0

所以我一直在尝试使用 clamav 来扫描文件,但它还clamdscan没有为我工作。

我的设置如下:

brew install clamav

然后我将 clamd.conf.sample 和 freshclam.conf.sample 分别重命名为 clamd.conf 和 freshclam.conf。

接下来我评论Example了(大约第 8 行)对于 clamd.conf 我在 TCP 端口地址 => TCPSocket 3310 中评论

之后我跑去freshclam更新clamav

现在我运行clamd(并允许传入连接)来启动守护程序服务,我可以看到它正在运行:

ps -ef |grep clamd            
502 16932     1   0  1:03PM ??         0:14.57 clamd

如果我尝试使用clamdscan它扫描文件错误:

clamdscan ~/Desktop/sample.pdf 

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.008 sec (0 m 0 s)
Start Date: 2022:01:18 13:03:47
End Date:   2022:01:18 13:03:47

另外我想知道测试clamav的最佳方法是什么。我有一个带有病毒签名的 eicar.rtf,但它也通过了clamscan(但我得到clamdscan与 sample.pdf 相同的错误):

clamscan ~/Desktop/eicar.rtf 
Loading:    11s, ETA:   0s [========================>]    8.60M/8.60M sigs       
Compiling:   4s, ETA:   0s [========================>]       41/41 tasks 

/Users/alexhaumer/Desktop/eicar.rtf: OK

----------- SCAN SUMMARY -----------
Known viruses: 8603862
Engine version: 0.104.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 16.482 sec (0 m 16 s)
Start Date: 2022:01:18 13:32:22
End Date:   2022:01:18 13:32:39

例如,当我尝试将 eicar.rtf 附加到松弛消息时,eicar.rtf 确实会触发其他 AV

在单独的注释中,当我尝试创建 file.txt 并手动传递签名时,它不允许我保存文件 - 那么生成文件(比如 .rtf 以外)并对其进行测试的最佳方法是什么clamdscan?(MacOs 大苏尔)

最后是我的日志(位于 /tmp/clamd.log):

+++ Started at Tue Jan 18 13:03:02 2022
Received 0 file descriptor(s) from systemd.
clamd daemon 0.104.2 (OS: Darwin, ARCH: x86_64, CPU: x86_64)
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/Cellar/clamav/0.104.2/share/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
Loaded 8603862 signatures.
TCP: Bound to []:3310
TCP: Setting connection queue length to 200
TCP: Bound to []:3310
TCP: Setting connection queue length to 200
Limits: Global time limit set to 120000 milliseconds.
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 17.
Limits: Files limit set to 10000.
Limits: Core-dump limit is 0.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 100000.
Limits: PCRERecMatchLimit limit set to 2000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
AlertExceedsMax heuristic detection disabled.
Heuristic alerts enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
Listening daemon: PID: 16932
MaxQueue set to: 100
Set stacksize to 1048576

一旦所有这些工作,我将在rails中的clamby gem的上下文中使用它

4

1 回答 1

0

好吧,我没有看到任何明确提到这一点的文档,但是在 clamd.conf (如果通过 brew 安装,则位于/usr/local/etc/clamav )中,您还可以取消注释TCPAddr localhost(在第 120 行附近),因为如果您不默认侦听到INADDR_ANY,在我的情况下 obvs 没有设置。现在无缝工作。

于 2022-01-18T21:52:37.510 回答