一、安裝ClamAV
sudo apt install clamav clamav-daemon clamav-freshclamclamscan -V //查看安裝版本二、更新資料庫
1、為了手動更新資料庫,暫時停止服務。
sudo systemctl stop clamav-freshclam2、剛安裝好是沒辦法用的,需要先更新病毒特徵庫。運行freshclam
sudo freshclam //更新
sudo freshclam -v //查看是否有新的病毒庫root@debian:/home/taiji# sudo freshclam -v
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> Loaded freshclam.dat:
Thu Feb 8 09:15:43 2024 -> version: 1
Thu Feb 8 09:15:43 2024 -> uuid: 10f386d0-67e8-4768-9dc4-fddfca82227c
Thu Feb 8 09:15:43 2024 -> ClamAV update process started at Thu Feb 8 09:15:43 2024
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> Querying current.cvd.clamav.net
Thu Feb 8 09:15:43 2024 -> TTL: 224
Thu Feb 8 09:15:43 2024 -> fc_dns_query_update_info: Software version from DNS: 0.103.11
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> check_for_new_database_version: Local copy of daily found: daily.cvd.
Thu Feb 8 09:15:43 2024 -> query_remote_database_version: daily.cvd version from DNS: 27178
Thu Feb 8 09:15:43 2024 -> daily.cvd database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Thu Feb 8 09:15:43 2024 -> fc_update_database: daily.cvd already up-to-date.
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> check_for_new_database_version: Local copy of main found: main.cvd.
Thu Feb 8 09:15:43 2024 -> query_remote_database_version: main.cvd version from DNS: 62
Thu Feb 8 09:15:43 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Feb 8 09:15:43 2024 -> fc_update_database: main.cvd already up-to-date.
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> check_for_new_database_version: Local copy of bytecode found: bytecode.cvd.
Thu Feb 8 09:15:43 2024 -> query_remote_database_version: bytecode.cvd version from DNS: 334
Thu Feb 8 09:15:43 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Thu Feb 8 09:15:43 2024 -> fc_update_database: bytecode.cvd already up-to-date.
root@debian:/home/taiji# sudo freshclam
Thu Feb 8 09:15:58 2024 -> ClamAV update process started at Thu Feb 8 09:15:58 2024
Thu Feb 8 09:15:58 2024 -> daily.cvd database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Thu Feb 8 09:15:58 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Feb 8 09:15:58 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)3、重新啟動服務
sudo systemctl start clamav-freshclam4、使ClamAV以daemon防護的方式運行
sudo systemctl start clamav-daemon5、參考使用幫助
clamscan --help如果更新失敗。為了解決這個問題,我們有很多不同的方法:
1、使用wget或curl手動下載資料庫,並將其放在/ var / lib / clamav /中
cd /var/lib/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd2、增加ClamAV超時
編輯/etc/clamav/freshclam.conf並更改它:
ReceiveTimeout 30
To this:
ReceiveTimeout 300三、命令行掃描
1、首先,-i和-r標誌。-i告訴ClamAV僅顯示受感染的文件。-r標誌使掃描遞歸
–max-scansize=標誌設置您希望ClamAV爬網的最大數據量。最大值是4000M請記住,這是正在讀取的實際數據,而不是文件的大小。
文件大小是下一個標誌。–max-filesize=設置您要ClamAV掃描的文件的最大大小。
2、運行掃描
clamscan -i -r --max-scansize=4000M --max-filesize=4000M ~/Downloads
3、其它掃描:
· 掃描所有用戶的主目錄就使用 clamscan -r /home
· 掃描您計算機上的所有文件並且顯示所有的文件的掃描結果,就使用 clamscan -r /
· 掃描您計算機上的所有文件並且顯示有問題的文件的掃描結果,就使用 clamscan -r --bell -i /
4、掃描報告說明:
----------- SCAN SUMMARY -----------
Known viruses: 8684340 #已知病毒
Engine version: 1.0.3 #軟體版本
Scanned directories: 4517 #掃描目錄
Scanned files: 76405 #掃描文件
Infected files: 4 #感染文件!!!
Data scanned: 7609.13 MB #掃描數據
Data read: 6373.07 MB (ratio 1.19:1) #數據讀取
Time: 1560.590 sec (26 m 0 s) #掃描用時
Start Date: 2024:02:08 08:35:55
End Date: 2024:02:08 09:01:55四、刪除病毒文件
1、掃描並清理病毒文件
sudo clamscan --remove /2、查殺當前目錄並刪除感染的文件:clamscan -r --remove
-r:遞歸掃描子目錄
--remove:掃描到病毒文件後自動刪除
3、掃描所有文件並顯示有問題的文件的掃描結果:clamscan -r -i /
-i:只輸出感染文件
4、掃描所有文件,發現病毒自動刪除,同時保存殺毒日誌:clamscan --infected -r / --remove -l /home/log/clamav/clamscan.log
-l:增加掃描報告
5、掃描指定目錄,然後將感染文件移動到指定目錄,並記錄日誌
clamscan -r -i / --move=/opt/infected -l /var/log/clamscan.log五、自動更新病毒庫和查殺病毒
1、設置crontab自動更新病毒庫:
* 1 * * * /usr/bin/freshclam --quiet2、設置crontab自動查殺病毒:
* 22 * * * clamscan -r / -l /home/log/clamav/clamscan.log --remove六、其它
掃描/sys可能會報錯,跳過即可:clamscan --exclude-dir=/sys/ -r -i /
升級病毒庫時,提示:
taiji@taiji:~$ sudo freshclam
[sudo] taiji 的密碼:
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf則進行以下兩步操作,升級成功:
taiji@taiji:~$ sudo rm -f /usr/local/etc/freshclam.conf
taiji@taiji:~$ sudo ln -s /etc/clamav/freshclam.conf /usr/local/etc/freshclam.conf
taiji@taiji:~$ sudo freshclam
Wed Feb 7 19:54:37 2024 -> ClamAV update process started at Wed Feb 7 19:54:37 2024
Wed Feb 7 19:54:37 2024 -> daily.cld database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Wed Feb 7 19:54:37 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Feb 7 19:54:37 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)