Debian安裝ClamAV病毒掃描工具
安裝
## Debian
sudo apt-get update
sudo apt-get install clamav clamav-daemon
## Centos
sudo yum install epel-release
sudo yum install clamav clamav-update
配置
# 如果日志文件不存在的話,需要手動創建。
sudo touch /var/log/clamav/freshclam.log
sudo chown clamav:clamav /var/log/clamav/freshclam.log
sudo chmod 644 /var/log/clamav/freshclam.log
使用
安裝之後,需要重啓一下機器,否則啓動服務不生效(至少我操作的時候是這樣的)。
啓動服務
sudo systemctl start clamav-daemon
# 或者
sudo systemctl restart clamav-daemon
查看服務狀態
root@debian:/home/ghost# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: active (running) since Wed 2024-12-18 00:27:03 EST; 2min 27s ago
TriggeredBy: ● clamav-daemon.socket
Docs: man:clamd(8)
man:clamd.conf(5)
https://docs.clamav.net/
Process: 823 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
Process: 830 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
Main PID: 831 (clamd)
Tasks: 2 (limit: 2264)
Memory: 1.5G
CPU: 12.447s
CGroup: /system.slice/clamav-daemon.service
└─831 /usr/sbin/clamd --foreground=true
Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -> Portable Executable support enabled.
Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -> ELF support enabled.
Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -> Mail files support enabled.
Dec 18 00:27:16 debian clamd[831]: Wed Dec 18 00:27:16 2024 -> OLE2 support enabled.
更新病毒庫
root@debian:/home/ghost# freshclam
Wed Dec 18 00:29:38 2024 -> ClamAV update process started at Wed Dec 18 00:29:38 2024
Wed Dec 18 00:29:38 2024 -> daily.cld database is up-to-date (version: 27490, sigs: 2070490, f-level: 90, builder: raynman)
Wed Dec 18 00:29:38 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Dec 18 00:29:38 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)xxxxxxxxxx6 1更新 Cla•mAV 的病毒數據庫root@debian:/home/ghost# freshclam2Wed Dec 18 00:29:38 2024 -> ClamAV update process started at Wed Dec 18 00:29:38 20243Wed Dec 18 00:29:38 2024 -> daily.cld database is up-to-date (version: 27490, sigs: 2070490, f-level: 90, builder: raynman)4Wed Dec 18 00:29:38 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)5Wed Dec 18 00:29:38 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)6
常用命令
掃描單個文件
語法:clamscan /path/to/your/file
root@debian:/home/ghost# clamscan /etc/passwd
Loading: 15s, ETA: 0s [========================>] 8.70M/8.70M sigs
Compiling: 6s, ETA: 0s [========================>] 41/41 tasks
/etc/passwd: OK
----------- SCAN SUMMARY -----------
Known viruses: 8702280
Engine version: 1.0.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 22.179 sec (0 m 22 s)
Start Date: 2024:12:18 00:37:07
End Date: 2024:12:18 00:37:29
掃描整個目錄
clamscan -r /path/to/directory
自動刪除檢測到的病毒
clamscan --remove -r /path/to/directory
掃描結果生成報告
clamscan -r /path/to/directory > scanreport.txt
顯示掃描到的病毒信息
clamscan -r --bell -i /path/to/directory
clamdscan
clamdscan 是 ClamAV 防病毒服务器 clamd 的客户端,用于与后台持续运行并加载病毒数据库的 clamd 进行交互以执行病毒扫描,使得频繁或大规模的扫描任务更加高效。
掃描單個文件
通過使用clamdscan 可以看到比使用clamscan掃描單個文件節約了大約一半的時間。
root@debian:/home/ghost# clamdscan /etc/passwd
/etc/passwd: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 12.863 sec (0 m 12 s)
Start Date: 2024:12:18 00:40:10
End Date: 2024:12:18 00:40:23
掃描目錄
clamdscan -r /path/to/your/directory
多線程遞歸掃描
clamdscan --multiscan --fdpass /path/to/scan