一、安装ClamAV
sudo apt install clamav clamav-daemon clamav-freshclam
clamscan -V //查看安装版本
二、更新数据库
1、为了手动更新数据库,暂时停止服务。
sudo systemctl stop clamav-freshclam
2、刚安装好是没办法用的,需要先更新病毒特征库。运行freshclam
sudo freshclam //更新
sudo freshclam -v //查看是否有新的病毒库
root@debian:/home/taiji# sudo freshclam -v
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> Loaded freshclam.dat:
Thu Feb 8 09:15:43 2024 -> version: 1
Thu Feb 8 09:15:43 2024 -> uuid: 10f386d0-67e8-4768-9dc4-fddfca82227c
Thu Feb 8 09:15:43 2024 -> ClamAV update process started at Thu Feb 8 09:15:43 2024
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> Querying current.cvd.clamav.net
Thu Feb 8 09:15:43 2024 -> TTL: 224
Thu Feb 8 09:15:43 2024 -> fc_dns_query_update_info: Software version from DNS: 0.103.11
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> check_for_new_database_version: Local copy of daily found: daily.cvd.
Thu Feb 8 09:15:43 2024 -> query_remote_database_version: daily.cvd version from DNS: 27178
Thu Feb 8 09:15:43 2024 -> daily.cvd database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Thu Feb 8 09:15:43 2024 -> fc_update_database: daily.cvd already up-to-date.
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> check_for_new_database_version: Local copy of main found: main.cvd.
Thu Feb 8 09:15:43 2024 -> query_remote_database_version: main.cvd version from DNS: 62
Thu Feb 8 09:15:43 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Feb 8 09:15:43 2024 -> fc_update_database: main.cvd already up-to-date.
Thu Feb 8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb 8 09:15:43 2024 -> check_for_new_database_version: Local copy of bytecode found: bytecode.cvd.
Thu Feb 8 09:15:43 2024 -> query_remote_database_version: bytecode.cvd version from DNS: 334
Thu Feb 8 09:15:43 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Thu Feb 8 09:15:43 2024 -> fc_update_database: bytecode.cvd already up-to-date.
root@debian:/home/taiji# sudo freshclam
Thu Feb 8 09:15:58 2024 -> ClamAV update process started at Thu Feb 8 09:15:58 2024
Thu Feb 8 09:15:58 2024 -> daily.cvd database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Thu Feb 8 09:15:58 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Feb 8 09:15:58 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
3、重新启动服务
sudo systemctl start clamav-freshclam
4、使ClamAV以daemon防护的方式运行
sudo systemctl start clamav-daemon
5、参考使用帮助
clamscan --help
如果更新失败。为了解决这个问题,我们有很多不同的方法:
1、使用wget或curl手动下载数据库,并将其放在/ var / lib / clamav /中
cd /var/lib/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd
2、增加ClamAV超时
编辑/etc/clamav/freshclam.conf并更改它:
ReceiveTimeout 30
To this:
ReceiveTimeout 300
三、命令行扫描
1、首先,-i和-r标志。-i告诉ClamAV仅显示受感染的文件。-r标志使扫描递归
–max-scansize=标志设置您希望ClamAV爬网的最大数据量。最大值是4000M请记住,这是正在读取的实际数据,而不是文件的大小。
文件大小是下一个标志。–max-filesize=设置您要ClamAV扫描的文件的最大大小。
2、运行扫描
clamscan -i -r --max-scansize=4000M --max-filesize=4000M ~/Downloads
3、其它扫描:
· 扫描所有用户的主目录就使用 clamscan -r /home
· 扫描您计算机上的所有文件并且显示所有的文件的扫描结果,就使用 clamscan -r /
· 扫描您计算机上的所有文件并且显示有问题的文件的扫描结果,就使用 clamscan -r --bell -i /
4、扫描报告说明:
----------- SCAN SUMMARY -----------
Known viruses: 8684340 #已知病毒
Engine version: 1.0.3 #软件版本
Scanned directories: 4517 #扫描目录
Scanned files: 76405 #扫描文件
Infected files: 4 #感染文件!!!
Data scanned: 7609.13 MB #扫描数据
Data read: 6373.07 MB (ratio 1.19:1) #数据读取
Time: 1560.590 sec (26 m 0 s) #扫描用时
Start Date: 2024:02:08 08:35:55
End Date: 2024:02:08 09:01:55
四、删除病毒文件
1、扫描并清理病毒文件
sudo clamscan --remove /
2、查杀当前目录并删除感染的文件:clamscan -r --remove
-r:递归扫描子目录
--remove:扫描到病毒文件后自动删除
3、扫描所有文件并显示有问题的文件的扫描结果:clamscan -r -i /
-i:只输出感染文件
4、扫描所有文件,发现病毒自动删除,同时保存杀毒日志:clamscan --infected -r / --remove -l /home/log/clamav/clamscan.log
-l:增加扫描报告
5、扫描指定目录,然后将感染文件移动到指定目录,并记录日志
clamscan -r -i / --move=/opt/infected -l /var/log/clamscan.log
五、自动更新病毒库和查杀病毒
1、设置crontab自动更新病毒库:
* 1 * * * /usr/bin/freshclam --quiet
2、设置crontab自动查杀病毒:
* 22 * * * clamscan -r / -l /home/log/clamav/clamscan.log --remove
六、其它
扫描/sys可能会报错,跳过即可:clamscan --exclude-dir=/sys/ -r -i /
升级病毒库时,提示:
taiji@taiji:~$ sudo freshclam
[sudo] taiji 的密码:
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf
则进行以下两步操作,升级成功:
taiji@taiji:~$ sudo rm -f /usr/local/etc/freshclam.conf
taiji@taiji:~$ sudo ln -s /etc/clamav/freshclam.conf /usr/local/etc/freshclam.conf
taiji@taiji:~$ sudo freshclam
Wed Feb 7 19:54:37 2024 -> ClamAV update process started at Wed Feb 7 19:54:37 2024
Wed Feb 7 19:54:37 2024 -> daily.cld database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Wed Feb 7 19:54:37 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Feb 7 19:54:37 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
