Clamav
在守護程序模式下使用 ClamAV 顯示跳過的文件
預設情況下,ClamAV 會忽略大於 25M 的文件。當我嘗試掃描一個 700M 的大文件時,我有以下輸出:
➜ clamscan file.avi /home/dougui/Videos/file.avi: OK ----------- SCAN SUMMARY ----------- Known viruses: 8284573 Engine version: 0.102.4 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 700.61 MB (ratio 0.00:1) Time: 13.149 sec (0 m 13 s)該文件被標記為正確。當我執行命令時
--debug,我有這個日誌:... LibClamAV debug: Checking realpath of file.avi LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: cli_updatelimits: scansize exceeded (initial: 104857600, consumed: 0, needed: 734642176) LibClamAV debug: cli_updatelimits: filesize exceeded (allowed: 26214400, needed: 734642176) LibClamAV debug: emax_reached: marked parents as non cacheable LibClamAV debug: cli_magic_scandesc: returning 0 at line 3314 (no post, no cache) /home/dougui/Videos/file.avi: OK LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up似乎超出了掃描大小和文件大小。概括起來,“數據掃描”和“數據讀取”之間也存在差異。我找到了
--alert-exceeds-max在跳過查找時顯示的選項問題是我找不到與
clamdscan. 我試圖更改配置並簽入日誌文件,但沒有找到任何東西。如何查看在 Deamon 模式下跳過了哪些文件?
添加解決
AlertExceedsMax了clamd.conf我的問題。所有資訊都在man clamd.conf.