目录
简介
Yum安装
一、安装epel软件源
二、安装clamav程序
三、配置SELinux(注:如果服务器已经禁用selinux,可跳过这步)
四、配置ClamAV
五、更新病毒库
六、启动Clamd服务
七、扫描病毒
八、说明:
1.重点扫描目录
2.扫描报告说明
3.查看病毒文件
RPM安装方法
?一、配置用户
二、安装RPM包
三、配置ClamAV?
四、下载(更新)病毒库
五、问题解决
安装glibc
验证?
PACKAGES 安装方法
1、创建用户和组
2、安装依赖环境
3、编译安装?
4、配置ClamAV?
5、启动ClamAV
6、更新病毒库
7、创建软链接?
8、扫描病毒
9、定时扫描
内网更新方法
1、配置freshclam
2、搭建病毒库服务器
简介
Clam AntiVirus(ClamAVNet)是Linux平台上的开源病毒扫描程序,主要应用于邮件服务器,采用多线程后台操作,可以自动升级病毒库。
Yum安装
一、安装epel软件源
# 安装
yum install -y epel-release
# 缓存
yum clean all && yum makecache
二、安装clamav程序
yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
三、配置SELinux(注:如果服务器已经禁用selinux,可跳过这步)
配置ClamAV权限
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1
查看设置结果
[root@Centos7 ~]# getsebool -a | grep antivirus
antivirus_can_scan_system --> on
antivirus_use_jit --> on
四、配置ClamAV
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/clamd.d/scan.conf
sed -i "/#User clamscan/a\User\ root" /etc/clamd.d/scan.conf
sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" /etc/freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" /etc/freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" /etc/freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
#127.0.0.1换成病毒库服务器IP
五、更新病毒库
[root@Centos7 ~]# freshclam
ClamAV update process started at Thu May 12 16:46:43 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.5 Recommended version: 0.103.6
DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
daily database available for update (local version: 26538, remote version: 26539)
Current database is 1 version behind.
Downloading database patch # 26539...
Time: 0.9s, ETA: 0.0s [========================>] 2.58KiB/2.58KiB
Testing database: '/var/lib/clamav/tmp.e5f8f0bc41/clamav-ada8b1afd9011a46f4ee45b0799cf5e1.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 26539, sigs: 1984354, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
病毒库保存位置:
/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd
六、启动Clamd服务
systemctl start clamd@scan
systemctl enable clamd@scan
七、扫描病毒
clamscan ?可用以扫描文件, 用户目录亦或是整个系统:
##扫描文件
clamscan targetfile
##递归扫描home目录,并且记录日志
clamscan -r -i /home -l /var/log/clamav.log
##递归扫描home目录,将病毒文件删除,并且记录日志
clamscan -r -i /home --remove -l /var/log/clamav.log
##扫描指定目录,然后将感染文件移动到指定目录,并记录日志
clamscan -r -i /home --move=/tmp/clamav -l /var/log/clamav.log
##查看相应的帮助信息
clamscan -h
##扫描计算机上的所有文件并且显示所有的文件的扫描结果
clamscan -r /
##扫描计算机上的所有文件并且显示有问题的文件的扫描结果
clamscan -r --bell -i /·
##扫描所有用户的主目录
clamscan -r /home 扫描所有用户的主目录
八、说明:
-r -i ?递归扫描目录-l ?指定记录日志文件--remove ?删除病毒文件--move ?移动病毒到指定目录
1.重点扫描目录
clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log
clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log
clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log
clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log
2.扫描报告说明
[root@Centos7 ~]# clamscan /log
/log/mariadb.log: OK
----------- SCAN SUMMARY -----------
Known viruses: 8616415 #已知病毒
Engine version: 0.103.5 #软件版本
Scanned directories: 1 #扫描目录
Scanned files: 1 #扫描文件
Infected files: 0 #感染文件!!!
Data scanned: 0.01 MB #扫描数据
Data read: 0.00 MB (ratio 2.00:1) #数据读取
Time: 27.221 sec (0 m 27 s) #扫描用时
Start Date: 2022:05:12 10:27:33 #扫描开始
End Date: 2022:05:12 10:28:00 #扫塔结束
3.查看病毒文件
cat /var/log/clamav-bin.log | grep "FOUND"
RPM安装方法
?一、配置用户
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
二、安装RPM包
[root@centos7 ~]# rpm -ivh clamav-0.105.0.linux.x86_64.rpm
Preparing... ################################# [100%]
package clamav-0.105.0-1.x86_64 is already installed
[root@centos7 ~]# cd /usr/local/bin/
[root@centos7 bin]# ll /usr/local/bin/
total 3872
-rwxr-xr-x 1 root root 1024 May 3 00:49 clamav-config
-rwxr-xr-x 1 root root 105656 May 3 00:52 clambc
-rwxr-xr-x 1 root root 105216 May 3 00:52 clamconf
-rwxr-xr-x 1 root root 121696 May 3 00:52 clamdscan
-rwxr-xr-x 1 root root 331984 May 3 00:52 clamdtop
-rwxr-xr-x 1 root root 134184 May 3 00:52 clamscan
-rwxr-xr-x 1 root root 1760656 May 3 00:52 clamsubmit
-rwxr-xr-x 1 root root 52080 May 3 00:52 freshclam
-rwxr-xr-x 1 root root 1338728 May 3 00:52 sigtool
三、配置ClamAV?
cd /usr/local/etc/
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
sed -i -e "s/^Example/#Example/" clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" clamd.conf
sed -i -e "s/^Example/#Example/" freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
#127.0.0.1换成自己的病毒库服务器
四、下载(更新)病毒库
[root@centos7 bin]# ./freshclam
Creating missing database directory: /var/lib/clamav
Assigned ownership of database directory to user "root".
ClamAV update process started at Thu May 12 16:59:29 2022
daily database available for download (remote version: 26539)
Time: 52.1s, ETA: 0.0s [========================>] 55.93MiB/55.93MiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-add1274594c0ed97fd32eb9fc7ea1d09.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26539, sigs: 1984354, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time: 2m 32s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-92a2b56c4e7163088ab9da5fd9fdbcdb.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time: 1.3s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-87a700069267480d54c6c1b6c4244472.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
五、问题解决
Centos6安装后运行会提示缺少Glibc_2.14和2.17
/usr/local/bin/clamscan: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /usr/local/bin/clamscan)
/usr/local/bin/clamscan: /lib64/libc.so.6: version `GLIBC_2.17' not found (required by /usr/local/bin/clamscan)
安装glibc
wget https://ftp.gnu.org/gnu/glibc/glibc-2.17.tar.gz
tar -zxvf glibc-2.17.tar.gz
cd glibc-2.17
mkdir -p build
cd build/
../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin
make
make install
export LD_PRELOAD=/lib64/libc-2.17.so #一定要执行,不然系统要坏,要坏,要坏。
rm -f /lib64/libc.so.6
ln -s /lib64/libc-2.17.so /lib64/libc.so.6
验证?
[root@centos6 ~]# strings /lib64/libc.so.6 |grep GLIBC
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_2.13
GLIBC_2.14
GLIBC_2.15
GLIBC_2.16
GLIBC_2.17
GLIBC_PRIVATE
ClamAV 软件包可能与上游版本有所不同。一些例子:
数据库和应用程序配置路径可能会有所不同:
默认的源代码安装将进入/usr/local,其中:
applications in /usr/local/bin
daemons in /usr/local/sbin
libraries in /usr/local/lib
headers in /usr/local/include
configs in /usr/local/etc/
databases in /usr/local/share/clamav/
Linux 软件包安装可能会进入/usr,其中:
applications in /usr/bin
daemons in /usr/sbin
libraries in /usr/lib
headers in /usr/include
configs in /etc/clamav
databases in /var/lib/clamav
PACKAGES 安装方法
(104开始,后面的版本不再提供configure文件,建意使用rpm包安装)
1、创建用户和组
groupadd clamav && useradd -g clamav clamav && id clamav #创建clamav运行用户和组
2、安装依赖环境
yum -y install gcc gcc-c++ openssl-devel libcurl-devel #安装clamav的依赖包
3、编译安装?
tar -zxvf clamav-0.103.3.tar.gz #接着解压包
cd clamav-0.103.3
./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
make && make install
4、配置ClamAV?
cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
sed -i -e "s/^Example/#Example/" clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" clamd.conf
sed -i -e "s/^Example/#Example/" freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
#127.0.0.1换成自己的病毒库服务器
5、启动ClamAV
chown -R clamav.clamav /usr/local/clamav/
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service
systemctl status clamav-freshclam.service
6、更新病毒库
#先停止freshclam
systemctl stop clamav-freshclam.service
#再更新
/usr/local/clamav/bin/freshclam (根据网络质量确定更新时长)
#或者
cd /var/lib/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd
#更新完成启动
systemctl start clamav-freshclam.service
systemctl status clamav-freshclam.service
7、创建软链接?
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
#说明:如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件
#rm -f /var/lib/clamav/mirrors.dat,再手动更新一次病毒库。
8、扫描病毒
clamscan /
扫描参数:
-r/--recursive[=yes/no] #所有文件
--log=FILE/-l FILE #增加扫描报告
--move [路径] #移动病毒文件至..
--remove [路径] #删除病毒文件
--quiet #只输出错误消息
--infected/-i #只输出感染文件
--suppress-ok-results/-o #跳过扫描OK的文件
--bell #扫描到病毒文件发出警报声音
--unzip(unrar) #解压压缩文件扫描
9、定时扫描
#让服务器每天晚上定时更新和杀毒,保存杀毒日志,crontab文件如下:
1 3 * * * /usr/local/clamav/bin/freshclam --quiet
20 3 * * * /usr/local/clamav/bin/clamscan -r /home --remove -l /var/log/clamscan.log
内网更新方法
1、配置freshclam
vim freshclam.conf
#PrivateMirror mirror1.example.com #取消注释,并修改为自己的服务器址地,如:127.0.0.1
2、搭建病毒库服务器
搭建一个http服务器即可,此处略
下载病毒库文件到本地HTTP服务器:
http://database.clamav.net/main.cvd
http://database.clamav.net/daily.cvd
http://database.clamav.net/bytecode.cvd
或从其他服务器复制此三个文件到HTTP服务器
(注:freshclam自动更新时可能 daily.cvd 名称为 daily.cld )
|