salt win8 grains.item osfullname
win8:
----------
osfullname:
Microsoft Windows 8.1 Enterprise Evaluation
salt win8 cmd.run shell='powershell' '& "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -V'
win8:
ClamAV 0.98.7/21375/Tue Feb 16 05:36:54 2016
clamd
在 Ubuntu VM 上运行。以下是 Windows 客户端(网络模式)上的配置:
TCPAddr <clamd.server.ip.address>
TCPSocket 3310
User Administrator
我想使用以下命令仅扫描过去 24 小时的文件:
salt win8 cmd.run shell='powershell' 'Get-ChildItem "C:\\Program Files\\ClamAV-x64" -Recurse | Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-1) } | % { $_.FullName }'
win8:
C:\Program Files\ClamAV-x64\eicar.com.txt
C:\Program Files\ClamAV-x64\file_to_scan.txt
C:\Program Files\ClamAV-x64\report.txt
C:\Program Files\ClamAV-x64\scan.ps1
C:\Program Files\ClamAV-x64\sendmail.ps1
然后将该列表写入文件:
| Out-File "C:\Program Files\ClamAV-x64\file_to_scan.txt"
并使用-f
选项:
salt win8 cmd.run shell='powershell' '& "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -h'
win8:
ClamAV Daemon Client 0.99
By The ClamAV Team: http://www.clamav.net/about.html#credits
(C) 2007-2015 Cisco Systems, Inc.
--file-list=FILE -f FILE Scan files from FILE
但我扫描时出现此错误:
salt win8 cmd.run shell='powershell' '& "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -f "C:\\Program Files\\ClamAV-x64\file_to_scan.txt"'
win8:
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
ERROR: Can't access file C:\Windows\system32\config\systemprofile\ÿþC
它总是说无法访问ÿþC
当前工作目录中名为的奇怪文件:
salt win8 cmd.run shell='powershell' 'cd \; & "C:\\Program Files\\ClamAV-x64\clamdscan.exe" -f "C:\\Program Files\\ClamAV-x64\file_to_scan.txt"'
win8:
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
ERROR: Can't access file C:\\ÿþC
什么是ÿþC
?为什么这么说?
PS:OS X 客户端运行良好:
clamdscan -f file_to_scan
/Users/quanta/Downloads/eicar.com.txt: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 4.359 sec (0 m 4 s)
星期二 二月 16 22:54:26 ICT 2016
如果直接在 Windows VM 上运行,则会得到另一个奇怪的文件名:
PS C:\Windows\system32> & 'C:\Program Files\ClamAV-x64\clamdscan.exe' -f 'C:\Program Files\ClamAV-x64\file_to_scan.txt'
ERROR: Can't access file C:\Windows\system32\ ■C
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
答案1
什么是
ÿþC
?
ÿþ
是通过 UTF-16 (LE) 编码表示 BOM (字节顺序标记)。
为什么这么说呢?
因为Out-File
默认使用系统当前ANSI代码页的编码:
-编码
指定文件中使用的字符编码类型。有效值为“Unicode”、“UTF7”、“UTF8”、“UTF32”、“ASCII”、“BigEndianUnicode”、“Default”和“OEM”。“Unicode”为默认值。“Default”使用系统当前 ANSI 代码页的编码。
-Encoding ASCII
解决乱码的方法是:
"C:\\Program Files\\ClamAV-x64" -Recurse | Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-1) } | % { $_.FullName } | Out-File "C:\Program Files\ClamAV-x64\file_to_scan.txt" -Encoding ASCII'
Files\\ClamAV-x64'; & 'C:\\Program Files\\ClamAV-x64\clamdscan.exe' -f .\file_to_scan.txt"
win8:
C:\Program Files\ClamAV-x64\eicar.com.txt: Eicar-Test-Signature FOUND
C:\Program Files\ClamAV-x64\file_to_scan.txt: OK
C:\Program Files\ClamAV-x64\report.txt: OK
C:\Program Files\ClamAV-x64\scan.ps1: OK
C:\Program Files\ClamAV-x64\sendmail.ps1: OK
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 5.845 sec (0 m 5 s)
ERROR: Minions returned with non-zero exit code