clamav:无法从 Windows 上的文件列表进行扫描?

clamav:无法从 Windows 上的文件列表进行扫描?

salt win8 grains.item osfullname

win8:
    ----------
    osfullname:
        Microsoft Windows 8.1 Enterprise Evaluation

salt win8 cmd.run shell='powershell' '& "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -V'

win8:
    ClamAV 0.98.7/21375/Tue Feb 16 05:36:54 2016

clamd在 Ubuntu VM 上运行。以下是 Windows 客户端(网络模式)上的配置:

TCPAddr <clamd.server.ip.address>
TCPSocket 3310
User Administrator

我想使用以下命令仅扫描过去 24 小时的文件:

salt win8 cmd.run shell='powershell' 'Get-ChildItem "C:\\Program Files\\ClamAV-x64" -Recurse | Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-1) } | % { $_.FullName }'

win8:
    C:\Program Files\ClamAV-x64\eicar.com.txt
    C:\Program Files\ClamAV-x64\file_to_scan.txt
    C:\Program Files\ClamAV-x64\report.txt
    C:\Program Files\ClamAV-x64\scan.ps1
    C:\Program Files\ClamAV-x64\sendmail.ps1

然后将该列表写入文件:

| Out-File "C:\Program Files\ClamAV-x64\file_to_scan.txt"

并使用-f选项:

salt win8 cmd.run shell='powershell' '& "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -h'

win8:

                           ClamAV Daemon Client 0.99
               By The ClamAV Team: http://www.clamav.net/about.html#credits
               (C) 2007-2015 Cisco Systems, Inc.

        --file-list=FILE    -f FILE        Scan files from FILE

但我扫描时出现此错误:

salt win8 cmd.run shell='powershell' '& "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -f "C:\\Program Files\\ClamAV-x64\file_to_scan.txt"'

win8:

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Total errors: 1
    Time: 0.000 sec (0 m 0 s)
    ERROR: Can't access file C:\Windows\system32\config\systemprofile\ÿþC

它总是说无法访问ÿþC当前工作目录中名为的奇怪文件:

salt win8 cmd.run shell='powershell' 'cd \; & "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -f "C:\\Program Files\\ClamAV-x64\file_to_scan.txt"'

win8:

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Total errors: 1
    Time: 0.000 sec (0 m 0 s)
    ERROR: Can't access file C:\\ÿþC

什么是ÿþC?为什么这么说?

PS:OS X 客户端运行良好:

clamdscan -f file_to_scan

    /Users/quanta/Downloads/eicar.com.txt: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 4.359 sec (0 m 4 s)

星期二 二月 16 22:54:26 ICT 2016

如果直接在 Windows VM 上运行,则会得到另一个奇怪的文件名:

PS C:\Windows\system32> & 'C:\Program Files\ClamAV-x64\clamdscan.exe' -f 'C:\Program Files\ClamAV-x64\file_to_scan.txt'
ERROR: Can't access file C:\Windows\system32\ ■C

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

答案1

什么是ÿþC

ÿþ通过 UTF-16 (LE) 编码表示 BOM (字节顺序标记)

为什么这么说呢?

因为Out-File默认使用系统当前ANSI代码页的编码:

-编码

指定文件中使用的字符编码类型。有效值为“Unicode”、“UTF7”、“UTF8”、“UTF32”、“ASCII”、“BigEndianUnicode”、“Default”和“OEM”。“Unicode”为默认值。“Default”使用系统当前 ANSI 代码页的编码。

-Encoding ASCII解决乱码的方法是:

"C:\\Program Files\\ClamAV-x64" -Recurse | Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-1) } | % { $_.FullName } | Out-File "C:\Program Files\ClamAV-x64\file_to_scan.txt" -Encoding ASCII'

Files\\ClamAV-x64'; & 'C:\\Program Files\\ClamAV-x64\clamdscan.exe' -f .\file_to_scan.txt"

win8:
    C:\Program Files\ClamAV-x64\eicar.com.txt: Eicar-Test-Signature FOUND
    C:\Program Files\ClamAV-x64\file_to_scan.txt: OK
    C:\Program Files\ClamAV-x64\report.txt: OK
    C:\Program Files\ClamAV-x64\scan.ps1: OK
    C:\Program Files\ClamAV-x64\sendmail.ps1: OK

    ----------- SCAN SUMMARY -----------
    Infected files: 1
    Time: 5.845 sec (0 m 5 s)
    ERROR: Minions returned with non-zero exit code

来源:https://social.technet.microsoft.com/Forums/office/en-US/ab1beb83-9174-413c-b1a6-882cef213980/getting-garbled-text-with-outfile-?forum=winserverpowershell

相关内容