1.yum 安装
安装后自动生成服务文件,启动服务后,可使用clamdscan命令扫描,速度快;
启动服务后,会实时监控扫描链接,安全性高,但是对服务器性能有一定影响;
安装命令
yum install clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd pcre* gcc zlib zlib-devel libssl-devel libssl openssl
安装完成后,病毒库默认地址是/var/lib/clamav;
2.源码包编译安装
1)下载安装包;
cd /usr/local/
wget https://www.clamav.net/downloads/production/clamav-0.101.4.tar.gz
2)创建clamav用户和存放病毒库路径;
groupadd clamav && useradd -g clamav clamav && id clamav
#日志存放目录
mkdir -p /usr/local/clamav/logs
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
chown clamav:clamav /usr/local/clamav/logs/clamd.log
chown clamav:clamav /usr/local/clamav/logs/freshclam.log
#病毒存放目录
mkdir -p /usr/local/clamav/update
chown -R root:clamav /usr/local/clamav/
chown -R clamav:clamav /usr/local/clamav/update
3)解压安装包;
tar zxf clamav-0.101.4.tar.gz
cd clamav-0.101.4
4)安装依赖;
yum install gcc* openssl openssl-devel -yum
5)编译安装;
cd /usr/local/clamav-0.101.4
./configure –prefix=/usr/local/clamav –with-pcre
make && make install
6)配置clamav;
cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
vim clamd.conf
#注销Example 一行
#Example
#添加配置项
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/update/clamd.pid
DatabaseDirectory /usr/local/clamav/update
cd /usr/local/clamav/etc
vim freshclam.conf
#注销Example 一行
#Example
#添加配置项
DatabaseDirectory /usr/local/clamav/update
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/update/clamd.pid
7)启动clamav;
chown -R clamav:clamav /usr/local/clamav
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service
systemctl status clamav-freshclam.service
8)更新病毒库;
systemctl stop clamav-freshclam.service
/usr/local/clamav/bin/freshclam
#下载病毒库到存储目录,更新
cd /usr/local/clamav/update/
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd
更新完成后,病毒库存放路径下生成四个病毒库文件;
cd /usr/local/clamav/update/
bytecode.cvd daily.cvd main.cvd mirrors.dat
#为扫描操作可执行文件创建软连接
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
注意:
若手动更新病毒库 错,需要进入病毒库存放路径,删除旧的镜像地址文件,重新手动更新;
rm -f /usr/local/clamav/update/mirrors.dat
或者删除所有病毒库文件,重新更新
rm -rf /usr/local/clamav/update/*
9)扫描杀毒;
1)clamdscan
通常使用yum安装才能使用此扫描操作,需要启动clamd服务,扫描速度快;
若不使用-r 参数指定路径,默认递归扫描子目录;
clamdscan /usr
2)clamscan
通用命令,不依赖其他服务(例如clamd),命令参数多,执行速度慢;
-r/–recursive[=yes/no] 递归扫描子目录,所有文件;
-i 只显示发现的病毒文件;
–no-summary 不显示统计信息;
–log=FILE/ -l FILE 增加扫描 告,即输出扫描日志到指定文件;
–move [路径] 移动病毒文件到指定路径;
–remove [路径] 删除指定路径下的病毒文件;
–quiet 只输出错误信息;
–infected/-i 只输出被感染文件;
–suppress-ok-results/-o 跳过扫描OK的文件;
–bell 扫描到病毒文件发出警 声音;
–unzip(unrar) 解压压缩文件执行扫描;
示例:
#从根目录下开始,扫描所有文件并且只显示有问题的文件,发现病毒文件发出警 声音
clamscan -r –bell -i /
#不显示统计信息,只显示找到的病毒文件,且将病毒文件移动到/tmp路径下;
clamscan –no-summary -ri /tmp
#扫描home路径以及其路径下所有子目录,只输出被感染文件,且将病毒文件、被感染文件直接删除;
clamscan –infected –remove –recursive /home
扫描/sys 会产生大量 错,跳过此文件夹即可:
clamscan –exclude-dir=/sys/ -i -r /
10)定时杀毒;
#定制任务计划,凌晨3:00开始更新病毒库,3:30开始杀毒,扫描/home目录以及子目录文件,将扫描出来的病毒文件直接删除,并保存杀毒日志
crontab -e
0 3 /usr/local/clamav/bin/freshclam –quiet
30 3 /usr/local/clamav/bin/clamscan -r /home/ –remove -l /var/log/clamscan.log
声明:本站部分文章及图片源自用户投稿,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!