个人工具

“UbuntuHelp:ClamAV/zh”的版本间的差异

来自Ubuntu中文

跳转至: 导航, 搜索
第1行: 第1行:
{{From|https://help.ubuntu.com/community/ClamAV}} {{Languages|UbuntuHelp:ClamAV}} {{Translator|yiding.he}}
+
{{From|https://help.ubuntu.com/community/ClamAV}} {{Languages|UbuntuHelp:ClamAV}} {{Translator|yiding.he}}  
[http://www.clamav.net/ ClamAV] is a command line virus scanner. It can only detect viruses; it cannot remove them from files. It detects viruses on all platforms, but due to the popularity of the platform, it primarily detects Windows viruses and malware. Others antivirus running on Ubuntu can be found [[UbuntuHelp:Antivirus|here]].
+
[http://www.clamav.net/ ClamAV] 是一个命令行下的病毒扫描工具。它只能扫面病毒,而不能将其从文件中移除。它能够扫面各种平台上的病毒,但由于现实情况,它主要用来扫描 Windows 下的病毒和恶意软件。Ubuntu 下的其他反病毒软件可以在[[UbuntuHelp:Antivirus|这里]]找到。
  
 
=== 安装 '''ClamAV''' ===
 
=== 安装 '''ClamAV''' ===
第47行: 第47行:
 
Time: 20.831 sec (0 m 20 s)  
 
Time: 20.831 sec (0 m 20 s)  
 
</pre>  
 
</pre>  
'''[[Image:Information_icon.png]]ClamAV''' can only read files that the user running it can read. If you want to check all files on the system, use the <code><nowiki>sudo</nowiki></code> command (see UsingSudo for more information).
+
'''[[Image:Information icon.png|Image:Information_icon.png]]ClamAV''' can only read files that the user running it can read. If you want to check all files on the system, use the <code><nowiki>sudo</nowiki></code> command (see UsingSudo for more information).
  
==== 如何在后台运行 '''ClamAV'''? ====
+
==== 如何在後台运行 '''ClamAV'''? ====
  
 
Install <code><nowiki>clamav-daemon</nowiki></code>. You can then use <code><nowiki>clamdscan</nowiki></code> where you would previously have used <code><nowiki>clamscan</nowiki></code>. Lots of programs, especially e-mail servers, can connect to a '''ClamAV''' daemon. This speeds up virus scanning as the program is always in memory. The <code><nowiki>clamav-daemon</nowiki></code> package creates a 'clamav' user; in order to allow '''ClamAV''' to scan system files, such as your mail spool, you can add clamav to the group that owns the files.
 
Install <code><nowiki>clamav-daemon</nowiki></code>. You can then use <code><nowiki>clamdscan</nowiki></code> where you would previously have used <code><nowiki>clamscan</nowiki></code>. Lots of programs, especially e-mail servers, can connect to a '''ClamAV''' daemon. This speeds up virus scanning as the program is always in memory. The <code><nowiki>clamav-daemon</nowiki></code> package creates a 'clamav' user; in order to allow '''ClamAV''' to scan system files, such as your mail spool, you can add clamav to the group that owns the files.

2008年5月9日 (五) 11:06的版本

ClamAV 是一个命令行下的病毒扫描工具。它只能扫面病毒,而不能将其从文件中移除。它能够扫面各种平台上的病毒,但由于现实情况,它主要用来扫描 Windows 下的病毒和恶意软件。Ubuntu 下的其他反病毒软件可以在这里找到。

安装 ClamAV

ClamAV is in the Universe repository. (If you do not have Universe enabled, see AddingRepositoriesHowto). ClamAV has two modes of operation; a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running. Database updates can also be downloaded automatically .

  • For manual use: install the package clamav.
  • For automated use: install the package clamav-daemon.

Both methods will also install clamav-freshclam, the updater. After installing, you may be asked some questions about how to get virus signature updates. Select the download site closest to you. ClamAV updates are a very small download and it is well worth scheduling them to happen automatically.

使用 ClamAV

How can I...

如何升级病毒库?

Use freshclam. You will see an output like this:

[email protected]:/etc/clamav # freshclam
ClamAV update process started at Wed Apr 27 00:06:47 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes) 
代理

If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding:

HTTPProxyServer serveraddress
HTTPProxyPort portnumber

如何使用 clamav 扫描病毒?

Use clamscan. Examples:

  • To check files in the all users home directories: clamscan -r /home
  • To check all files on the computer, displaying the name of each file: clamscan -r /
  • To check all files on the computer, but only display infected files and ring a bell when found: clamscan -r --bell -i /

When ClamAV has scanned all the files you asked it to, it will report a summary:

----------- SCAN SUMMARY -----------
Known viruses: 33840
Scanned directories: 145
Scanned files: 226
Infected files: 1
Data scanned: 54.22 MB
I/O buffer size: 131072 bytes
Time: 20.831 sec (0 m 20 s) 

Image:Information_icon.pngClamAV can only read files that the user running it can read. If you want to check all files on the system, use the sudo command (see UsingSudo for more information).

如何在後台运行 ClamAV

Install clamav-daemon. You can then use clamdscan where you would previously have used clamscan. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory. The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files.

如何查看 clamav-daemon 是否正在运行?

Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd

如何删除被病毒感染的文件?

You can add --remove to the clamscan or clamdscan commandline.
IconWarning3.pngNote: No virus scanner is 100% accurate. It is always best to manually check the files you delete, if you are not totally sure that this is what you want to do.

如何查看 ClamAV 的版本?

Use clamdscan -v:

[email protected]:/etc/clamav # clamdscan -V
ClamAV 0.83/855/Tue Apr 26 06:40:32 2005 

Learn about other options?

Try man clamscan.

如何为 ClamAV 设置自动运行的计划任务?

You can use the at command to schedule clamscan or freshclam. For example:

at 3:30 tomorrow
at>clamscan -i /home/user > mail [email protected]
at> <CTRL-D> 
job 3 at 2005-04-28 03:30

You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail.