ClamAV 杀毒软件
ClamAV 是Linux平台最受欢迎的杀毒软件,它属于免费开源产品,支持多种平台,比如 Linux/Unix、MAC OS X、Windows、OpenVMS等。
不同系统下的安装
注意如下几个命令的区别:
- clamd 是ClamAv的守护进程,通过clamd可以控制ClamAv执行各种操作
- freshclam 为ClamAv自带的病毒库下载更新工具
- clamscan 是 ClamAv 通用的命令,不依赖服务,执行速度稍慢,命令参数较多,比如支持 -r 递归
- clamscan 是搭配clamd常驻服务的扫毒工具,执行效率较高,但是可用的参数较少,比如不支持 -r 递归
centos 通过 yum 在线安装
通过 yum 安装 ClamAV,默认版本 0.103.11
#.安装epel yum install -y epel-release yum clean all && yum makecache
#.安装clamav yum install -y -q clamav clamav-update systemctl start clamav-freshclam.service
#.确认clamav版本 clamdscan --version
#.测试clamdscan clamdscan -i /root/
执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本 freshclam --version
#.在线升级病毒库 freshclam
centos 通过 make 编译安装
安装 ClamAV 0.101.1
#.创建用户和目录(执行freshclam必须switch to clamav user) cat /etc/group | grep clamav || groupadd clamav cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin mkdir -p /usr/local/clamav/{logs,update} chown -R clamav:clamav /usr/local/clamav
#.安装依赖 yum install -y -q gcc gcc-c++ openssl-devel libcurl-devel e2fsprogs-devel
#.编译安装(由于 clamav-1.4.1.tar.gz 解压后无 configure 而暂时搁置) cd /opt/ wget -c http://iso.sqlfans.cn/linux/clamav-0.101.1.tar.gz tar -zxvf clamav-0.101.1.tar.gz > /dev/null cd clamav-0.101.1 ./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre [ (nproc) [ $? -eq 0 ] && make install
#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf mkdir -p /usr/local/clamav/{logs,update} cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.conf sed -i -e 's/Example/#Example/' /usr/local/clamav/etc/clamd.conf cat /usr/local/clamav/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/clamav/etc/clamd.conf cat /usr/local/clamav/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/clamav/etc/clamd.conf cat /usr/local/clamav/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/clamd.conf cat /usr/local/clamav/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"
#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf sed -i -e 's/Example/#Example/' /usr/local/clamav/etc/freshclam.conf cat /usr/local/clamav/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/clamav/etc/freshclam.conf cat /usr/local/clamav/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/clamav/etc/freshclam.conf cat /usr/local/clamav/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/freshclam.conf cat /usr/local/clamav/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"
#.启动clamav chown -R clamav:clamav /usr/local/clamav systemctl start clamav-freshclam.service
#.创建软链 ln -s /usr/local/clamav/bin/clamscan /usr/sbin/clamscan ln -s /usr/local/clamav/bin/clamdscan /usr/sbin/clamdscan ln -s /usr/local/clamav/bin/freshclam /usr/sbin/freshclam ln -s /usr/local/clamav/sbin/clamd /usr/sbin/clamd
#.确认clamav版本 clamdscan --version
#.测试clamdscan clamdscan -i /root/
执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本 freshclam --version
#.先停掉服务,再升级病毒库 systemctl stop clamav-freshclam.service freshclam
centos 通过 rpm 离线安装
安装 ClamAV 1.4.1
#.创建用户和目录(执行freshclam必须switch to clamav user) cat /etc/group | grep clamav || groupadd clamav cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin mkdir -p /usr/local/clamav/{logs,update} chown -R clamav:clamav /usr/local/clamav
#.下载安装 cd /opt/ wget -c http://iso.sqlfans.cn/linux/clamav-1.4.1.linux.x86_64.rpm rpm -ivh --prefix=/usr/local/clamav clamav-1.4.1.linux.x86_64.rpm
#.设置环境变量 echo PATH=/usr/local/clamav/bin:/usr/local/clamav/sbin:$PATH > /etc/profile.d/path.sh source /etc/profile.d/path.sh
#.确认ClamAV版本 clamdscan --version
配置 ClamAV
#.若执行 clamdscan 提示缺少库文件,就要更新ldconfig find / -name libclamav.so.12 echo "/usr/local/clamav/lib64/" > /etc/ld.so.conf.d/clamav.conf ldconfig
#.若执行 clamdscan 提示 /lib64/libc.so.6: version `GLIBC_2.28' not found 则要安装 glibc-2.28 #.可参考 https://wiki.sqlfans.cn/infosec/upgrade-app-glibc228.html
#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/etc/clamd.conf sed -i -e 's/Example/#Example/' /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"
#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf sed -i -e 's/Example/#Example/' /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"
#.修改目录权限 chown -R clamav:clamav /usr/local/clamav
#.查看ClamAV版本 clamdscan --version
#.测试clamdscan clamdscan -i /root/
执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本 freshclam --version
#.在线升级病毒库 freshclam
ubuntu 通过 deb 离线安装
安装 ClamAV 1.4.1
#.创建用户和目录(执行freshclam必须switch to clamav user) cat /etc/group | grep clamav || groupadd clamav cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin mkdir -p /usr/local/clamav/{logs,update} chown -R clamav:clamav /usr/local/clamav #.下载安装 apt install -y clamav clamav-daemon cd /opt/ wget -c http://iso.sqlfans.cn/ubuntu/deb/clamav-1.4.1.linux.x86_64.deb dpkg -i clamav-1.4.1.linux.x86_64.deb
#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf sed -i -e 's/Example/#Example/' /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | grep "LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf cat /usr/local/etc/clamd.conf | egrep "(#Example|LogFile|PidFile|^DatabaseDirectory)"
#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf sed -i -e 's/Example/#Example/' /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | grep "UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | grep "PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf cat /usr/local/etc/freshclam.conf | egrep "(#Example|UpdateLogFile|PidFile|^DatabaseDirectory)"
#.查看ClamAV版本 clamdscan --version
#.测试clamdscan clamdscan -i /root/
执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本 freshclam --version
#.在线升级病毒库 freshclam
更新病毒库
在线更新
freshclam 为ClamAv自带的病毒库下载更新工具,执行 freshclam 可以在线更新病毒数据库
#.查看当前的病毒库版本 freshclam --version #.在线升级病毒库 freshclam
离线更新
下载3个最新的病毒库文件:main.cvd、daily.cvd、bytecode.cvd 并放到指定的目录下,然后重新加载病毒库
#.确认 freshclam.conf 所配置的 DatabaseDirectory 目录 find / -name freshclam.conf cat /usr/local/etc/freshclam.conf | grep "DatabaseDirectory" cat /usr/local/clamav/etc/freshclam.conf | grep "DatabaseDirectory"
#.将3个最新的病毒库文件,放到 DatabaseDirectory 目录下 cd /usr/local/clamav/update wget -c http://oss.sqlfans.cn/infosec/clamav/main.cvd wget -c http://oss.sqlfans.cn/infosec/clamav/daily.cvd wget -c http://oss.sqlfans.cn/infosec/clamav/bytecode.cvd
#.利用 sigtool 查看病毒库的更新时间 sigtool -i /usr/local/clamav/update/daily.cvd
#.重新加载病毒库 clamdscan --reload
#.查看当前的病毒库版本 freshclam --version
附录
如何彻底卸载clamav
Centos 系统卸载 clamav
systemctl stop clamav-freshclam.service 2> /dev/null rpm -e clamav 2> /dev/null userdel -r clamav 2> /dev/null rm -f /usr/local/etc/clamd.conf rm -f /usr/local/etc/freshclam.conf rm -rf /usr/local/clamav rm -rf /opt/clamav*
Ubuntu 系统卸载 clamav
systemctl stop clamav-freshclam.service 2> /dev/null dpkg -r clamav 2> /dev/null userdel -r clamav 2> /dev/null rm -f /usr/local/etc/clamd.conf rm -f /usr/local/etc/freshclam.conf rm -rf /usr/local/clamav rm -rf /opt/clamav*
clamscan 的基本使用
常用的扫描命令
#.全盘扫描会拖慢系统的速度 clamscan -r /
#.扫描目录,比如 /home clamscan -r /home
#.扫描目录,-i 只输出被感染的文件, --bell 扫描到病毒文件发出警报声音 clamscan -r -i --bell /home
#.扫描目录,--remove 扫描到病毒后立即删除(慎用) clamscan -r /home --remove
#.扫描目录,--move 扫描到病毒后立即移动到/tmp目录 clamscan -r /home --move=/tmp
#.扫描目录,-l 生成扫描日志文件 clamscan -r /home -l /var/log/clamscan.log
配置定时任务
#.设置cron任务:每天 01:02 更新病毒库,每天 02:03 执行杀毒并保存日志 crontab -l | grep freshclam || echo "2 1 * * * freshclam --quiet" >> /var/spool/cron/whoami crontab -l | grep clamscan || echo "3 2 * * * clamscan -r /home --remove -l /var/log/clamscan.log" >> /var/spool/cron/whoami