
Oneleaf留言 | 贡献2007年5月13日 (日) 23:41的版本

{{#ifexist: :ClamAV/zh | | {{#ifexist: ClamAV/zh | | {{#ifeq: {{#titleparts:ClamAV|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:ClamAV|1|-1|}} | zh | | }}

ClamAV is a command line virus scanner. It can only detect viruses; it cannot remove them from files. It detects viruses on all platforms, but due to the popularity of the platform, it primarily detects Windows viruses and malware.

Why do I need anti-virus software? Isn't Linux virus-free?

In the most part, Linux is engineered in a fashion that makes it hard for viruses to run. Also, because more PCs currently run Windows, it is more worthwhile writing viruses for the Windows platform. However, there are many reasons you might want a virus scanner on your Linux PC:

  • to scan a Windows drive in your PC
  • to scan Windows machines over a network
  • to scan files you are going to send to other people
  • to scan e-mail you are going to forward to other people

Installing ClamAV

ClamAV is in the Universe repository. (If you do not have Universe enabled, see AddingRepositoriesHowto).

ClamAV has two modes of operation; a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running.

Database updates can also be downloaded automatically .

  • For manual use: install the package clamav.
  • For automated use: install the package clamav-daemon.

Both methods will also install clamav-freshclam, the updater.

After installing, you may be asked some questions about how to get virus signature updates. Select the download site closest to you. ClamAV updates are a very small download and it is well worth scheduling them to happen automatically.

Using ClamAV

How can I...

Update my virus definitions?

Use freshclam.

You will see an output like this:

user@ubuntu:/etc/clamav # freshclam
ClamAV update process started at Wed Apr 27 00:06:47 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes)  

If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding:

HTTPProxyServer serveraddress
HTTPProxyPort portnumber

Scan files for viruses using clamav?

Use clamscan.


  • To check files in the all users home directories: clamscan -r /home
  • To check all files on the computer, displaying the name of each file: clamscan -r /
  • To check all files on the computer, but only display infected files and ring a bell when found: clamscan -r --bell -i /

When ClamAV has scanned all the files you asked it to, it will report a summary:

----------- SCAN SUMMARY -----------
Known viruses: 33840
Scanned directories: 145
Scanned files: 226
Infected files: 1
Data scanned: 54.22 MB
I/O buffer size: 131072 bytes
Time: 20.831 sec (0 m 20 s)  

IconsPage?action=AttachFile&do=get&target=info.png ClamAV can only read files that the user running it can read. If you want to check all files on the system, use the sudo command (see UsingSudo for more information).

Run ClamAV as a daemon?

Install clamav-daemon. You can then use clamdscan where you would previously have used clamscan.

Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory.

The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files.

Tell if clamav-daemon is running?

Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd

Remove files infected with viruses?

You can addhttps://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=warning.png dscan commandline.


Find out what version of ClamAV I have?

Use clamdscan -v:

user@ubuntu:/etc/clamav # clamdscan -V
ClamAV 0.83/855/Tue Apr 26 06:40:32 2005  

Learn about other options?

Try man clamscan.

Schedule ClamAV to run automatically?

You can use the at command to schedule clamscan or freshclam. For example:

at 3:30 tomorrow
at>clamscan -i /home/user > mail [email protected]
at> <CTRL-D> 
job 3 at 2005-04-28 03:30

You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail.
