.d/scan.conf sed -i -e "s:#LocalSocket /var/run/clamd.scan/clamd.sock:LocalSocket /var/run/clamd.scan/clamd.sock:" /etc/clamd.d/scan.conf sed -i -e "s/#FixStaleSocket yes/FixStaleSocket yes/" /etc/clamd.d/scan.conf sed -i -e "s/#TCPSocket 3310/TCPSocket 3310/" /etc/clamd.d/scan.conf sed -i -e "s/#TCPAddr 127.0.0.1/TCPAddr 127.0.0.1/" /etc/clamd.d/scan.conf
扫描启动:
sudo service clamd.scan start
自动启动设定:
sudo chkconfig clamd.scan on
chkconfig
sudo ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
检查电脑内的所有文件并显示文件名:
clamscan -r /
检查所有文件,但只显示异常文件名:
clamscan -r –bell -i /
扫描所有文件,仅显示后台运行中的异常文件:
clamscan -r -i / &
检查所有用户home目录的所有文件:
clamscan -r /home
检查用户home目录文件并将异常文件移动到另外一个文件夹:
clamscan -r –move=/home/USER/VIRUS /home/USER
检查用户home目录文件并移除异常文件:
clamscan -r –remove /home/USER