1. 安装准备
# 安装相关依赖 yum install -y epel-release # 清理缓存 yum clean all && yum makecache # 安装依赖 yum install -y openssl openssl-devel libcurl-devel zlib-devel libpng-devel libxml2-devel json-c-devel bzip2-devel pcre2-devel ncurses-devel # 创建clamav用户和存放病毒库目录 groupadd clamav && useradd -g clamav clamav && id clamav # 创建相关目录并设置权限 mkdir -p /usr/local/clamav/logs touch /usr/local/clamav/logs/clamd.log touch /usr/local/clamav/logs/freshclam.log chown clamav:clamav /usr/local/clamav/logs/clamd.log chown clamav:clamav /usr/local/clamav/logs/freshclam.log mkdir -p /usr/local/clamav/updata chown -R root:clamav /usr/local/clamav/ chown -R clamav:clamav /usr/local/clamav/updata/
2. 下载clamAV安装包
wget http://www.clamav.net/downloads/production/clamav-0.103.11.tar.gz
3. 编译安装
//进入解压目录执行编译安装即可 cd clamav-0.103.11/ //配置 ./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre //编译+安装 make && make install echo $?
4. 配置ClamAV
cd /usr/local/clamav/etc cp clamd.conf.sample clamd.conf cp freshclam.conf.sample freshclam.conf # 编辑配置文件,Example 注释掉这一行. vim clamd.conf #Example 注释掉这一行. # 添加下面三行: LogFile /usr/local/clamav/logs/clamd.log PidFile /usr/local/clamav/updata/clamd.pid DatabaseDirectory /usr/local/clamav/updata # 编辑配置文件,Example 注释掉这一行. vim freshclam.conf #Example 注释掉这一行. # 添加下面三行 DatabaseDirectory /usr/local/clamav/updata UpdateLogFile /usr/local/clamav/logs/freshclam.log PidFile /usr/local/clamav/updata/freshclam.pid
5. ClamAV启动
chown -R clamav.clamav /usr/local/clamav/ systemctl start clamav-freshclam.service systemctl enable clamav-freshclam.service systemctl status clamav-freshclam.service
6. 更新病毒库
#先停止freshclam systemctl stop clamav-freshclam.service #再更新 /usr/local/clamav/bin/freshclam (根据网络质量确定更新时长) #更新完成启动 systemctl start clamav-freshclam.service systemctl status clamav-freshclam.service
7. 创建软连接
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan #说明:如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件 rm -f /var/lib/clamav/mirrors.dat #再手动更新一次病毒库。
8. ClamAV使用场景
1) 扫描命令
//扫码全部内容 clamscan / //只扫描/bin/目录 clamscan /bin/ //递归扫描home目录,将病毒文件删除,并且记录日志 clamscan -r -i /home --remove -l /var/log/clamav.log //扫描指定目录,然后将感染文件移动到指定目录,并记录日志 clamscan -r -i /home --move=/tmp/clamav -l /var/log/clamav.log //常需要扫描的重点目录 clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log //查看病毒文件 cat /var/log/clamav-bin.log | grep "FOUND"
2) 扫描后的报告
# 执行如下命令后的扫描报告 clamscan /bin/ #扫描报告 ----------- SCAN SUMMARY ----------- Known viruses: 8630419 # 已知病毒 Engine version: 0.103.7 # 软件版本 Scanned directories: 1 # 扫描的总目录 Scanned files: 1062 # 扫描的文件数 Infected files: 0 # 感染文件数量 Data scanned: 178.91 MB # 扫描数据量 Data read: 293.84 MB (ratio 0.61:1) # 数据读取 Time: 69.782 sec (1 m 9 s) # 扫描用时 Start Date: 2022:08:25 11:09:35 # 开始时间 End Date: 2022:08:25 11:10:45 # 结束时间
3) 扫描参数
-r/--recursive[=yes/no] //所有文件 --log=FILE/-l FILE //增加扫描报告 --move [路径] //移动病毒文件至.. --remove [路径] //删除病毒文件 --quiet //只输出错误消息 --infected/-i //只输出感染文件 --suppress-ok-results/-o //跳过扫描OK的文件 --bell //扫描到病毒文件发出警报声音 --unzip(unrar) //解压压缩文件扫描
4) 设置定时扫描
让服务器每天晚上定时更新和杀毒,保存杀毒日志,crontab文件如下: 1 3 * * * /usr/local/clamav/bin/freshclam --quiet 20 3 * * * clamscan -r /www --remove -l /var/log/clamscan.log
