#clamav安装与使用
###第一步:Clamav下载
http://www.clamav.net/downloads
wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz
###第二步:创建clamav用户和组
groupadd clamav (创建clamav组)
useradd -g clamav clamav(创建clamav用户并加入clamav组)
###第三步:编译安装
“`shell
tar xfclamav-0.99.2.tar.gz
cd clamav-0.99.2
安装依赖包
yum install gcc openssl openssl-devel -y
./configure–prefix=/usr/local/clamav
make&&make install
“`
###第四步:配置
“`shell
mkdir /usr/local/clamav/logs #(日志存放目录)
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
mkdir /usr/local/clamav/updata #(clanav 病毒库目录)
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/updata/
chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log
cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
vim clamd.conf
#Example 注释掉这一行.
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/updata/clamd.pid
DatabaseDirectory /usr/local/clamav/updata
vim freshclam.conf
#Example 注释掉这一行.
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid
“`
###第五步:升级病毒库
/usr/local/clamav/bin/freshclam
PS:这个过程很久,大概半个小时。确保 络正常
“`shell
–help / -h show help
–version / -V print version number and exit
–verbose / -v be verbose
–debug enable debug messages
–quiet only output error messages
–no-warnings don’t print and log warnings
–stdout write to stdout instead of stderr
–show-progress show download progress percentage
–config-file=FILE read configuration from FILE.
–log=FILE / -l FILE log into FILE
–daemon / -d run in daemon mode
–pid=FILE / -p FILE save daemon’s pid in FILE
–user=USER / -u USER run as USER
–no-dns force old non-DNS verification method
–checks=#n / -c #n number of checks per day, 1
–datadir=DIRECTORY download new databases into DIRECTORY
–daemon-notify[=/path/clamd.conf] send RELOAD command to clamd
–local-address=IP / -a IP bind to IP for HTTP downloads
–on-update-execute=COMMAND execute COMMAND after successful update
–on-error-execute=COMMAND execute COMMAND if errors occured
–on-outdated-execute=COMMAND execute COMMAND when software is outdated
–list-mirrors print mirrors from mirrors.dat
–enable-stats enable statistical information reporting
–stats-host-id=UUID HostID in the form of an UUID to use when submitting statistical information
–update-db=DBNAME only update database DBNAME
“`
###第六步:杀毒
/usr/local/clamav/bin/clamscan -r –remove (查杀当前目录并删除感染的文件)
/usr/local/clamav/bin/clamscan -r –bell -i / (扫描所有文件并且显示有问题的文件的扫描结果)
>其他参数
>“`shell
> -r/–recursive[=yes/no] 所有文件
> –log=FILE/-l FILE 增加扫描 告
> # clamscan -l /var/log/clamscan.log /
> –move [路径] 移动病毒文件至..
> –remove [路径] 删除病毒文件
> –quiet 只输出错误消息
> –infected/-i 只输出感染文件
> –suppress-ok-results/-o 跳过扫描OK的文件
> –bell 扫描到病毒文件发出警 声音
> –unzip(unrar) 解压压缩文件扫描
>“`
###第七步:计划任务
实际生产环境应用
一般使用计划任务,让服务器每天晚上定时跟新和定时杀毒。保存杀毒日志,我的crontab文件如下
16 4 * * * /usr/local/clamav/bin/freshclam
16 5 * * * /usr/local/clamav/bin/clamscan –infected -r / –remove -l /var/log/clamscan.log
>返回值
>0 : 无病毒
>1 : 发现病毒
>40: 已经通过的未知选项
>50: 数据库初始化错误
>52: 不支持的文件格式
>53: 无法打开目录
>54: 不能打开文件(ofm)
>55: 读文件错误(ofm)
>56: Can’t stat input file / directory.
>57: Can’t get absolute path name of current working directory.
>58: I/O 错误, 请检查文件系统
>59: 无法在/etc/passwd获得当前用户的信息
>60: 无法在/etc/passwd获得’clamav'(默认名)用户的信息
>61: Can’t fork.
>63: 不能创建临时文件/目录(检查权限).
>64: 无法对临时目录进行写操作 (请指定另一个目录).
>70: 无法分配或释放内存 (calloc).
>71: 无法分配内存 (malloc).
“`shell
NOTE:
Problem:
“Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.”
Resolve:
from freshclam.conf file find the line
#DatabaseMirror db.XY.clamav.net and uncomment it out to
DatabaseMirror db.us.clamav.net
#or DatabaseMirror db.ac.clamav.net
文章知识点与官方知识档案匹配,可进一步学习相关知识CS入门技能树Linux入门在线安装软件25351 人正在系统学习中 相关资源:褀祥电子,捷灵通ST-628写频软件-其它代码类资源-CSDN文库
声明:本站部分文章及图片源自用户投稿,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!