clamscan
我必须在大型文件上运行 clamav。我想知道在和之间哪个命令最快clamdscan
。
但 clamdscan 似乎无法正常工作:它扫描大于 1 GB 的文件。
你们能帮我找出 clamdscan 无法正常工作的原因吗?clamscan 和 clamdscan 哪个消耗的资源更少?
我继续ClamAV 0.97.8/18037
跑Ubuntu 12.04.3 LTS
。
这两个命令的执行结果如下:
clamscan myfile.zip
----------- SCAN SUMMARY -----------
Known viruses: 2864504
Engine version: 0.97.8
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 1024.16 MB (ratio 0.00:1)
Time: 9.145 sec (0 m 9 s)
clamdscan myfile.zip
/home/ubuntu/workspace/benchmark/myfile.zip: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
以下是 clamav 日志文件:
Wed Oct 30 10:26:32 2013 -> Received POLLIN|POLLHUP on fd 4
Wed Oct 30 10:26:32 2013 -> Got new connection, FD 9
Wed Oct 30 10:26:32 2013 -> Received POLLIN|POLLHUP on fd 5
Wed Oct 30 10:26:32 2013 -> fds_poll_recv: timeout after 5 seconds
Wed Oct 30 10:26:32 2013 -> Received POLLIN|POLLHUP on fd 9
Wed Oct 30 10:26:32 2013 -> got command CONTSCAN /home/ubuntu/workspace/benchmark/myfile.zip (51, 7), argument: /home/ubuntu/workspace/benchmark/myfile.zip
Wed Oct 30 10:26:32 2013 -> mode -> MODE_WAITREPLY
Wed Oct 30 10:26:32 2013 -> Breaking command loop, mode is no longer MODE_COMMAND
Wed Oct 30 10:26:32 2013 -> Consumed entire command
Wed Oct 30 10:26:32 2013 -> Number of file descriptors polled: 1 fds
Wed Oct 30 10:26:32 2013 -> fds_poll_recv: timeout after 3600 seconds
Wed Oct 30 10:26:32 2013 -> THRMGR: queue (single) crossed low threshold -> signaling
Wed Oct 30 10:26:32 2013 -> THRMGR: queue (bulk) crossed low threshold -> signaling
Wed Oct 30 10:26:32 2013 -> /home/ubuntu/workspace/benchmark/myfile.zip: OK
Wed Oct 30 10:26:32 2013 -> Finished scanthread
Wed Oct 30 10:26:32 2013 -> Scanthread: connection shut down (FD 9)
Wed Oct 30 10:26:32 2013 -> THRMGR: queue (single) crossed low threshold -> signaling
Wed Oct 30 10:26:32 2013 -> THRMGR: queue (bulk) crossed low threshold -> signaling
答案1
clamd
仅扫描最大大小的文件。运行clamconf | grep MaxFileSize
以获取配置中的确切大小。我的系统上的默认值为 25MB。
此外,你正在运行 Clam 的旧版本,不会检测最新的病毒。您应该立即更新至 0.98+。
您应该使用命令freshclam.conf
来更新文件OnOutdatedExecute
,该命令会在您需要升级时通知您。我使用以下命令:
OnOutdatedExecute "printf 'Subject: ClamAV Outdated\n\nYour ClamAV is outdated, please update to %v' | sendmail [email protected]"
编辑:
许多 Linux 发行版会不遗余力地编辑软件包的默认配置文件,以使配置文件更易于理解。就您而言,他们可能删除了部分或全部通常被完全注释掉的配置项(被注释掉的指令只会调用默认值,因此将其全部删除对操作的影响相同,而无需所有“额外”文档)。简而言之,您的配置文件应该具有以下内容:
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
从那里开始,取消注释最后一行并指定您需要的尺寸就相当容易了。