安装方法:
- 长久使用参考:
http://www.cnblogs.com/kerrycode/archive/2015/08/24/4754820.html#undefined
- 临时使用参考:
http://www.clamav.net/documents/installing-clamav#rhel(参考RHEL/CentOS部分)
使用方法:
扫描所有用户的主目录: clamscan -r /home
扫描您计算机上的所有文件并且显示所有的文件的扫描结果: clamscan -r /
扫描您计算机上的所有文件并且显示有问题的文件的扫描结果: clamscan -r --bell -i /
扫描效果:
[root@localhost ~]# clamscan -r /home
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
...
/home/pentest/.local/share/Trash/info/dirtyc0w.c.trashinfo: OK
/home/pentest/.local/share/Trash/files/dirtyc0w.c: OK
/home/pentest/.local/share/recently-used.xbel: OK
/home/pentest/.esd_auth: OK
/home/pentest/.bash_history: OK
/home/pentest/.viminfo: OK
/home/elsearch/.bash_logout: OK
/home/elsearch/.bash_profile: OK
/home/elsearch/.bashrc: OK
/home/elsearch/.cache/abrt/lastnotification: OK
/home/elsearch/.bash_history: OK ----------- SCAN SUMMARY -----------
Known viruses:
Engine version: 0.99.
Scanned directories:
Scanned files:
Infected files:
Data scanned: 1020.85 MB
Data read: 1494.35 MB (ratio 0.68:)
Time: 517.155 sec ( m s)
注意事项:进行病毒扫描之前最好先将/tmp目录下的clamav目录删除掉(如果有),否则可能会引起误报。
有些要扫描的机器可能没办法联网,病毒库没办法在线更新。可以尝试在可以联网的机器上将病毒库下载到本地
然后推送到带扫描的机器上扫描即可。
病毒库文件如下所示,将下载好的以下文件上传至待扫描机器的/opt/clamav/share/clamav路径。
bytecode.cvd、daily.cvd、main.cvd、mirrors.dat
附上安装可能需要到的文件:
链接:http://pan.baidu.com/s/1kVjWtHt 密码:b69i
针对Rookit的检测工具-chkrootkit
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz