ClamAV is an open source antivirus engine that can be used on Linux platforms to detect Trojans, viruses, malware, and other malicious threats.
Official website: http://www.clamav.net/
First, the installation of the CentOS environment
# yum Install-y epel--y ClamAV
Second, virus database update check: Freshclam
# Freshclam ClamAV update process started at Fri Sep A -: +: - .MAIN.CLD isUp to date (version: -, SIGs:4566249, F-level: -, Builder:sigmgr) Downloading daily-23862. Cdiff [ -%]DAILY.CLD Updated (version:23862, SIGs:1743102, F-level: the, Builder:neo) BYTECODE.CLD isUp to date (version:312, SIGs: About, F-level: the, Builder:neo) Database Updated (6309425Signatures fromDb.local.clamav.net (IP:203.178.137.175)
Third, help document
# Clamscan--Help Clam AntiVirus Scanner0.99.2By the ClamAV team:http://www.clamav.net/about.html#creditsC -- -Cisco Systems, Inc. --help-h Print This Help Screen--version-V Print version number--verbose-v be verbose--archive-verbose-a Show filenames inside scanned archives--debug Enable Libclamav's Debug Messages--quiet only output error messages--stdout Write to stdout instead of stderr--no-Summary Disable Summary at end of scanning--infected-I only print infected files--suppress-ok-results-o Skip printing OK files--Bell Sound bell on virus detection--tempdir=directory Create Temporary filesinchDIRECTORY--leave-temps[=yes/no (*)] Do not remove temporary files--database=file/dir-d file/dir Load Virus Database fromFILE or load all supported DB files fromDIR--official-db-only[=yes/no (*)] Only load official signatures--log=file-l file Save scan report to FILE--recursive[=yes/no (*)]-R Scan subdirectories recursively--allmatch[=yes/no (*)]-z Continue scanning within file after finding a match--cross-fs[=yes (*)/No] Scan files and directories on other filesystems--follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0= Never,1= Direct,2=Always )--follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0= Never,1= Direct,2=Always )--file-list=file-f file Scan files fromFILE--remove[=yes/no (*)] remove infected files. Be careful! --move=directory Move infected files into DIRECTORY--copy=directory Copy infected files into DIRECTORY--exclude=regex Don't scan file names matching REGEX--exclude-dir=regex Don't scan directories matching REGEX--include=regex only scan file names matching regex--include-dir=regex only scan directories matching regex--bytecode[=yes (*)/no] Load bytecode fromThe database--bytecode-unsigned[=yes/no (*)] Load unsigned bytecode--bytecode-timeout=n Set Bytecode Timeout (inchmilliseconds)--statistics[=none (*)/bytecode/Pcre] Collect and print execution statistics--detect-pua[=yes/no (*)] Detect possibly unwanted applications--exclude-pua=Cat Skip PUA sigs of category CAT--include-pua=Cat Load PUA sigs of category CAT--detect-structured[=yes/no (*)] Detect structured data (SSN, credit Card)--STRUCTURED-SSN-FORMAT=X SSN Format (0=normal,1=stripped,2=both)--structured-ssn-count=N Min SSN count to generate a detect--structured-cc-count=N Min CC count to generate a detect--scan-mail[=yes (*)/No] Scan Mail Files--phishing-sigs[=yes (*)/no] signature-based phishing Detection--phishing-scan-urls[=yes (*)/no] url-based phishing Detection--heuristic-scan-precedence[=yes/no (*)] Stop scanning asSoon asA heuristic match isfound--phishing-ssl[=yes/no (*)] always block SSL mismatchesinchURLs (phishing module)--phishing-cloak[=yes/no (*)] Always block cloaked URLs (phishing module)--partition-intersection[=yes/no (*)] Detect partition intersectionsinchRaw disk Imagesusingheuristics. --algorithmic-detection[=yes (*)/No] Algorithmic Detection--scan-pe[=yes (*)/No] Scan PE Files--scan-elf[=yes (*)/No] Scan ELF Files--scan-ole2[=yes (*)/No] Scan OLE2 Containers--scan-pdf[=yes (*)/No] Scan PDF Files--scan-swf[=yes (*)/No] Scan SWF Files--scan-html[=yes (*)/No] Scan HTML Files--scan-xmldocs[=yes (*)/no] Scan xml-based document Files--scan-hwp3[=yes (*)/No] Scan HWP3 Files--scan-archive[=yes (*)/No] Scan archive files (supported by Libclamav)--detect-broken[=yes/no (*)] Try to detect broken executable files--block-encrypted[=yes/no (*)] Block encrypted archives--block-macros[=yes/no (*)] Block OLE2 files with VBA macros--nocerts Disable Authenticode certificate chain VerificationinchPE Files--dumpcerts Dump Authenticode certificate chaininchPE Files--max-filesize= #n Files larger than ThisWould be skipped and assumed clean--max-scansize= #n The maximum amount of data to scan forEach container file (* *) --max-files= #n The maximum number of files to scan forEach container file (* *) --max-recursion= #n Maximum Archive recursion level forContainer File (* *) --max-dir-recursion=#n Maximum directory recursion level--max-embeddedpe= #n Maximum size file to check forEmbedded PE--max-htmlnormalize=#n Maximum size of HTML file to normalize--max-htmlnotags=#n Maximum size of normalized HTML file to scan--max-scriptnormalize=#n Maximum Size of script file to normalize--max-ziptypercg=#n Maximum size zip to type reanalyze--max-partitions= #n Maximum Number of partitionsinchdisk image to be scanned--max-iconspe= #n Maximum Number of iconsinchPE file to be scanned--max-rechwp3=#n Maximum Recursive calls to HWP3 parsing function--pcre-match-limit=#n Maximum calls to the PCRE match function. --pcre-recmatch-limit=#n Maximum Recursive calls to the PCRE match function. --pcre-max-filesize=#n Maximum Size file to perform PCRE subsig matching. --enable-Stats Enable Statistical reporting of malware--disable-pe-stats Disable submission of individual PE sectionsinchStats Submissions--stats-timeout= #n number of seconds to wait forWaiting a response back fromThe stats server--stats-host-id=UUID Set The Host ID used when submitting statistical info. --disable-cache Disable caching and cache checks forhash sums of scanned files. (*) Default Scan Settings (* *) Certain files (e.g. documents, archives, etc) mayinchturn contain other files inside. The above options ensure safe processing of ThisKind of data.
View Code
Iv. Virus Scan: Clamscan (recursive scan + scan path Output)
# Clamscan-r/root/--stdout/root/. Cshrc:ok/root/.abrt/applet_dirlist:empty File/root/ossec-hids-2.8.3. Tar.gz:OK/root/virusdemo/virus/s.zip:win.trojan.hollandgirl-1 FOUND/root/.gconfd/Saved_state:ok/root/rootkit.exe:Empty File/root/Clam_log_170922.txt:OK/root/virusdemo/virus/l.zip:win.trojan.radyum-2 FOUND/root/. Imsettings.log:OK/root/virusdemo/virus/n.zip:win.trojan.nympho-2 FOUND/root/chkrootkit-0.52/Ifpromisc.c:ok/root/chkrootkit-0.52/Chkrootkit.lsm:OK/root/chkrootkit-0.52/Copyright:ok ...-----------SCAN SUMMARY-----------known viruses:6303718Engine Version:0.99.2Scanned Directories:342Scanned Files:3927infected files:23Data Scanned:133.68Mbdata read:87.24MB (ratio1.53:1) Time:38.355SEC (0M -S
Linux system virus-checking software ClamAV (online installation)