扫描文件时的扫描错误

Question

因此，我一直试图使用clamav扫描文件，但clamdscan还没有对我起作用。

我的设置如下：

brew install clamav

然后，我将clamd.conf.sample和freshclam.conf.sample分别重命名为clamd.conf和freshclam.conf。

接下来，我在TCP端口地址Example => TCPSocket 3310中注释了TCP端口地址=>TCPSocket 3310中的clamd.conf (第8行)。

之后，我运行了freshclam来更新clamav

现在，我运行了clamd (并允许传入连接)来启动守护进程服务，我可以看到它运行时：

ps -ef |grep clamd            
502 16932     1   0  1:03PM ??         0:14.57 clamd

如果我试图扫描一个带有clamdscan的文件，它会出错：

clamdscan ~/Desktop/sample.pdf 

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.008 sec (0 m 0 s)
Start Date: 2022:01:18 13:03:47
End Date:   2022:01:18 13:03:47

另外，我想知道测试clamav的最佳方法是什么。我有一个带有病毒签名的eicar.rtf，但它也传递了clamscan (但对于clamdscan的错误与对sample.pdf的错误相同)：

clamscan ~/Desktop/eicar.rtf 
Loading:    11s, ETA:   0s [========================>]    8.60M/8.60M sigs       
Compiling:   4s, ETA:   0s [========================>]       41/41 tasks 

/Users/alexhaumer/Desktop/eicar.rtf: OK

----------- SCAN SUMMARY -----------
Known viruses: 8603862
Engine version: 0.104.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 16.482 sec (0 m 16 s)
Start Date: 2022:01:18 13:32:22
End Date:   2022:01:18 13:32:39

eicar.rtf确实会触发其他AV，例如，当我试图将它附加到一条空闲消息时

在另一个注释中，当我尝试创建一个file.txt并手动通过签名时，它不允许我保存这个文件--那么生成一个文件(比如.rtf以外)并在clamdscan上测试它的最好方法是什么呢？(MacOs Big Sur)

最后，这里是我的日志(位于/tmp/cld.log)：

+++ Started at Tue Jan 18 13:03:02 2022
Received 0 file descriptor(s) from systemd.
clamd daemon 0.104.2 (OS: Darwin, ARCH: x86_64, CPU: x86_64)
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/Cellar/clamav/0.104.2/share/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
Loaded 8603862 signatures.
TCP: Bound to []:3310
TCP: Setting connection queue length to 200
TCP: Bound to []:3310
TCP: Setting connection queue length to 200
Limits: Global time limit set to 120000 milliseconds.
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 17.
Limits: Files limit set to 10000.
Limits: Core-dump limit is 0.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 100000.
Limits: PCRERecMatchLimit limit set to 2000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
AlertExceedsMax heuristic detection disabled.
Heuristic alerts enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
Listening daemon: PID: 16932
MaxQueue set to: 100
Set stacksize to 1048576

所有这些工作完成后，我将在rails中的攀爬宝石上下文中使用这些

Answer 1

好的，我没有看到任何文档明确提到这一点，但是在/usr/local/etc/clamav (如果通过brew安装在clamd.conf中)，您可以另外取消注释TCPAddr localhost (大约第120行)，因为如果不默认侦听INADDR_ANY，在我的示例中，obv没有设置。现在天衣无缝了。