一 ClamAV是一个开源的防病毒引擎,用于检测木马,病毒,恶意软件和其他 恶意威胁。
官网地址
二 安装
1 开始安装
sudo apt update
sudo apt install clamav clamav-daemon
#查看版本
snort$ clamscan -V
ClamAV 1.0.5/27292/Fri May 31 16:31:14 2024
#ClamAV以daemon方式运行
ps aux| grep clamav
clamav 986 0.3 23.8 1546412 1351424 ? Ssl 19:57 0:16 /usr/sbin/clamd --foreground=true2 升级病毒库
sudo freshclam
ClamAV update process started at Fri May 31 21:06:01 2024
Fri May 31 21:06:01 2024 -> daily.cvd database is up-to-date (version: 27292, sigs: 2061953, f-level: 90, builder: raynman)
Fri May 31 21:06:01 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri May 31 21:06:01 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)3 ClamAV扫描
#扫描某个目录
#扫描目录以及子目录所有文件,将扫描结果存放到log中
sudo /usr/bin/clamscan -r /home/test/perl5/ -l /var/log/clamav/clamd.log
#输出如下
Loading: 21s, ETA: 0s [========================>] 8.69M/8.69M sigs
Compiling: 3s, ETA: 0s [========================>] 41/41 tasks
/home/test/perl5/perlbrew/etc/bashrc: OK
/home/test/perl5/perlbrew/etc/csh_set_path: OK
/home/test/perl5/perlbrew/etc/perlbrew-completion.bash: OK
/home/test/perl5/perlbrew/etc/csh_wrapper: OK
/home/test/perl5/perlbrew/etc/perlbrew.fish: OK
/home/test/perl5/perlbrew/etc/cshrc: OK
/home/test/perl5/perlbrew/etc/csh_reinit: OK
----------- SCAN SUMMARY -----------
Known viruses: 8693777
Engine version: 1.0.5
Scanned directories: 7
Scanned files: 7
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 1.00:1)
Time: 24.591 sec (0 m 24 s)
Start Date: 2024:05:31 21:17:46
End Date: 2024:05:31 21:18:11
#扫描过程中,只显示有问题的文件
sudo /usr/bin/clamscan --bell -i -r /home/test/perl5/
#测试代码
cat test.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
#测试扫描
sudo /usr/bin/clamscan -r test.txt
Loading: 14s, ETA: 0s [========================>] 8.69M/8.69M sigs
Compiling: 3s, ETA: 0s [========================>] 41/41 tasks
/var/log/clamav/test.txt: Eicar-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8693777
Engine version: 1.0.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.867 sec (0 m 17 s)
Start Date: 2024:05:31 21:43:28
End Date: 2024:05:31 21:43:46
三 ClamAV定时任务
1 freshclam更新
#每天凌晨更新病毒库
sudo vim /etc/crontab
0 0 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/clamav.log2 定时扫描文件
15 0 * * * sudo /usr/bin/clamscan --bell -i -r /home/test
