ClamAV 杀毒软件

ClamAV 是Linux平台最受欢迎的杀毒软件,它属于免费开源产品,支持多种平台,比如 Linux/Unix、MAC OS X、Windows、OpenVMS等。

不同系统下的安装

注意如下几个命令的区别:

  • clamd 是ClamAv的守护进程,通过clamd可以控制ClamAv执行各种操作
  • freshclam 为ClamAv自带的病毒库下载更新工具
  • clamscan 是 ClamAv 通用的命令,不依赖服务,执行速度稍慢,命令参数较多,比如支持 -r 递归
  • clamscan 是搭配clamd常驻服务的扫毒工具,执行效率较高,但是可用的参数较少,比如不支持 -r 递归

centos 通过 yum 在线安装

  • 通过 yum 安装 ClamAV,默认版本 0.103.11

    #.安装epel
    yum install -y epel-release
    yum clean all && yum makecache
    
    #.安装clamav
    yum install -y -q clamav clamav-update
    systemctl start clamav-freshclam.service
    
    #.确认clamav版本
    clamdscan --version
    
    #.测试clamdscan
    clamdscan -i /root/
    
  • 执行 freshclam 在线更新病毒数据库

    #.查看当前的病毒库版本
    freshclam --version
    
    #.在线升级病毒库
    freshclam
    

centos 通过 make 编译安装

  • 安装 ClamAV 0.101.1

    #.创建用户和目录(执行freshclam必须switch to clamav user)
    cat /etc/group | grep clamav || groupadd clamav
    cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
    mkdir -p /usr/local/clamav/{logs,update}
    chown -R clamav:clamav /usr/local/clamav
    
    #.安装依赖
    yum install -y -q gcc gcc-c++ openssl-devel libcurl-devel e2fsprogs-devel
    
    #.编译安装(由于 clamav-1.4.1.tar.gz 解压后无 configure 而暂时搁置)
    cd /opt/
    wget -c http://iso.sqlfans.cn/linux/clamav-0.101.1.tar.gz
    tar -zxvf clamav-0.101.1.tar.gz > /dev/null
    cd clamav-0.101.1
    ./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
    [ (nproc)
    [ $? -eq 0 ] && make install
    
    #.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
    mkdir -p /usr/local/clamav/{logs,update}
    cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.conf
    sed -i -e 's/Example/#Example/' /usr/local/clamav/etc/clamd.conf
    cat /usr/local/clamav/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/clamav/etc/clamd.conf
    cat /usr/local/clamav/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/clamav/etc/clamd.conf
    cat /usr/local/clamav/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/clamd.conf
    cat /usr/local/clamav/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"
    
    #.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
    cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf
    sed -i -e 's/Example/#Example/' /usr/local/clamav/etc/freshclam.conf
    cat /usr/local/clamav/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/clamav/etc/freshclam.conf
    cat /usr/local/clamav/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/clamav/etc/freshclam.conf
    cat /usr/local/clamav/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/freshclam.conf
    cat /usr/local/clamav/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"
    
    #.启动clamav
    chown -R clamav:clamav /usr/local/clamav
    systemctl start clamav-freshclam.service
    
    #.创建软链
    ln -s /usr/local/clamav/bin/clamscan /usr/sbin/clamscan
    ln -s /usr/local/clamav/bin/clamdscan /usr/sbin/clamdscan
    ln -s /usr/local/clamav/bin/freshclam /usr/sbin/freshclam
    ln -s /usr/local/clamav/sbin/clamd /usr/sbin/clamd
    
    #.确认clamav版本
    clamdscan --version
    
    #.测试clamdscan
    clamdscan -i /root/
    
  • 执行 freshclam 在线更新病毒数据库

    #.查看当前的病毒库版本
    freshclam --version
    
    #.先停掉服务,再升级病毒库
    systemctl stop clamav-freshclam.service
    freshclam
    

centos 通过 rpm 离线安装

  • 安装 ClamAV 1.4.1

    #.创建用户和目录(执行freshclam必须switch to clamav user)
    cat /etc/group | grep clamav || groupadd clamav
    cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
    mkdir -p /usr/local/clamav/{logs,update}
    chown -R clamav:clamav /usr/local/clamav
    
    #.下载安装
    cd /opt/
    wget -c http://iso.sqlfans.cn/linux/clamav-1.4.1.linux.x86_64.rpm
    rpm -ivh --prefix=/usr/local/clamav clamav-1.4.1.linux.x86_64.rpm
    
    #.设置环境变量
    echo PATH=/usr/local/clamav/bin:/usr/local/clamav/sbin:$PATH > /etc/profile.d/path.sh
    source /etc/profile.d/path.sh
    
    #.确认ClamAV版本
    clamdscan --version
    
  • 配置 ClamAV

    #.若执行 clamdscan 提示缺少库文件,就要更新ldconfig
    find / -name libclamav.so.12
    echo "/usr/local/clamav/lib64/" > /etc/ld.so.conf.d/clamav.conf
    ldconfig
    
    #.若执行 clamdscan 提示 /lib64/libc.so.6: version `GLIBC_2.28' not found 则要安装 glibc-2.28
    #.可参考 https://wiki.sqlfans.cn/infosec/upgrade-app-glibc228.html
    
    #.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
    cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/etc/clamd.conf
    sed -i -e 's/Example/#Example/' /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"
    
    #.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
    cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
    sed -i -e 's/Example/#Example/' /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"
    
    #.修改目录权限
    chown -R clamav:clamav /usr/local/clamav
    
    #.查看ClamAV版本
    clamdscan --version
    
    #.测试clamdscan
    clamdscan -i /root/
    
  • 执行 freshclam 在线更新病毒数据库

    #.查看当前的病毒库版本
    freshclam --version
    
    #.在线升级病毒库
    freshclam
    

ubuntu 通过 deb 离线安装

  • 安装 ClamAV 1.4.1

    #.创建用户和目录(执行freshclam必须switch to clamav user)
    cat /etc/group | grep clamav || groupadd clamav
    cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
    mkdir -p /usr/local/clamav/{logs,update}
    chown -R clamav:clamav /usr/local/clamav
    
    #.下载安装
    
    apt install -y clamav clamav-daemon
    cd /opt/
    wget -c http://iso.sqlfans.cn/ubuntu/deb/clamav-1.4.1.linux.x86_64.deb
    dpkg -i clamav-1.4.1.linux.x86_64.deb
    
    #.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
    cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
    sed -i -e 's/Example/#Example/' /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf
    cat /usr/local/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"
    
    #.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
    cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
    sed -i -e 's/Example/#Example/' /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf
    cat /usr/local/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"
    
    #.查看ClamAV版本
    clamdscan --version
    
    #.测试clamdscan
    clamdscan -i /root/
    
  • 执行 freshclam 在线更新病毒数据库

    #.查看当前的病毒库版本
    freshclam --version
    
    #.在线升级病毒库
    freshclam
    

更新病毒库

在线更新

  • freshclam 为ClamAv自带的病毒库下载更新工具,执行 freshclam 可以在线更新病毒数据库

    #.查看当前的病毒库版本
    freshclam --version
    #.在线升级病毒库
    freshclam
    

离线更新

  • 下载3个最新的病毒库文件:main.cvddaily.cvdbytecode.cvd 并放到指定的目录下,然后重新加载病毒库

    #.确认 freshclam.conf 所配置的 DatabaseDirectory 目录
    find / -name freshclam.conf
    cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory"
    cat /usr/local/clamav/etc/freshclam.conf | grep "DatabaseDirectory"
    
    #.将3个最新的病毒库文件,放到 DatabaseDirectory 目录下
    cd /usr/local/clamav/update
    wget -c http://oss.sqlfans.cn/infosec/clamav/main.cvd
    wget -c http://oss.sqlfans.cn/infosec/clamav/daily.cvd
    wget -c http://oss.sqlfans.cn/infosec/clamav/bytecode.cvd
    
    #.利用 sigtool 查看病毒库的更新时间
    sigtool -i /usr/local/clamav/update/daily.cvd
    
    #.重新加载病毒库
    clamdscan --reload
    
    #.查看当前的病毒库版本
    freshclam --version
    

附录

如何彻底卸载clamav

  • Centos 系统卸载 clamav

    systemctl stop clamav-freshclam.service 2> /dev/null
    rpm -e clamav 2> /dev/null
    userdel -r clamav 2> /dev/null
    rm -f /usr/local/etc/clamd.conf
    rm -f /usr/local/etc/freshclam.conf
    rm -rf /usr/local/clamav
    rm -rf /opt/clamav*
    
  • Ubuntu 系统卸载 clamav

    systemctl stop clamav-freshclam.service 2> /dev/null
    dpkg -r clamav 2> /dev/null
    userdel -r clamav 2> /dev/null
    rm -f /usr/local/etc/clamd.conf
    rm -f /usr/local/etc/freshclam.conf
    rm -rf /usr/local/clamav
    rm -rf /opt/clamav*
    

clamscan 的基本使用

  • 常用的扫描命令

    #.全盘扫描会拖慢系统的速度
    clamscan -r /
    
    #.扫描目录,比如 /home
    clamscan -r /home
    
    #.扫描目录,-i 只输出被感染的文件, --bell 扫描到病毒文件发出警报声音
    clamscan -r -i --bell /home
    
    #.扫描目录,--remove 扫描到病毒后立即删除(慎用)
    clamscan -r /home --remove
    
    #.扫描目录,--move 扫描到病毒后立即移动到/tmp目录
    clamscan -r /home --move=/tmp
    
    #.扫描目录,-l 生成扫描日志文件
    clamscan -r /home -l /var/log/clamscan.log
    
  • 配置定时任务

    #.设置cron任务:每天 01:02 更新病毒库,每天 02:03 执行杀毒并保存日志
    crontab -l | grep freshclam || echo "2 1 * * *  freshclam --quiet" >> /var/spool/cron/whoami
    crontab -l | grep clamscan  || echo "3 2 * * *  clamscan -r /home --remove -l /var/log/clamscan.log" >> /var/spool/cron/whoami
    
Copyright © https://yan-jian.com 2023 all right reserved更新时间: 2025-08-04 11:07:55

results matching ""

    No results matching ""