ClamAV是一个C语言开发的开源病毒扫描工具用于检测木马/病毒/恶意软件等。可以在线更新病毒库,Linux系统的病毒较少,但是并不意味着病毒免疫,尤其是对于诸如邮件或者归档文件中夹杂的病毒往往更加难以防范,而ClamAV则能起到不少作用。
官网:ClamAVNet
Centos7.4部署:
yum -y install clamav
[root@ky_backup ~]# clamscan --version
ClamAV 0.103.4
扫描文件:
使用clamscan命令行对某一目录进行扫描,可以确认结果是否OK,同时会给出一个扫描的总体信息,其中Infected files是扫描出来的被感染的文件个数。比如如下示例表明对/root目录下的文件进行扫描,未发现感染文件的情况。
[root@ky_backup ~]# clamscan /opt
LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav
ERROR: Can't open file or directory
----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.103.4
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.002 sec (0 m 0 s)
Start Date: 2022:01:20 16:25:02
End Date: 2022:01:20 16:25:02
报错没有病毒库;
更新av数据库:
sudo freshclam #takes ~30 minutes to download definitions
然后在进行扫描:
[root@ky_backup ~]# clamscan /root
/root/.bash_logout: OK
/root/.bash_profile: OK
/root/.bashrc: OK
/root/.cshrc: OK
/root/.tcshrc: OK
/root/anaconda-ks.cfg: OK
/root/.bash_history: OK
/root/.viminfo: OK
----------- SCAN SUMMARY -----------
Known viruses: 1956591
Engine version: 0.103.4
Scanned directories: 1
Scanned files: 8
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.986 sec (0 m 5 s)
Start Date: 2022:01:20 16:30:15
End Date: 2022:01:20 16:30:21
其它命令:
clamscan --remove /root #扫描并删除刚染文件;