扫描文件时出现 Clamdscan 错误

所以我一直在尝试使用 clamav 来扫描文件，但

clamdscan

还没有为我工作。

我的设置如下：

brew install clamav

然后我将clamd.conf.sample和freshclam.conf.sample分别重命名为clamd.conf和freshclam.conf。

接下来我评论了

Example

（大约第 8 行）以及我在 TCP 端口地址 => TCPSocket 3310 中评论的 clamd.conf

之后我运行

freshclam

来更新clamav

现在我运行

clamd

（并允许传入连接）来启动守护程序服务，我可以看到它正在运行：

ps -ef |grep clamd            
502 16932     1   0  1:03PM ??         0:14.57 clamd

如果我尝试使用

clamdscan

扫描文件，则会出现错误：

clamdscan ~/Desktop/sample.pdf 

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.008 sec (0 m 0 s)
Start Date: 2022:01:18 13:03:47
End Date:   2022:01:18 13:03:47

此外，我想知道测试 clamav 的最佳方法是什么。 我有一个带有病毒签名的 eicar.rtf，但它也通过了

clamscan

（但我在

clamdscan

上遇到了与样本.pdf 相同的错误）：

clamscan ~/Desktop/eicar.rtf 
Loading:    11s, ETA:   0s [========================>]    8.60M/8.60M sigs       
Compiling:   4s, ETA:   0s [========================>]       41/41 tasks 

/Users/alexhaumer/Desktop/eicar.rtf: OK

----------- SCAN SUMMARY -----------
Known viruses: 8603862
Engine version: 0.104.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 16.482 sec (0 m 16 s)
Start Date: 2022:01:18 13:32:22
End Date:   2022:01:18 13:32:39

eicar.rtf 确实会触发其他 AV，例如当我尝试将其附加到 slack 消息时

另请注意，当我尝试创建 file.txt 并手动输入签名时，它不允许我保存文件 - 那么生成文件（例如 .rtf 除外）并对其进行测试的最佳方法是什么

clamdscan

？ （MacOs 大苏尔）

最后这是我的日志（位于/tmp/clamd.log）：

+++ Started at Tue Jan 18 13:03:02 2022
Received 0 file descriptor(s) from systemd.
clamd daemon 0.104.2 (OS: Darwin, ARCH: x86_64, CPU: x86_64)
Log file size limited to 1048576 bytes.
Reading databases from /usr/local/Cellar/clamav/0.104.2/share/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
Loaded 8603862 signatures.
TCP: Bound to []:3310
TCP: Setting connection queue length to 200
TCP: Bound to []:3310
TCP: Setting connection queue length to 200
Limits: Global time limit set to 120000 milliseconds.
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 17.
Limits: Files limit set to 10000.
Limits: Core-dump limit is 0.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 100000.
Limits: PCRERecMatchLimit limit set to 2000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
AlertExceedsMax heuristic detection disabled.
Heuristic alerts enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
Listening daemon: PID: 16932
MaxQueue set to: 100
Set stacksize to 1048576

一旦所有这些工作完成，我将在 Rails 中的 clamby gem 的上下文中使用它