Linux system virus-checking software ClamAV (online installation)

Source: Internet
Author: User
Tags directory create virus scan

ClamAV is an open source antivirus engine that can be used on Linux platforms to detect Trojans, viruses, malware, and other malicious threats.

Official website: http://www.clamav.net/

First, the installation of the CentOS environment

# yum Install-y epel--y ClamAV

Second, virus database update check: Freshclam

# Freshclam ClamAV update process started at Fri Sep A  -: +: -  .MAIN.CLD isUp to date (version: -, SIGs:4566249, F-level: -, Builder:sigmgr) Downloading daily-23862. Cdiff [ -%]DAILY.CLD Updated (version:23862, SIGs:1743102, F-level: the, Builder:neo) BYTECODE.CLD isUp to date (version:312, SIGs: About, F-level: the, Builder:neo) Database Updated (6309425Signatures fromDb.local.clamav.net (IP:203.178.137.175)

Third, help document

# Clamscan--Help Clam AntiVirus Scanner0.99.2By the ClamAV team:http://www.clamav.net/about.html#creditsC -- -Cisco Systems, Inc. --help-h Print This Help Screen--version-V Print version number--verbose-v be verbose--archive-verbose-a Show filenames inside scanned archives--debug Enable Libclamav's Debug Messages--quiet only output error messages--stdout Write to stdout instead of stderr--no-Summary Disable Summary at end of scanning--infected-I only print infected files--suppress-ok-results-o Skip printing OK files--Bell Sound bell on virus detection--tempdir=directory Create Temporary filesinchDIRECTORY--leave-temps[=yes/no (*)] Do not remove temporary files--database=file/dir-d file/dir Load Virus Database fromFILE or load all supported DB files fromDIR--official-db-only[=yes/no (*)] Only load official signatures--log=file-l file Save scan report to FILE--recursive[=yes/no (*)]-R Scan subdirectories recursively--allmatch[=yes/no (*)]-z Continue scanning within file after finding a match--cross-fs[=yes (*)/No] Scan files and directories on other filesystems--follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0= Never,1= Direct,2=Always )--follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0= Never,1= Direct,2=Always )--file-list=file-f file Scan files fromFILE--remove[=yes/no (*)] remove infected files.    Be careful! --move=directory Move infected files into DIRECTORY--copy=directory Copy infected files into DIRECTORY--exclude=regex Don't scan file names matching REGEX--exclude-dir=regex Don't scan directories matching REGEX--include=regex only scan file names matching regex--include-dir=regex only scan directories matching regex--bytecode[=yes (*)/no] Load bytecode fromThe database--bytecode-unsigned[=yes/no (*)] Load unsigned bytecode--bytecode-timeout=n Set Bytecode Timeout (inchmilliseconds)--statistics[=none (*)/bytecode/Pcre] Collect and print execution statistics--detect-pua[=yes/no (*)] Detect possibly unwanted applications--exclude-pua=Cat Skip PUA sigs of category CAT--include-pua=Cat Load PUA sigs of category CAT--detect-structured[=yes/no (*)] Detect structured data (SSN, credit Card)--STRUCTURED-SSN-FORMAT=X SSN Format (0=normal,1=stripped,2=both)--structured-ssn-count=N Min SSN count to generate a detect--structured-cc-count=N Min CC count to generate a detect--scan-mail[=yes (*)/No] Scan Mail Files--phishing-sigs[=yes (*)/no] signature-based phishing Detection--phishing-scan-urls[=yes (*)/no] url-based phishing Detection--heuristic-scan-precedence[=yes/no (*)] Stop scanning asSoon asA heuristic match isfound--phishing-ssl[=yes/no (*)] always block SSL mismatchesinchURLs (phishing module)--phishing-cloak[=yes/no (*)] Always block cloaked URLs (phishing module)--partition-intersection[=yes/no (*)] Detect partition intersectionsinchRaw disk Imagesusingheuristics. --algorithmic-detection[=yes (*)/No] Algorithmic Detection--scan-pe[=yes (*)/No] Scan PE Files--scan-elf[=yes (*)/No] Scan ELF Files--scan-ole2[=yes (*)/No] Scan OLE2 Containers--scan-pdf[=yes (*)/No] Scan PDF Files--scan-swf[=yes (*)/No] Scan SWF Files--scan-html[=yes (*)/No] Scan HTML Files--scan-xmldocs[=yes (*)/no] Scan xml-based document Files--scan-hwp3[=yes (*)/No] Scan HWP3 Files--scan-archive[=yes (*)/No] Scan archive files (supported by Libclamav)--detect-broken[=yes/no (*)] Try to detect broken executable files--block-encrypted[=yes/no (*)] Block encrypted archives--block-macros[=yes/no (*)] Block OLE2 files with VBA macros--nocerts Disable Authenticode certificate chain VerificationinchPE Files--dumpcerts Dump Authenticode certificate chaininchPE Files--max-filesize= #n Files larger than ThisWould be skipped and assumed clean--max-scansize= #n The maximum amount of data to scan forEach container file (* *)    --max-files= #n The maximum number of files to scan forEach container file (* *)    --max-recursion= #n Maximum Archive recursion level forContainer File (* *)    --max-dir-recursion=#n Maximum directory recursion level--max-embeddedpe= #n Maximum size file to check forEmbedded PE--max-htmlnormalize=#n Maximum size of HTML file to normalize--max-htmlnotags=#n Maximum size of normalized HTML file to scan--max-scriptnormalize=#n Maximum Size of script file to normalize--max-ziptypercg=#n Maximum size zip to type reanalyze--max-partitions= #n Maximum Number of partitionsinchdisk image to be scanned--max-iconspe= #n Maximum Number of iconsinchPE file to be scanned--max-rechwp3=#n Maximum Recursive calls to HWP3 parsing function--pcre-match-limit=#n Maximum calls to the PCRE match function. --pcre-recmatch-limit=#n Maximum Recursive calls to the PCRE match function. --pcre-max-filesize=#n Maximum Size file to perform PCRE subsig matching. --enable-Stats Enable Statistical reporting of malware--disable-pe-stats Disable submission of individual PE sectionsinchStats Submissions--stats-timeout= #n number of seconds to wait forWaiting a response back fromThe stats server--stats-host-id=UUID Set The Host ID used when submitting statistical info. --disable-cache Disable caching and cache checks forhash sums of scanned files. (*) Default Scan Settings (* *) Certain files (e.g. documents, archives, etc) mayinchturn contain other files inside. The above options ensure safe processing of ThisKind of data.
View Code

Iv. Virus Scan: Clamscan (recursive scan + scan path Output)

# Clamscan-r/root/--stdout/root/. Cshrc:ok/root/.abrt/applet_dirlist:empty File/root/ossec-hids-2.8.3. Tar.gz:OK/root/virusdemo/virus/s.zip:win.trojan.hollandgirl-1 FOUND/root/.gconfd/Saved_state:ok/root/rootkit.exe:Empty File/root/Clam_log_170922.txt:OK/root/virusdemo/virus/l.zip:win.trojan.radyum-2 FOUND/root/. Imsettings.log:OK/root/virusdemo/virus/n.zip:win.trojan.nympho-2 FOUND/root/chkrootkit-0.52/Ifpromisc.c:ok/root/chkrootkit-0.52/Chkrootkit.lsm:OK/root/chkrootkit-0.52/Copyright:ok ...-----------SCAN SUMMARY-----------known viruses:6303718Engine Version:0.99.2Scanned Directories:342Scanned Files:3927infected files:23Data Scanned:133.68Mbdata read:87.24MB (ratio1.53:1) Time:38.355SEC (0M -S

Linux system virus-checking software ClamAV (online installation)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.