ClamAV 介绍
- ClamAV:是 Linux 操作系统上最流行的防病毒软件、GPL
协议免费发布、用于检测木马,病毒,恶意软件和其他恶意威胁的一个开源杀毒引擎。
官网地址:https://www.clamav.net
源码包下载地址:https://www.clamav.net/downloads
官网文档手册地址:https://www.clamav.net/documents/clam-antivirus-0-101-0-user-manual
官网介绍地址:https://www.clamav.net/documents/introduction
一、yum安装(只提供参考,未实际测试)
- 安装后会自动生成服务文件,启动服务后,可使用clamdsacn命令,扫描速度快;
- 启动服务后,会实时监控扫描连接,虽然安全性高了,不过可能会对服务器性能有影响;
yum install clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd pcre* gcc zlib zlib-devel libssl-devel libssl openssl
二、编译安装(已成功测试)
-
需要手动编译安装,安装虽然不需要连网,但更新病毒库还是需要联网;
-
安装后不用启动服务,不能使用clamdsacn命令,可使用clamscan命令,扫描速度相对较慢;
#官网地址:
http://www.clamav.net/downloads
#Linux中下载地址:
wget http://www.clamav.net/downloads/production/clamav-0.100.0.tar.gz
#参考文档:
https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf
测试系统环境:Centos6.4 Centos7.4
ClamAV版本:clamav-0.102.1
安装包、病毒库存放目录: /tmp/ClamAV/
脚 本 如 下 : color{green}{脚本如下:} 脚本如下:
set -x
#安装依赖
yum -y install gcc openssl openssl-devel
yum -y install libcurl-devel
yum -y install gcc gcc-c++
yum -y install json-c
yum -y install valgrind check-devel
#安装依赖
yum -y install bzip2 bzip2-devel libbz2 libbz2-devel
#clamav用户和用户组
groupadd clamav && useradd -g clamav clamav && id clamav
#日志存放目录
mkdir -p /usr/local/clamav/logs
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log
#病毒存放目录
mkdir -p /usr/local/clamav/update
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/update/
#cd to target Dir
mkdir -p /tmp/ClamAV;cd /tmp/ClamAV
tar -xvf clamav-0.102.1.tar.gz
#编译安装
cd /tmp/ClamAV/clamav-0.102.1
./configure --prefix=/usr/local/clamav --disable-clamonacc --with-pcre --enable-check
make -j4 && make install
n=$? && echo $?
if [ $n -eq 0 ];then
#配置clamav
cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
sed -i 's/Example/#Example/' clamd.conf
cat <<EOF >>/usr/local/clamav/etc/clamd.conf
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/update/clamd.pid
DatabaseDirectory /usr/local/clamav/update
TCPSocket 3310
EOF
#配置freshclam更新文件
sed -i 's/Example/#Example/' freshclam.conf
cat <<EOF >>/usr/local/clamav/etc/freshclam.conf
PrivateMirror http://10.100.102.35:8080/ #可以自己建立病毒服务器,使用Nginx将病毒目录配置为http文件共享服务,client便可向服务器更新病毒库
DatabaseDirectory /usr/local/clamav/update
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/update/freshclam.pid
EOF
#启动更新服务
#systemctl enable clamav-freshclam.service
chown -R clamav.clamav /usr/local/clamav/
systemctl start clamav-freshclam.service
systemctl status clamav-freshclam.service
#更新病毒库 方法一(向服务器同步)
#systemctl stop clamav-freshclam.service
#/usr/local/clamav/bin/freshclam
#更新病毒库 方法二(手动复制进行同步)
#cd /usr/local/clamav/update
#wget http://database.clamav.net/main.cvd
#wget http://database.clamav.net/daily.cvd
#wget http://database.clamav.net/bytecode.cvd
cp /tmp/ClamAV/daily.cvd /usr/local/clamav/update/
cp /tmp/ClamAV/main.cvd /usr/local/clamav/update/
cp /tmp/ClamAV/bytecode.cvd /usr/local/clamav/update/
#更新完成启动
#systemctl start clamav-freshclam.service
#systemctl status clamav-freshclam.service
#创建软链接
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
ln -s /usr/local/clamav/update /usr/local/clamav/share/clamav
echo "ClamAV Install is successed"
else
echo "Makeinstall have issue please check install log"
echo ""
fi
三、ClamAV特点、安装、扫描结果介绍
- ClamAV 的特点
- configure编译结果介绍
执行完./configure后,将输出摘要的结果,验证实际安装的软件包是否已被检测到;
- 输出后的结果具体如下:
- 安装完成后扫描结果具体如下:
----------- SCAN SUMMARY -----------
Known viruses: 6131551
Engine version: 0.101.2
Scanned directories: 1
Scanned files: 18
Infected files: 0
Data scanned: 21.02 MB
Data read: 20.78 MB (ratio 1.01:1)
Time: 74.598 sec (1 m 14 s)
四、ClamAV 常用命令
clamdscan:
一般用yum安装才能使用,需要启动clamd服务,执行速度快;
用clamdscan扫描,需要开始服务才能使用。速度快,不用带-r,默认会递归扫描子目录;
clamdscan /usr
clamscan:
通用,不依赖服务,命令参数较多,执行速度稍慢;
用clamscan扫描,不需要开始服务就能使用;
-r 递归扫描子目录
-i 只显示发现的病毒文件
--no-summary 不显示统计信息
扫描参数:
-r/--recursive[=yes/no] 所有文件
--log=FILE/-l FILE 增加扫描报告
--move [路径] 移动病毒文件至..
--remove [路径] 删除病毒文件
--quiet 只输出错误消息
--infected/-i 只输出感染文件
--suppress-ok-results/-o 跳过扫描OK的文件
--bell 扫描到病毒文件发出警报声音
--unzip(unrar) 解压压缩文件扫描
定时杀毒
#让服务器每天晚上定时更新和杀毒,保存杀毒日志,crontab文件如下:
1 3 * * * /usr/local/clamav/bin/freshclam --quiet
20 3 * * * /usr/local/clamav/bin/clamscan -r /home --remove -l /var/log/clamscan.log
删除ClamAV杀毒软件
#killall clamd
#/bin/rm -Rfv /usr/bin/clam*
#/bin/rm -Rfv /usr/sbin/clam*
#/bin/rm -Rfv /usr/lib/libclam*
#/bin/rm -Rfv /usr/share/clam*
#/bin/rm -Rfv /usr/include/clam*
#/bin/rm -Rfv /usr/bin/freshclam*
#/bin/rm -Rfv /usr/etc/clamav*
#/bin/rm -Rfv /var/clamd
#/bin/rm -Rfv /usr/local/bin/clam*
#/bin/rm -Rfv /usr/local/sbin/clam*
#/bin/rm -Rfv /usr/local/lib/libclam*
#/bin/rm -Rfv /usr/local/share/clam*
#/bin/rm -Rfv /usr/local/include/clam*
#/bin/rm -Rfv /usr/local/bin/freshclam*
#/bin/rm -Rfv /usr/local/etc/clamav*
#/bin/rm -fv /etc/init.d/clamd
#/bin/rm -fv /etc/cron.daily/freshclam
#/bin/rm -fv /etc/cron.hourly/freshclam
#/bin/rm -fv /etc/cron.d/freshclam
官方网站:https://www.clamav.net/download.html
安装参考链接:https://www.cnblogs.com/ghl1024/p/9018212.html
安装参考链接:https://zhuanlan.zhihu.com/p/68137779
Nginx实现HTTP文件共享(ClamAV病毒库)服务器参考链接:https://blog.csdn.net/datadev_sh/article/details/83819791