| 项目 | 详细 |
| 主要用途 | 邮件网关的病毒扫描,内建支持多种邮件格式 |
| 高性能 | 提供多线程的扫描进程 |
| 命令行 | 提供密令行扫描方式 |
| 扫描对象 | 可以对要发送的邮件或者文件进行扫描 |
| 文件格式 | 支持多种文件格式 |
| 病毒库更新频度 | 一天多次病毒库的更新 |
| 归档文件 | 支持扫描多种归档文件,比如Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS等 |
| 文档 | 支持流行的文档文件,比如: MS Office文件,MacOffice文件, HTML, Flash, RTF,PDF |
安装方式
CENTOS/RHEL yum -y install clamav
Ubuntu/Debian apt-get install clamav使用方式
NAME
clamdscan - scan files and directories for viruses using Clam AntiVirus Daemon
SYNOPSIS
clamdscan [options] [file/directory]
DESCRIPTION
clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd.
OPTIONS
-h, --help
Display help information and exit.
-V, --version
Print version number and exit.
-v, --verbose
Be verbose.
--quiet
Be quiet - only output error messages.
--stdout
Write all messages (except for libclamav output) to the standard output (stdout).
--config-file=FILE
Read clamd settings from FILE.
-l FILE, --log=FILE
Save the scan report to FILE.
-f FILE, --file-list=FILE
Scan files listed line by line in FILE.
-m, --multiscan
In the multiscan mode clamd will attempt to scan the directory contents in parallel using available threads. This option is especially useful on multiprocessor and multi-core systems. If you pass more than one file or directory in the command line,
they are put in a queue and sent to clamd individually. This means, that single files are always scanned by a single thread. Similarly, clamdscan will wait for clamd to finish a directory scan (performed in multiscan mode) before sending request to
scan another directory. This option can be combined with --fdpass (see below).
-z, --allmatch
After a match, continue scanning within the file for additional matches.
--remove
Remove infected files. Be careful.
--move=DIRECTORY
Move infected files into DIRECTORY.
--no-summary
Do not display summary at the end of scanning.
--reload
Request clamd to reload virus database.
--fdpass
Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket.
--stream
Forces file streaming to clamd. This is generally not needed as clamdscan detects automatically if streaming is required. This option only exists for debugging and testing purposes, in all other cases --fdpass is preferred.
EXAMPLES
(0) To scan a one file:
clamdscan file
(1) To scan a current working directory:
clamdscan
(2) To scan all files in /home:
clamdscan /home
(3) To scan a file when clamd is running as a different user:
clamdscan --fdpass ~/downloads
(4) To scan from standard input:
clamdscan - < file_to_scan
cat file_to_scan | clamdscan -
RETURN CODES
0 : No virus found.
1 : Virus(es) found.
2 : An error occurred.
常用方法
##扫描文件
clamscan targetfile
##递归扫描home目录,并且记录日志
clamscan -r -i /home -l /var/log/clamscan.log
##递归扫描home目录,将病毒文件删除,并且记录日志
clamscan -r -i /home --remove -l /var/log/clamscan.log
##建议##扫描指定目录,然后将感染文件移动到指定目录,并记录日志
clamscan -r -i /home --move=/opt/infected -l /var/log/clamscan.logClamAV与业务系统整合
方案
- 在业务系统安装
clamav-REST服务 - 部署
clamav-scanner server - 部署clamav更新服务器,或者直接上网更新
- 部署clamav病毒库更新服务器
- 部署clamav查杀文件所产生的日志服务器(可以直接放在服务端本地)
客户端上传文件,业务系统调用clamav-rest接口,让clamd主程序对文件进行扫描,并记录日志
异常处理
解决方案
sudo touch /var/lib/clamav/clamd-socket
sudo chown vscan:vscan /var/lib/clamav/clamd-socket #vscan:vscan改成你的用户名和组名
sudo freshclam -v
然后在控制台下运行:clamscan /home
加个 -r 进行递归扫描 -i 只列出受感染的文件: clamscan -r -i /home