1. 安装准备
- # 安装相关依赖
- yum install -y epel-release
- # 清理缓存
- yum clean all && yum makecache
- # 安装依赖
- yum install -y openssl openssl-devel libcurl-devel zlib-devel libpng-devel libxml2-devel json-c-devel bzip2-devel pcre2-devel ncurses-devel
-
-
- # 创建clamav用户和存放病毒库目录
- groupadd clamav && useradd -g clamav clamav && id clamav
-
-
- # 创建相关目录并设置权限
- mkdir -p /usr/local/clamav/logs
- touch /usr/local/clamav/logs/clamd.log
- touch /usr/local/clamav/logs/freshclam.log
- chown clamav:clamav /usr/local/clamav/logs/clamd.log
- chown clamav:clamav /usr/local/clamav/logs/freshclam.log
- mkdir -p /usr/local/clamav/updata
- chown -R root:clamav /usr/local/clamav/
- chown -R clamav:clamav /usr/local/clamav/updata/
2. 下载clamAV安装包
wget http://www.clamav.net/downloads/production/clamav-0.103.11.tar.gz
3. 编译安装
- //进入解压目录执行编译安装即可
- cd clamav-0.103.11/
- //配置
- ./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
-
- //编译+安装
- make && make install
- echo $?
4. 配置ClamAV
- cd /usr/local/clamav/etc
- cp clamd.conf.sample clamd.conf
- cp freshclam.conf.sample freshclam.conf
-
- # 编辑配置文件,Example 注释掉这一行.
- vim clamd.conf
- #Example 注释掉这一行.
-
- # 添加下面三行:
- LogFile /usr/local/clamav/logs/clamd.log
- PidFile /usr/local/clamav/updata/clamd.pid
- DatabaseDirectory /usr/local/clamav/updata
-
- # 编辑配置文件,Example 注释掉这一行.
- vim freshclam.conf
- #Example 注释掉这一行.
-
- # 添加下面三行
- DatabaseDirectory /usr/local/clamav/updata
- UpdateLogFile /usr/local/clamav/logs/freshclam.log
- PidFile /usr/local/clamav/updata/freshclam.pid
5. ClamAV启动
- chown -R clamav.clamav /usr/local/clamav/
- systemctl start clamav-freshclam.service
- systemctl enable clamav-freshclam.service
- systemctl status clamav-freshclam.service
6. 更新病毒库
- #先停止freshclam
- systemctl stop clamav-freshclam.service
-
- #再更新
- /usr/local/clamav/bin/freshclam (根据网络质量确定更新时长)
-
- #更新完成启动
- systemctl start clamav-freshclam.service
- systemctl status clamav-freshclam.service
7. 创建软连接
- ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
-
- #说明:如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件
- rm -f /var/lib/clamav/mirrors.dat #再手动更新一次病毒库。
8. ClamAV使用场景
1) 扫描命令
- //扫码全部内容
- clamscan /
-
- //只扫描/bin/目录
- clamscan /bin/
-
- //递归扫描home目录,将病毒文件删除,并且记录日志
- clamscan -r -i /home --remove -l /var/log/clamav.log
-
- //扫描指定目录,然后将感染文件移动到指定目录,并记录日志
- clamscan -r -i /home --move=/tmp/clamav -l /var/log/clamav.log
-
- //常需要扫描的重点目录
- clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log
- clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log
- clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log
- clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log
-
- //查看病毒文件
- cat /var/log/clamav-bin.log | grep "FOUND"
2) 扫描后的报告
- # 执行如下命令后的扫描报告
- clamscan /bin/
-
- #扫描报告
- ----------- SCAN SUMMARY -----------
- Known viruses: 8630419 # 已知病毒
- Engine version: 0.103.7 # 软件版本
- Scanned directories: 1 # 扫描的总目录
- Scanned files: 1062 # 扫描的文件数
- Infected files: 0 # 感染文件数量
- Data scanned: 178.91 MB # 扫描数据量
- Data read: 293.84 MB (ratio 0.61:1) # 数据读取
- Time: 69.782 sec (1 m 9 s) # 扫描用时
- Start Date: 2022:08:25 11:09:35 # 开始时间
- End Date: 2022:08:25 11:10:45 # 结束时间
3) 扫描参数
- -r/--recursive[=yes/no] //所有文件
- --log=FILE/-l FILE //增加扫描报告
- --move [路径] //移动病毒文件至..
- --remove [路径] //删除病毒文件
- --quiet //只输出错误消息
- --infected/-i //只输出感染文件
- --suppress-ok-results/-o //跳过扫描OK的文件
- --bell //扫描到病毒文件发出警报声音
- --unzip(unrar) //解压压缩文件扫描
4) 设置定时扫描
- 让服务器每天晚上定时更新和杀毒,保存杀毒日志,crontab文件如下:
- 1 3 * * * /usr/local/clamav/bin/freshclam --quiet
- 20 3 * * * clamscan -r /www --remove -l /var/log/clamscan.log