Ubuntu 系统安装和使用杀毒软件ClamAV

安装：通过执行sudo install命令从 APT 存储库安装 ClamAV

sudo apt install clamav clamav-daemon -y

安转具体操作查看Reference 1.

ClamAV使用

​​​​​​​sudo clamscan -r --bell  --exclude-dir="^/sys" -i /

（Terminal输入的结果显示到文件中，添加如下命令：

​​​​​​​sudo clamscan -r --bell  --exclude-dir="^/sys" -i / > ./.../clamscan.txt

备注 1：使用命令行选项--exclude-dir="^/sys"忽略/sys。若扫描/sys文件则很有可能会有如下报错：

WARNING: Can't open file /sys/module/watchdog/uevent: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
WARNING: Can't open file /sys/module/debug_core/uevent: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
WARNING: Can't open file /sys/module/workqueue/uevent: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
WARNING: Can't open file /sys/module/tpm/uevent: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
WARNING: Can't open file /sys/module/sr_mod/uevent: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
WARNING: Can't open file /sys/module/drm/uevent: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0

/sys是sysfs 虚拟文件系统的挂载点。文件/sys不是真正的文件，病毒不会感染它们。

sysfs是 Linux 内核提供的虚拟文件系统。通过使用虚拟文件，sysfs 将有关各种内核子系统、硬件设备和相关设备驱动程序的信息从内核的设备模型导出到用户空间。除了提供有关各种设备和内核子系统的信息外，导出的虚拟文件还用于配置。

备注 2：--exclude-dir 排除一些虚目录
$ sudo clamscan -r -o --exclude-dir='^/sys|^/dev|^/mnt|^/home' / -i /home/clamscan.log

命令介绍：

$ clamscan -r -o --bell --exclude-dir='^/sys' /home -i /home/clamscan.log

-r递归扫描子目录; -o跳过打印OK的文件名; /home扫描home目录; -l输出日志文件

• （1）扫描所有用户的主目录，如：clamscan -r /home
• （2）扫描计算机上的所有文件并且显示所有的文件的扫描结果，如：clamscan -r /
• （3）扫描计算机上的所有文件并且显示有问题的文件的扫描结果，如：clamscan -r --bell -i /
• （4）扫描计算机上的某个目录下文件并将扫描结果写入指定文件中，如：clamscan -r /home --max-dir-recursion=5 -l /root/homeclamav.log
• （5）扫描计算机上的某个目录下文件并将移除感染文件，如：clamscan -r --remove /usr/bin/bsd-port

-----------------------------------

Reference:

1. 如何在 Ubuntu 20.04 LTS 上安装 ClamAV - LinuxCapable

2. 下载网址：ClamAVNet