Linux/Ubuntu
clamav
구차니
2025. 12. 22. 15:15
clamav 라고 리눅스용 백신이라고 보면 되는데 ubuntu 22.04 에서 설치시도!
| $ sudo apt-cache search clamav amavisd-new - MTA와 바이러스 검사 프로그램 간 인터페이스/내용 필터 clamav - 유닉스용 안티 바이러스 유틸리티 - 명령행 인터페이스 clamav-base - anti-virus utility for Unix - base package clamav-daemon - anti-virus utility for Unix - scanner daemon clamav-freshclam - anti-virus utility for Unix - virus database update utility clamdscan - anti-virus utility for Unix - scanner client libclamav-dev - anti-virus utility for Unix - development files libclamav9 - anti-virus utility for Unix - library clamsmtp - 바이러스 스캐닝 SMTP 프락시 clamtk - ClamAV용 그래픽 프런트엔드 courier-filter-perl - Courier MTA용 순수 펄기반 메일 필터 프레임워크 amavisd-new-postfix - part of Ubuntu mail stack provided by Ubuntu server team clamassassin - email virus filter wrapper for ClamAV clamav-cvdupdate - ClamAV Private Database Mirror Updater Tool clamav-milter - anti-virus utility for Unix - sendmail integration clamav-testfiles - anti-virus utility for Unix - test files clamav-unofficial-sigs - update script for 3rd-party clamav signatures clamfs - user-space anti-virus protected file system clamtk-gnome - GNOME (Nautilus) MenuProvider extension for ClamTk claws-mail-clamd-plugin - ClamAV socket-based plugin for Claws Mail havp - HTTP Anti Virus Proxy libc-icap-mod-virus-scan - Antivirus Service for c-icap libclamav-client-perl - Perl client for the ClamAV virus scanner daemon monitoring-plugins-contrib - Plugins for nagios compatible monitoring systems postgresql-14-snakeoil - PostgreSQL anti-virus scanner based on ClamAV proftpd-mod-clamav - ProFTPD module mod_clamav python3-pyclamd - Python 3 interface to the ClamAV daemon libclamunrar9 - anti-virus utility for Unix - unrar support clamav-doc - anti-virus utility for Unix - documentation clamav-docs - anti-virus utility for Unix - documentation libclamav12 - anti-virus utility for Unix - library clamav-testfiles-rar - anti-virus utility for Unix - test files libclamunrar - anti-virus utility for Unix - unrar support libclamunrar12 - anti-virus utility for Unix - unrar support |
깔면 알아서 업데이트용 프로그램과 함께 설치된다.
| $ sudo apt-get install clamav 패키지 목록을 읽는 중입니다... 완료 의존성 트리를 만드는 중입니다... 완료 상태 정보를 읽는 중입니다... 완료 다음의 추가 패키지가 설치될 것입니다 : clamav-base clamav-freshclam libclamav12 libmspack0 제안하는 패키지: libclamunrar clamav-doc libclamunrar11 다음 새 패키지를 설치할 것입니다: clamav clamav-base clamav-freshclam libclamav12 libmspack0 0개 업그레이드, 5개 새로 설치, 0개 제거 및 0개 업그레이드 안 함. 6,682 k바이트 아카이브를 받아야 합니다. 이 작업 후 31.4 M바이트의 디스크 공간을 더 사용하게 됩니다. 계속 하시겠습니까? [Y/n] |
freshclam은 이미 백그라운드로 돌고 있어서 굳이 수동으로 할 필요는 없어 보인다.
| $ sudo freshclam ERROR: Failed to lock the log file /var/log/clamav/freshclam.log: Resource temporarily unavailable ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! $ ps -ef | grep fresh clamav 2903247 1 9 10:58 ? 00:00:02 /usr/bin/freshclam -d --foreground=true minimonk 2903734 2902302 0 10:58 pts/18 00:00:00 grep --color=auto fresh |
별다른 옵션을 주지 않으면 현재 디렉토리 하위로 검색하는 듯.
| $ clamscan Loading: 7s, ETA: 0s [========================>] 3.63M/3.63M sigs Compiling: 3s, ETA: 0s [========================>] 41/41 tasks /home/minimonk/.node_repl_history: OK ----------- SCAN SUMMARY ----------- Known viruses: 3626999 Engine version: 1.4.3 Scanned directories: 1 Scanned files: 42 Infected files: 0 Data scanned: 69.96 MB Data read: 34.47 MB (ratio 2.03:1) Time: 14.135 sec (0 m 14 s)Start Date: 2025:12:23 11:26:39 End Date: 2025:12:23 11:26:53 |
기본 값으로 삭제는 하지 않게 되어있고, 쓸만한 옵션(?)으로는 -r -i 정도가 있는 듯.
| $ clamscan --help Clam AntiVirus: Scanner 1.4.3 By The ClamAV Team: https://www.clamav.net/about.html#credits (C) 2024 Cisco Systems, Inc. clamscan [options] [file/directory/-] --help -h Show this help --version -V Print version number --verbose -v Be verbose --archive-verbose -a Show filenames inside scanned archives --debug Enable libclamav's debug messages --quiet Only output error messages --stdout Write to stdout instead of stderr. Does not affect 'debug' messages. --no-summary Disable summary at end of scanning --infected -i Only print infected files --suppress-ok-results -o Skip printing OK files --bell Sound bell on virus detection --tempdir=DIRECTORY Create temporary files in DIRECTORY --leave-temps[=yes/no(*)] Do not remove temporary files --force-to-disk[=yes/no(*)] Create temporary files for nested file scans that would otherwise be in-memory only --gen-json[=yes/no(*)] Generate JSON metadata for the scanned file(s). For testing & development use ONLY. JSON will be printed if --debug is enabled. A JSON file will dropped to the temp directory if --leave-temps is enabled. --database=FILE/DIR -d FILE/DIR Load virus database from FILE or load all supported db files from DIR --official-db-only[=yes/no(*)] Only load official signatures --fail-if-cvd-older-than=days Return with a nonzero error code if virus database outdated. --log=FILE -l FILE Save scan report to FILE --recursive[=yes/no(*)] -r Scan subdirectories recursively --allmatch[=yes/no(*)] -z Continue scanning within file after finding a match --cross-fs[=yes(*)/no] Scan files and directories on other filesystems --follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never, 1 = direct, 2 = always) --follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 = direct, 2 = always) --file-list=FILE -f FILE Scan files from FILE --remove[=yes/no(*)] Remove infected files. Be careful! --move=DIRECTORY Move infected files into DIRECTORY --copy=DIRECTORY Copy infected files into DIRECTORY --exclude=REGEX Don't scan file names matching REGEX --exclude-dir=REGEX Don't scan directories matching REGEX --include=REGEX Only scan file names matching REGEX --include-dir=REGEX Only scan directories matching REGEX --bytecode[=yes(*)/no] Load bytecode from the database --bytecode-unsigned[=yes/no(*)] Load unsigned bytecode **Caution**: You should NEVER run bytecode signatures from untrusted sources. Doing so may result in arbitrary code execution. --bytecode-timeout=N Set bytecode timeout (in milliseconds) --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics --detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications --exclude-pua=CAT Skip PUA sigs of category CAT --include-pua=CAT Load PUA sigs of category CAT --detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card) --structured-ssn-format=X SSN format (0=normal,1=stripped,2=both) --structured-ssn-count=N Min SSN count to generate a detect --structured-cc-count=N Min CC count to generate a detect --structured-cc-mode=X CC mode (0=credit debit and private label, 1=credit cards only --scan-mail[=yes(*)/no] Scan mail files --phishing-sigs[=yes(*)/no] Enable email signature-based phishing detection --phishing-scan-urls[=yes(*)/no] Enable URL signature-based phishing detection --heuristic-alerts[=yes(*)/no] Heuristic alerts --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found --normalize[=yes(*)/no] Normalize html, script, and text files. Use normalize=no for yara compatibility --scan-pe[=yes(*)/no] Scan PE files --scan-elf[=yes(*)/no] Scan ELF files --scan-ole2[=yes(*)/no] Scan OLE2 containers --scan-pdf[=yes(*)/no] Scan PDF files --scan-swf[=yes(*)/no] Scan SWF files --scan-html[=yes(*)/no] Scan HTML files --scan-xmldocs[=yes(*)/no] Scan xml-based document files --scan-hwp3[=yes(*)/no] Scan HWP3 files --scan-onenote[=yes(*)/no] Scan OneNote files --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav) --scan-image[=yes(*)/no] Scan image (graphics) files --scan-image-fuzzy-hash[=yes(*)/no] Detect files by calculating image (graphics) fuzzy hashes --alert-broken[=yes/no(*)] Alert on broken executable files (PE & ELF) --alert-broken-media[=yes/no(*)] Alert on broken graphics files (JPEG, TIFF, PNG, GIF) --alert-encrypted[=yes/no(*)] Alert on encrypted archives and documents --alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives --alert-encrypted-doc[=yes/no(*)] Alert on encrypted documents --alert-macros[=yes/no(*)] Alert on OLE2 files containing VBA macros --alert-exceeds-max[=yes/no(*)] Alert on files that exceed max file size, max scan size, or max recursion limit --alert-phishing-ssl[=yes/no(*)] Alert on emails containing SSL mismatches in URLs --alert-phishing-cloak[=yes/no(*)] Alert on emails containing cloaked URLs --alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files containing partition intersections --nocerts Disable authenticode certificate chain verification in PE files --dumpcerts Dump authenticode certificate chain in PE files --max-scantime=#n Scan time longer than this will be skipped and assumed clean (milliseconds) --max-filesize=#n Files larger than this will be skipped and assumed clean --max-scansize=#n The maximum amount of data to scan for each container file (**) --max-files=#n The maximum number of files to scan for each container file (**) --max-recursion=#n Maximum archive recursion level for container file (**) --max-dir-recursion=#n Maximum directory recursion level --max-embeddedpe=#n Maximum size file to check for embedded PE --max-htmlnormalize=#n Maximum size of HTML file to normalize --max-htmlnotags=#n Maximum size of normalized HTML file to scan --max-scriptnormalize=#n Maximum size of script file to normalize --max-ziptypercg=#n Maximum size zip to type reanalyze --max-partitions=#n Maximum number of partitions in disk image to be scanned --max-iconspe=#n Maximum number of icons in PE file to be scanned --max-rechwp3=#n Maximum recursive calls to HWP3 parsing function --pcre-match-limit=#n Maximum calls to the PCRE match function. --pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function. --pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching. --disable-cache Disable caching and cache checks for hash sums of scanned files. Pass in - as the filename for stdin. (*) Default scan settings (**) Certain files (e.g. documents, archives, etc.) may in turn contain other files inside. The above options ensure safe processing of this kind of data. |
[링크: https://cheesecat47.github.io/blog/2025/06/11/linux-antivirus-clamav]