-
clamav杀毒
病毒更新还需要研究一下,因为手工更新病毒库也失败了
cd /tools wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/clamav-0.100.0.tar.gz wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/zlib-1.2.7.tar.gz tar xvzf zlib-1.2.7.tar.gz cd zlib-1.2.7 ./configure make && make install sleep 2 /usr/bin/chattr -i /etc/passwd /usr/bin/chattr -i /etc/inittab /usr/bin/chattr -i /etc/group /usr/bin/chattr -i /etc/shadow /usr/bin/chattr -i /etc/gshadow groupadd clamav useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav /usr/bin/chattr +i /etc/passwd /usr/bin/chattr +i /etc/inittab /usr/bin/chattr +i /etc/group /usr/bin/chattr +i /etc/shadow /usr/bin/chattr +i /etc/gshadow cd .. tar -xvzf clamav-0.100.0.tar.gz cd clamav-0.100.0 ./configure --prefix=/opt/clamav --with-pcre make && make install echo $? echo 'export PATH=$PATH:/opt/clamav/bin' >> /etc/profile tail -1 /etc/profile source /etc/profile sleep 2 #创建目录 mkdir /opt/clamav/logs -p mkdir /opt/clamav/updata -p touch /opt/clamav/logs/freshclam.log touch /opt/clamav/logs/clamd.log #编辑权限 chown clamav:clamav /opt/clamav/logs/clamd.log chown clamav:clamav /opt/clamav/logs/freshclam.log cd /opt/clamav/etc/ wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/clamd.conf wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/freshclam.conf #配置clamav mkdir -p /opt/clamav/share/clamav chown clamav:clamav /opt/clamav/share/clamav chown -R clamav.clamav /opt/clamav/ systemctl start clamav-freshclam.service systemctl enable clamav-freshclam.service systemctl status clamav-freshclam.service cd /opt/clamav/share/clamav wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/main.cvd wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/daily.cvd wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/bytecode.cvd #先停止freshclam systemctl stop clamav-freshclam.service systemctl status clamav-freshclam.service #再更新 /opt/clamav/bin/freshclam #(根据网络质量确定更新时长)或者 #cd /opt/clamav/share/clamav #wget http://database.clamav.net/main.cvd #wget http://database.clamav.net/daily.cvd #wget http://database.clamav.net/bytecode.cvd #更新完成启动 systemctl start clamav-freshclam.service systemctl status clamav-freshclam.service #说明:如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件 #rm -f /opt/clamav/share/clamav/mirrors.dat ,再手动更新一次病毒库。 #全盘扫描 clamscan -r / --max-dir-recursion=5 -l /tmp/allclamav.log grep FOUND /tmp/allclamav.log- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
虚拟机中毒了,但是密码忘了,进不去怎么办?进入单用户模式,参考Centos7重置密码
通过e键,进入编辑模式,修改ro为rw init=/sysroot/bin/sh
按“Ctrl+x”键进入单用户模式,接着执行# 使用chroot进入系统 chroot /sysroot # 重置密码 passwd root # 更新selinux信息 touch /.autorelabel # 退出chroot exit- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
然后重启,即可
发现病毒,但是无法删掉
[root@bw42 ~]# grep FOUND /tmp/allclamav.log /usr/lib/primary.jpg: Unix.Malware.Agent-1395347 FOUND /usr/lib/updated/h64: Unix.Malware.Agent-1395347 FOUND /usr/lib/updated/dhcpi: Multios.Coinminer.Miner-6781728-2 FOUND /tools/clamav-0.103.1/test/clam.cab: Clamav.Test.File-6 FOUND /tools/clamav-0.103.1/test/clam.exe: Clamav.Test.File-6 FOUND- 1
- 2
- 3
- 4
- 5
- 6
正常情况是这样的
[root@bw41 ~]# clamscan -r --remove /usr/lib/primary.jpg /usr/lib/primary.jpg: Unix.Malware.Agent-1395347 FOUND /usr/lib/primary.jpg: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 8670667 Engine version: 0.103.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.84 MB Data read: 3.10 MB (ratio 0.27:1) Time: 26.668 sec (0 m 26 s) Start Date: 2023:07:12 17:23:15 End Date: 2023:07:12 17:23:41- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
异常情况是这样的
[root@bw42 ~]# clamscan -r --remove /usr/lib/updated/dhcpi /usr/lib/updated/dhcpi: Multios.Coinminer.Miner-6781728-2 FOUND traverse_unlink: Failed to unlink: /usr/lib/updated/dhcpi Error:Operation not permitted ERROR: Can't remove file '/usr/lib/updated/dhcpi' ----------- SCAN SUMMARY ----------- Known viruses: 8670667 Engine version: 0.103.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Not removed: 1 Data scanned: 7.46 MB Data read: 7.01 MB (ratio 1.06:1) Time: 26.904 sec (0 m 26 s) Start Date: 2023:07:12 15:57:57 End Date: 2023:07:12 15:58:24- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
解决办法是
chattr -a -i /usr/lib/updated/dhcpi rm -f /usr/lib/updated/dhcpi # 接着再杀进程即可- 1
- 2
- 3
-
相关阅读:
2022年面试复盘大全500道:Redis+ZK+Nginx+数据库+分布式+微服务
C语言入门
回调函数 事件回调 异步事件 异步函数 JS事件流 事件的捕获模式
mysql高级学习(跟着尚硅谷老师周阳学习)
cmake笔记
PageRank(下):数据分析 | 数据挖掘 | 十大算法之一
如何查看yandex文字搜索广告的搜索词?
数据结构——栈与队列
rtk原理简要说明
golang context原理
- 原文地址:https://blog.csdn.net/warrah/article/details/128185583