分类： 学科学

一、安装ClamAV

sudo apt install clamav clamav-daemon clamav-freshclam

clamscan -V //查看安装版本

二、更新数据库

1、为了手动更新数据库，暂时停止服务。

sudo systemctl stop clamav-freshclam

2、刚安装好是没办法用的，需要先更新病毒特征库。运行freshclam

sudo freshclam //更新
sudo freshclam -v //查看是否有新的病毒库

root@debian:/home/taiji# sudo freshclam -v
Thu Feb  8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb  8 09:15:43 2024 -> Loaded freshclam.dat:
Thu Feb  8 09:15:43 2024 ->   version:    1
Thu Feb  8 09:15:43 2024 ->   uuid:       10f386d0-67e8-4768-9dc4-fddfca82227c
Thu Feb  8 09:15:43 2024 -> ClamAV update process started at Thu Feb  8 09:15:43 2024
Thu Feb  8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb  8 09:15:43 2024 -> Querying current.cvd.clamav.net
Thu Feb  8 09:15:43 2024 -> TTL: 224
Thu Feb  8 09:15:43 2024 -> fc_dns_query_update_info: Software version from DNS: 0.103.11
Thu Feb  8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb  8 09:15:43 2024 -> check_for_new_database_version: Local copy of daily found: daily.cvd.
Thu Feb  8 09:15:43 2024 -> query_remote_database_version: daily.cvd version from DNS: 27178
Thu Feb  8 09:15:43 2024 -> daily.cvd database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Thu Feb  8 09:15:43 2024 -> fc_update_database: daily.cvd already up-to-date.
Thu Feb  8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb  8 09:15:43 2024 -> check_for_new_database_version: Local copy of main found: main.cvd.
Thu Feb  8 09:15:43 2024 -> query_remote_database_version: main.cvd version from DNS: 62
Thu Feb  8 09:15:43 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Feb  8 09:15:43 2024 -> fc_update_database: main.cvd already up-to-date.
Thu Feb  8 09:15:43 2024 -> Current working dir is /var/lib/clamav/
Thu Feb  8 09:15:43 2024 -> check_for_new_database_version: Local copy of bytecode found: bytecode.cvd.
Thu Feb  8 09:15:43 2024 -> query_remote_database_version: bytecode.cvd version from DNS: 334
Thu Feb  8 09:15:43 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Thu Feb  8 09:15:43 2024 -> fc_update_database: bytecode.cvd already up-to-date.
root@debian:/home/taiji# sudo freshclam
Thu Feb  8 09:15:58 2024 -> ClamAV update process started at Thu Feb  8 09:15:58 2024
Thu Feb  8 09:15:58 2024 -> daily.cvd database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Thu Feb  8 09:15:58 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Feb  8 09:15:58 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

3、重新启动服务

sudo systemctl start clamav-freshclam

4、使ClamAV以daemon防护的方式运行

sudo systemctl start clamav-daemon

5、参考使用帮助

clamscan --help

如果更新失败。为了解决这个问题，我们有很多不同的方法：

1、使用wget或curl手动下载数据库，并将其放在/ var / lib / clamav /中

cd /var/lib/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd

2、增加ClamAV超时

编辑/etc/clamav/freshclam.conf并更改它：

ReceiveTimeout 30
To this:
ReceiveTimeout 300

三、命令行扫描

1、首先，-i和-r标志。-i告诉ClamAV仅显示受感染的文件。-r标志使扫描递归

–max-scansize=标志设置您希望ClamAV爬网的最大数据量。最大值是4000M请记住，这是正在读取的实际数据，而不是文件的大小。

文件大小是下一个标志。–max-filesize=设置您要ClamAV扫描的文件的最大大小。

2、运行扫描

clamscan -i -r --max-scansize=4000M --max-filesize=4000M ~/Downloads

3、其它扫描：

· 扫描所有用户的主目录就使用 clamscan -r /home

· 扫描您计算机上的所有文件并且显示所有的文件的扫描结果，就使用 clamscan -r /

· 扫描您计算机上的所有文件并且显示有问题的文件的扫描结果，就使用 clamscan -r --bell -i /

4、扫描报告说明：

----------- SCAN SUMMARY -----------
Known viruses: 8684340                  #已知病毒
Engine version: 1.0.3                   #软件版本
Scanned directories: 4517               #扫描目录
Scanned files: 76405                    #扫描文件
Infected files: 4                       #感染文件!!!
Data scanned: 7609.13 MB                #扫描数据
Data read: 6373.07 MB (ratio 1.19:1)    #数据读取
Time: 1560.590 sec (26 m 0 s)           #扫描用时
Start Date: 2024:02:08 08:35:55
End Date:   2024:02:08 09:01:55

四、删除病毒文件

1、扫描并清理病毒文件

sudo clamscan --remove /

2、查杀当前目录并删除感染的文件：clamscan -r --remove

-r：递归扫描子目录

--remove：扫描到病毒文件后自动删除

3、扫描所有文件并显示有问题的文件的扫描结果：clamscan -r -i /

-i：只输出感染文件

4、扫描所有文件，发现病毒自动删除，同时保存杀毒日志：clamscan --infected -r / --remove -l /home/log/clamav/clamscan.log

-l：增加扫描报告

5、扫描指定目录，然后将感染文件移动到指定目录，并记录日志

clamscan -r -i / --move=/opt/infected -l /var/log/clamscan.log

五、自动更新病毒库和查杀病毒

1、设置crontab自动更新病毒库：

* 1 * * * /usr/bin/freshclam --quiet

2、设置crontab自动查杀病毒：

* 22 * * * clamscan -r / -l /home/log/clamav/clamscan.log --remove

六、其它

扫描/sys可能会报错，跳过即可：clamscan --exclude-dir=/sys/ -r -i /

升级病毒库时，提示：

taiji@taiji:~$ sudo freshclam
[sudo] taiji 的密码： 
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf

则进行以下两步操作，升级成功：

taiji@taiji:~$ sudo rm -f /usr/local/etc/freshclam.conf
taiji@taiji:~$ sudo ln -s /etc/clamav/freshclam.conf /usr/local/etc/freshclam.conf
taiji@taiji:~$ sudo freshclam
Wed Feb  7 19:54:37 2024 -> ClamAV update process started at Wed Feb  7 19:54:37 2024
Wed Feb  7 19:54:37 2024 -> daily.cld database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
Wed Feb  7 19:54:37 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Feb  7 19:54:37 2024 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)