ClamAV 杀毒软件

ClamAV 是Linux平台最受欢迎的杀毒软件，它属于免费开源产品，支持多种平台，比如 Linux/Unix、MAC OS X、Windows、OpenVMS等。

不同系统下的安装

注意如下几个命令的区别：

clamd 是ClamAv的守护进程，通过clamd可以控制ClamAv执行各种操作
freshclam 为ClamAv自带的病毒库下载更新工具
clamscan 是 ClamAv 通用的命令，不依赖服务，执行速度稍慢，命令参数较多，比如支持 -r 递归
clamscan 是搭配clamd常驻服务的扫毒工具，执行效率较高，但是可用的参数较少，比如不支持 -r 递归

centos 通过 yum 在线安装

通过 yum 安装 ClamAV，默认版本 0.103.11

#.安装epel
yum install -y epel-release
yum clean all && yum makecache

#.安装clamav
yum install -y -q clamav clamav-update
systemctl start clamav-freshclam.service

#.确认clamav版本
clamdscan --version

#.测试clamdscan
clamdscan -i /root/

执行 freshclam 在线更新病毒数据库

#.查看当前的病毒库版本
freshclam --version

#.在线升级病毒库
freshclam

centos 通过 make 编译安装

安装 ClamAV 0.101.1

#.创建用户和目录（执行freshclam必须switch to clamav user）
cat /etc/group | grep clamav || groupadd clamav
cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
mkdir -p /usr/local/clamav/{logs,update}
chown -R clamav:clamav /usr/local/clamav

#.安装依赖
yum install -y -q gcc gcc-c++ openssl-devel libcurl-devel e2fsprogs-devel

#.编译安装（由于 clamav-1.4.1.tar.gz 解压后无 configure 而暂时搁置）
cd /opt/
wget -c http://iso.sqlfans.cn/linux/clamav-0.101.1.tar.gz
tar -zxvf clamav-0.101.1.tar.gz > /dev/null
cd clamav-0.101.1
./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
[ (nproc)
[ $? -eq 0 ] && make install

#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
mkdir -p /usr/local/clamav/{logs,update}
cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.conf
sed -i -e 's/Example/#Example/' /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"

#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf
sed -i -e 's/Example/#Example/' /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"

#.启动clamav
chown -R clamav:clamav /usr/local/clamav
systemctl start clamav-freshclam.service

#.创建软链
ln -s /usr/local/clamav/bin/clamscan /usr/sbin/clamscan
ln -s /usr/local/clamav/bin/clamdscan /usr/sbin/clamdscan
ln -s /usr/local/clamav/bin/freshclam /usr/sbin/freshclam
ln -s /usr/local/clamav/sbin/clamd /usr/sbin/clamd

#.确认clamav版本
clamdscan --version

#.测试clamdscan
clamdscan -i /root/

执行 freshclam 在线更新病毒数据库

#.查看当前的病毒库版本
freshclam --version

#.先停掉服务，再升级病毒库
systemctl stop clamav-freshclam.service
freshclam

centos 通过 rpm 离线安装

安装 ClamAV 1.4.1

#.创建用户和目录（执行freshclam必须switch to clamav user）
cat /etc/group | grep clamav || groupadd clamav
cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
mkdir -p /usr/local/clamav/{logs,update}
chown -R clamav:clamav /usr/local/clamav

#.下载安装
cd /opt/
wget -c http://iso.sqlfans.cn/linux/clamav-1.4.1.linux.x86_64.rpm
rpm -ivh --prefix=/usr/local/clamav clamav-1.4.1.linux.x86_64.rpm

#.设置环境变量
echo PATH=/usr/local/clamav/bin:/usr/local/clamav/sbin:$PATH > /etc/profile.d/path.sh
source /etc/profile.d/path.sh

#.确认ClamAV版本
clamdscan --version

配置 ClamAV

#.若执行 clamdscan 提示缺少库文件,就要更新ldconfig
find / -name libclamav.so.12
echo "/usr/local/clamav/lib64/" > /etc/ld.so.conf.d/clamav.conf
ldconfig

#.若执行 clamdscan 提示 /lib64/libc.so.6: version `GLIBC_2.28' not found 则要安装 glibc-2.28
#.可参考 https://wiki.sqlfans.cn/infosec/upgrade-app-glibc228.html

#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/etc/clamd.conf
sed -i -e 's/Example/#Example/' /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"

#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
sed -i -e 's/Example/#Example/' /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"

#.修改目录权限
chown -R clamav:clamav /usr/local/clamav

#.查看ClamAV版本
clamdscan --version

#.测试clamdscan
clamdscan -i /root/

执行 freshclam 在线更新病毒数据库

#.查看当前的病毒库版本
freshclam --version

#.在线升级病毒库
freshclam

ubuntu 通过 deb 离线安装

安装 ClamAV 1.4.1

#.创建用户和目录（执行freshclam必须switch to clamav user）
cat /etc/group | grep clamav || groupadd clamav
cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
mkdir -p /usr/local/clamav/{logs,update}
chown -R clamav:clamav /usr/local/clamav

#.下载安装

apt install -y clamav clamav-daemon
cd /opt/
wget -c http://iso.sqlfans.cn/ubuntu/deb/clamav-1.4.1.linux.x86_64.deb
dpkg -i clamav-1.4.1.linux.x86_64.deb

#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
sed -i -e 's/Example/#Example/' /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"

#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
sed -i -e 's/Example/#Example/' /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"

#.查看ClamAV版本
clamdscan --version

#.测试clamdscan
clamdscan -i /root/

执行 freshclam 在线更新病毒数据库

#.查看当前的病毒库版本
freshclam --version

#.在线升级病毒库
freshclam

更新病毒库

在线更新

freshclam 为ClamAv自带的病毒库下载更新工具，执行 freshclam 可以在线更新病毒数据库
```
#.查看当前的病毒库版本
freshclam --version
#.在线升级病毒库
freshclam
```

离线更新

下载3个最新的病毒库文件：main.cvd、daily.cvd、bytecode.cvd 并放到指定的目录下，然后重新加载病毒库

#.确认 freshclam.conf 所配置的 DatabaseDirectory 目录
find / -name freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory"
cat /usr/local/clamav/etc/freshclam.conf | grep "DatabaseDirectory"

#.将3个最新的病毒库文件，放到 DatabaseDirectory 目录下
cd /usr/local/clamav/update
wget -c http://oss.sqlfans.cn/infosec/clamav/main.cvd
wget -c http://oss.sqlfans.cn/infosec/clamav/daily.cvd
wget -c http://oss.sqlfans.cn/infosec/clamav/bytecode.cvd

#.利用 sigtool 查看病毒库的更新时间
sigtool -i /usr/local/clamav/update/daily.cvd

#.重新加载病毒库
clamdscan --reload

#.查看当前的病毒库版本
freshclam --version

附录

如何彻底卸载clamav

Centos 系统卸载 clamav

systemctl stop clamav-freshclam.service 2> /dev/null
rpm -e clamav 2> /dev/null
userdel -r clamav 2> /dev/null
rm -f /usr/local/etc/clamd.conf
rm -f /usr/local/etc/freshclam.conf
rm -rf /usr/local/clamav
rm -rf /opt/clamav*

Ubuntu 系统卸载 clamav

systemctl stop clamav-freshclam.service 2> /dev/null
dpkg -r clamav 2> /dev/null
userdel -r clamav 2> /dev/null
rm -f /usr/local/etc/clamd.conf
rm -f /usr/local/etc/freshclam.conf
rm -rf /usr/local/clamav
rm -rf /opt/clamav*

clamscan 的基本使用

常用的扫描命令

#.全盘扫描会拖慢系统的速度
clamscan -r /

#.扫描目录，比如 /home
clamscan -r /home

#.扫描目录，-i 只输出被感染的文件, --bell 扫描到病毒文件发出警报声音
clamscan -r -i --bell /home

#.扫描目录，--remove 扫描到病毒后立即删除(慎用)
clamscan -r /home --remove

#.扫描目录，--move 扫描到病毒后立即移动到/tmp目录
clamscan -r /home --move=/tmp

#.扫描目录，-l 生成扫描日志文件
clamscan -r /home -l /var/log/clamscan.log

配置定时任务

#.设置cron任务：每天 01:02 更新病毒库，每天 02:03 执行杀毒并保存日志
crontab -l | grep freshclam || echo "2 1 * * *  freshclam --quiet" >> /var/spool/cron/whoami
crontab -l | grep clamscan  || echo "3 2 * * *  clamscan -r /home --remove -l /var/log/clamscan.log" >> /var/spool/cron/whoami

ClamAV开源杀毒软件

ClamAV 杀毒软件

不同系统下的安装

centos 通过 yum 在线安装

centos 通过 make 编译安装

centos 通过 rpm 离线安装

ubuntu 通过 deb 离线安装

更新病毒库

在线更新

离线更新

附录

如何彻底卸载clamav

clamscan 的基本使用

results matching ""

No results matching ""