CentOS 杀毒软件 ClamAV 的安装使用

  |   0 评论   |   0 浏览

ClamAV 安装使用

01. 设置阿里 yum 源

1wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

02. 安装 clamav

1yum install -y clamav

03. 更新病毒库

1freshclam

04. 扫描病毒

1mkdir virus_temp
2clamscan -r -i / -l clamscan.log --move virus_temp/

  扫描根目录下所有文件,-r 所有文件,-i 只输出感染文件,-l 指定扫描日志,--move 将病毒移动到指定目录

  其他指令:

  1 Clam AntiVirus: Scanner 0.101.5
  2           By The ClamAV Team: https://www.clamav.net/about.html#credits
  3           (C) 2019 Cisco Systems, Inc.
  4
  5    clamscan [options] [file/directory/-]
  6
  7    --help                -h             Show this help
  8    --version             -V             Print version number
  9    --verbose             -v             Be verbose
 10    --archive-verbose     -a             Show filenames inside scanned archives
 11    --debug                              Enable libclamav's debug messages
 12    --quiet                              Only output error messages
 13    --stdout                             Write to stdout instead of stderr
 14    --no-summary                         Disable summary at end of scanning
 15    --infected            -i             Only print infected files
 16    --suppress-ok-results -o             Skip printing OK files
 17    --bell                               Sound bell on virus detection
 18
 19    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
 20    --leave-temps[=yes/no(*)]            Do not remove temporary files
 21    --gen-json[=yes/no(*)]               Generate JSON description of scanned file(s). JSON will be printed and also-
 22                                         dropped to the temp directory if --leave-temps is enabled.
 23    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load all supported db files from DIR
 24    --official-db-only[=yes/no(*)]       Only load official signatures
 25    --log=FILE            -l FILE        Save scan report to FILE
 26    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
 27    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
 28    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
 29    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
 30    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
 31    --file-list=FILE      -f FILE        Scan files from FILE
 32    --remove[=yes/no(*)]                 Remove infected files. Be careful!
 33    --move=DIRECTORY                     Move infected files into DIRECTORY
 34    --copy=DIRECTORY                     Copy infected files into DIRECTORY
 35    --exclude=REGEX                      Don't scan file names matching REGEX
 36    --exclude-dir=REGEX                  Don't scan directories matching REGEX
 37    --include=REGEX                      Only scan file names matching REGEX
 38    --include-dir=REGEX                  Only scan directories matching REGEX
 39
 40    --bytecode[=yes(*)/no]               Load bytecode from the database
 41    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
 42    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
 43    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
 44    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
 45    --exclude-pua=CAT                    Skip PUA sigs of category CAT
 46    --include-pua=CAT                    Load PUA sigs of category CAT
 47    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
 48    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
 49    --structured-ssn-count=N             Min SSN count to generate a detect
 50    --structured-cc-count=N              Min CC count to generate a detect
 51    --scan-mail[=yes(*)/no]              Scan mail files
 52    --phishing-sigs[=yes(*)/no]          Enable email signature-based phishing detection
 53    --phishing-scan-urls[=yes(*)/no]     Enable URL signature-based phishing detection
 54    --heuristic-alerts[=yes(*)/no]       Heuristic alerts
 55    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
 56    --normalize[=yes(*)/no]              Normalize html, script, and text files. Use normalize=no for yara compatibility
 57    --scan-pe[=yes(*)/no]                Scan PE files
 58    --scan-elf[=yes(*)/no]               Scan ELF files
 59    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
 60    --scan-pdf[=yes(*)/no]               Scan PDF files
 61    --scan-swf[=yes(*)/no]               Scan SWF files
 62    --scan-html[=yes(*)/no]              Scan HTML files
 63    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files
 64    --scan-hwp3[=yes(*)/no]              Scan HWP3 files
 65    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
 66    --alert-broken[=yes/no(*)]           Alert on broken executable files (PE & ELF)
 67    --alert-encrypted[=yes/no(*)]        Alert on encrypted archives and documents
 68    --alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives
 69    --alert-encrypted-doc[=yes/no(*)]    Alert on encrypted documents
 70    --alert-macros[=yes/no(*)]           Alert on OLE2 files containing VBA macros
 71    --alert-exceeds-max[=yes/no(*)]      Alert on files that exceed max file size, max scan size, or max recursion limit
 72    --alert-phishing-ssl[=yes/no(*)]     Alert on emails containing SSL mismatches in URLs
 73    --alert-phishing-cloak[=yes/no(*)]   Alert on emails containing cloaked URLs
 74    --alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files containing partition intersections
 75    --nocerts                            Disable authenticode certificate chain verification in PE files
 76    --dumpcerts                          Dump authenticode certificate chain in PE files
 77
 78    --max-scantime=#n                    Scan time longer than this will be skipped and assumed clean
 79    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
 80    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
 81    --max-files=#n                       The maximum number of files to scan for each container file (**)
 82    --max-recursion=#n                   Maximum archive recursion level for container file (**)
 83    --max-dir-recursion=#n               Maximum directory recursion level
 84    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
 85    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
 86    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
 87    --max-scriptnormalize=#n             Maximum size of script file to normalize
 88    --max-ziptypercg=#n                  Maximum size zip to type reanalyze
 89    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned
 90    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned
 91    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function
 92    --pcre-match-limit=#n                Maximum calls to the PCRE match function.
 93    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.
 94    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.
 95    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.
 96
 97Pass in - as the filename for stdin.
 98
 99(*) Default scan settings
100(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
101   files inside. The above options ensure safe processing of this kind of data.

05. 加入定时任务

1crontab -e

  将以下内容填入

15 0 * * * clamscan -r -i / -l clamscan.log --move virus_temp/

06. 后续

  计划做出一键安装,然后自动加入定时任务自动邮件等方式告警

---------------------------------------------------------------
>> 博客地址:https://blog.mufengs.com
>> 邮箱地址:[email protected]
>> 微信帐号:Do8080
>> Github : https://github.com/mufengcoding
---------------------------------------------------------------