个人工具

UbuntuHelp:ClamAV/zh

来自Ubuntu中文

Luckyone讨论 | 贡献2008年6月3日 (二) 12:31的版本

跳转至: 导航, 搜索

ClamAV 是一个命令行下的病毒扫描工具。它只能扫面病毒,而不能将其从文件中移除。它能够扫面各种平台上的病毒,但由于现实情况,它主要用来扫描 Windows 下的病毒和恶意软件。Ubuntu 下的其他反病毒软件可以在这里找到。

安装 ClamAV

ClamAV is in the Universe repository. (If you do not have Universe enabled, see AddingRepositoriesHowto). ClamAV has two modes of operation; a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running. Database updates can also be downloaded automatically .

  • For manual use: install the package clamav.
  • For automated use: install the package clamav-daemon.

Both methods will also install clamav-freshclam, the updater. After installing, you may be asked some questions about how to get virus signature updates. Select the download site closest to you. ClamAV updates are a very small download and it is well worth scheduling them to happen automatically.

ClamAV在官方软件源中存放,(如果你没有启用官方软件源,参考AddingRepositoriesHowto )ClamAV有两种模式的运行,一个是程序加载到内存中,只有当您要扫描的文件,或更经常使用(如扫描所有传入的电子邮件) ,一个程序连接到后台程序是始终在运行。数据库的更新还可以自动下载。
手动使用:安装套件的ClamAV 。
自动使用:安装套件的ClamAV -守护程序。这两种方法也将安装的ClamAV - freshclam ,更新。安装完成后,您可能会问了一些问题,如何让病毒码更新。选择下载网站最接近你。更新的ClamAV是一个很小的下载,这是非常值得调度他们自动发生的。

使用 ClamAV

How can I...

如何升级病毒库?

Use freshclam. You will see an output like this:

[email protected]:/etc/clamav # freshclam
ClamAV update process started at Wed Apr 27 00:06:47 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes) 
代理

If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding:

HTTPProxyServer serveraddress
HTTPProxyPort portnumber

如何使用 clamav 扫描病毒?

Use clamscan. Examples:

  • To check files in the all users home directories: clamscan -r /home
  • To check all files on the computer, displaying the name of each file: clamscan -r /
  • To check all files on the computer, but only display infected files and ring a bell when found: clamscan -r --bell -i /

When ClamAV has scanned all the files you asked it to, it will report a summary:

----------- SCAN SUMMARY -----------
Known viruses: 33840
Scanned directories: 145
Scanned files: 226
Infected files: 1
Data scanned: 54.22 MB
I/O buffer size: 131072 bytes
Time: 20.831 sec (0 m 20 s) 

Image:Information_icon.pngClamAV can only read files that the user running it can read. If you want to check all files on the system, use the sudo command (see UsingSudo for more information).

如何在後台运行 ClamAV

Install clamav-daemon. You can then use clamdscan where you would previously have used clamscan. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory. The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files.

如何查看 clamav-daemon 是否正在运行?

Look for it in the processt list, or use this handy shortcut: ps ax | grep [c]lamd

如何删除被病毒感染的文件?

You can add --remove to the clamscan or clamdscan commandline.
IconWarning3.pngNote: No virus scanner is 100% accurate. It is always best to manually check the files you delete, if you are not totally sure that this is what you want to do.

如何查看 ClamAV 的版本?

Use clamdscan -v:

[email protected]:/etc/clamav # clamdscan -V
ClamAV 0.83/855/Tue Apr 26 06:40:32 2005 

Learn about other options?

Try man clamscan.

如何为 ClamAV 设置自动运行的计划任务?

You can use the at command to schedule clamscan or freshclam. For example:

at 3:30 tomorrow
at>clamscan -i /home/user > mail [email protected]
at> <CTRL-D> 
job 3 at 2005-04-28 03:30

You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail.