默认情况下,ClamAV 会忽略大于 25M 的文件。当我尝试扫描一个大文件(700M)时,我有以下输出:
➜ clamscan file.avi
/home/dougui/Videos/file.avi: OK
----------- SCAN SUMMARY -----------
Known viruses: 8284573
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 700.61 MB (ratio 0.00:1)
Time: 13.149 sec (0 m 13 s)
该文件被标记为正确。当我运行命令时--debug,我有这个日志:
...
LibClamAV debug: Checking realpath of file.avi
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: cli_updatelimits: scansize exceeded (initial: 104857600, consumed: 0, needed: 734642176)
LibClamAV debug: cli_updatelimits: filesize exceeded (allowed: 26214400, needed: 734642176)
LibClamAV debug: emax_reached: marked parents as non cacheable
LibClamAV debug: cli_magic_scandesc: returning 0 at line 3314 (no post, no cache)
/home/dougui/Videos/file.avi: OK
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
似乎超出了扫描大小和文件大小。概括起来,“数据扫描”和“数据读取”之间也有区别。我找到了--alert-exceeds-max跳过查找时显示的选项
问题是我找不到与 相同的选项clamdscan。我尝试更改配置并签入日志文件,但没有找到任何内容。
如何查看在守护进程模式下跳过了哪些文件?
答案1
添加解决AlertExceedsMax了clamd.conf我的问题。所有信息都在man clamd.conf.
答案2
您可以使用 排除这些文件,或者如果错误与 Cronic 之类的内容混淆(在我的例子中),则--exclude=/tmpfile可以使用。-l logfile只是监视日志文件$(tail "$clamlog" | grep Infected | cut -d" " -f3) != 0