• Ubuntu 系统安装和使用杀毒软件ClamAV

    安装:通过执行sudo install命令从 APT 存储库安装 ClamAV

    sudo apt install clamav clamav-daemon -y

    安转具体操作查看Reference 1.

    ClamAV使用

    ​​​​​​​sudo clamscan -r --bell  --exclude-dir="^/sys" -i /

    Terminal输入的结果显示到文件中,添加如下命令:

    ​​​​​​​sudo clamscan -r --bell  --exclude-dir="^/sys" -i / > ./.../clamscan.txt

    备注 1:使用命令行选项--exclude-dir="^/sys"忽略/sys。若扫描/sys文件则很有可能会有如下报错:

    1. WARNING: Can't open file /sys/module/watchdog/uevent: Permission denied
    2. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    3. WARNING: Can't open file /sys/module/debug_core/uevent: Permission denied
    4. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    5. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    6. WARNING: Can't open file /sys/module/workqueue/uevent: Permission denied
    7. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    8. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    9. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    10. WARNING: Can't open file /sys/module/tpm/uevent: Permission denied
    11. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    12. LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
    13. WARNING: Can't open file /sys/module/sr_mod/uevent: Permission denied
    14. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    15. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    16. WARNING: Can't open file /sys/module/drm/uevent: Permission denied
    17. LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
    18. LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
    19. LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0

    /syssysfs 虚拟文件系统的挂载点。文件/sys不是真正的文件,病毒不会感染它们。

    sysfsLinux 内核提供的虚拟文件系统。通过使用虚拟文件,sysfs 将有关各种内核子系统、硬件设备和相关设备驱动程序的信息从内核的设备模型导出到用户空间。除了提供有关各种设备和内核子系统的信息外,导出的虚拟文件还用于配置。

    备注 2:--exclude-dir 排除一些虚目录
    $ sudo clamscan -r -o --exclude-dir='^/sys|^/dev|^/mnt|^/home' / -i /home/clamscan.log

    命令介绍:

    $ clamscan -r -o --bell --exclude-dir='^/sys' /home -i /home/clamscan.log

    -r递归扫描子目录; -o跳过打印OK的文件名; /home扫描home目录; -l输出日志文件

    • (1)扫描所有用户的主目录,如:clamscan -r /home
    • (2)扫描计算机上的所有文件并且显示所有的文件的扫描结果,如:clamscan -r /
    • (3)扫描计算机上的所有文件并且显示有问题的文件的扫描结果,如:clamscan -r --bell -i /
    • (4)扫描计算机上的某个目录下文件并将扫描结果写入指定文件中,如:clamscan -r /home --max-dir-recursion=5 -l /root/homeclamav.log
    • (5)扫描计算机上的某个目录下文件并将移除感染文件,如:clamscan -r --remove /usr/bin/bsd-port

    -----------------------------------

    Reference:

    1. 如何在 Ubuntu 20.04 LTS 上安装 ClamAV - LinuxCapable

    2. 下载网址:ClamAVNet

  • 相关阅读:
    小程序中如何查看会员的积分和变更记录
    3.0、软件测试——测试用例
    【Skynet 入门实战练习】开发环境搭建 | 运行第一个项目 | debug console 简单使用
    Python快速刷题网站——牛客网 数据分析篇(八)
    maven 显式依赖包包含隐式依赖包,引起依赖包冲突
    Nacos创建用户并鉴权图文教程
    C++ stack queue 的模拟实现
    数电学习(十、脉冲波形的产生和整形)(一)
    Tranalyzer2安装及简单使用教程
    Java集合框架【二容器(Collection)[Vector容器类]】
  • 原文地址:https://blog.csdn.net/xiangyong58/article/details/126953787