項目 | 詳細 |
主要用途 | 郵件網關的病毒掃描,內建支持多種郵件格式 |
高性能 | 提供多線程的掃描進程 |
命令行 | 提供密令行掃描方式 |
掃描對象 | 可以對要發送的郵件或者文件進行掃描 |
文件格式 | 支持多種文件格式 |
病毒庫更新頻度 | 一天多次病毒庫的更新 |
歸檔文件 | 支持掃描多種歸檔文件,比如Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS等 |
文檔 | 支持流行的文檔文件,比如: MS Office文件,MacOffice文件, HTML, Flash, RTF,PDF |
安裝方式
CENTOS/RHEL yum -y install clamav
Ubuntu/Debian apt-get install clamav
使用方式
NAME
clamdscan - scan files and directories for viruses using Clam AntiVirus Daemon
SYNOPSIS
clamdscan [options] [file/directory]
DESCRIPTION
clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd.
OPTIONS
-h, --help
Display help information and exit.
-V, --version
Print version number and exit.
-v, --verbose
Be verbose.
--quiet
Be quiet - only output error messages.
--stdout
Write all messages (except for libclamav output) to the standard output (stdout).
--config-file=FILE
Read clamd settings from FILE.
-l FILE, --log=FILE
Save the scan report to FILE.
-f FILE, --file-list=FILE
Scan files listed line by line in FILE.
-m, --multiscan
In the multiscan mode clamd will attempt to scan the directory contents in parallel using available threads. This option is especially useful on multiprocessor and multi-core systems. If you pass more than one file or directory in the command line,
they are put in a queue and sent to clamd individually. This means, that single files are always scanned by a single thread. Similarly, clamdscan will wait for clamd to finish a directory scan (performed in multiscan mode) before sending request to
scan another directory. This option can be combined with --fdpass (see below).
-z, --allmatch
After a match, continue scanning within the file for additional matches.
--remove
Remove infected files. Be careful.
--move=DIRECTORY
Move infected files into DIRECTORY.
--no-summary
Do not display summary at the end of scanning.
--reload
Request clamd to reload virus database.
--fdpass
Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket.
--stream
Forces file streaming to clamd. This is generally not needed as clamdscan detects automatically if streaming is required. This option only exists for debugging and testing purposes, in all other cases --fdpass is preferred.
EXAMPLES
(0) To scan a one file:
clamdscan file
(1) To scan a current working directory:
clamdscan
(2) To scan all files in /home:
clamdscan /home
(3) To scan a file when clamd is running as a different user:
clamdscan --fdpass ~/downloads
(4) To scan from standard input:
clamdscan - < file_to_scan
cat file_to_scan | clamdscan -
RETURN CODES
0 : No virus found.
1 : Virus(es) found.
2 : An error occurred.
常用方法
##掃描文件
clamscan targetfile
##遞歸掃描home目錄,並且記錄日誌
clamscan -r -i /home -l /var/log/clamscan.log
##遞歸掃描home目錄,將病毒文件刪除,並且記錄日誌
clamscan -r -i /home --remove -l /var/log/clamscan.log
##建議##掃描指定目錄,然後將感染文件移動到指定目錄,並記錄日誌
clamscan -r -i /home --move=/opt/infected -l /var/log/clamscan.log
ClamAV與業務系統整合
方案
- 在業務系統安裝
clamav-REST
服務 - 部署
clamav-scanner server
- 部署clamav更新服務器,或者直接上網更新
- 部署clamav病毒庫更新服務器
- 部署clamav查殺文件所產生的日誌服務器(可以直接放在服務端本地)
客戶端上傳文件,業務系統調用clamav-rest
接口,讓clamd主程序對文件進行掃描,並記錄日誌
異常處理
解決方案
sudo touch /var/lib/clamav/clamd-socket
sudo chown vscan:vscan /var/lib/clamav/clamd-socket #vscan:vscan改成你的用戶名和組名
sudo freshclam -v
然後在控制檯下運行:clamscan /home
加個 -r 進行遞歸掃描 -i 只列出受感染的文件: clamscan -r -i /home