centos下安装与配置
官网上写的是比较清楚的了. clamav安装
sudo yum -y groupinstall "Development Tools"
sudo yum -y install openssl openssl-devel libcurl-devel zlib-devel libpng-devel libxml2-devel json-c-devel bzip2-devel pcre2-devel ncurses-devel sendmail sendmail-devel valgrind check
# 如果连接无效, 在该页面重新获取. https://www.clamav.net/downloads
wget https://www.clamav.net/downloads/production/clamav-0.101.4.tar.gz
tar xzf clamav-0.101.4.tar.gz
mkdir /usr/local/share/clamav
cd clamav-0*
#./configure --enable-check
./configure
make -j2
make check
make install
# 允许clam扫描
setsebool -P antivirus_can_scan_system 1
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
sudo chown -R clamav:clamav /usr/local/share/clamav
最小配置: 复制配置文件, 并去除文件里 #Example
的注释, 进行使用
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
# 运行更新病毒库
freshclam
部分操作:
##扫描文件
clamscan targetfile
##递归扫描home目录,并且记录日志
clamscan -r -i /home -l /var/log/clamscan.log
##递归扫描home目录,将病毒文件删除,并且记录日志
clamscan -r -i /home --remove -l /var/log/clamscan.log
##建议##扫描指定目录,然后将感染文件移动到指定目录,并记录日志
clamscan -r -i /home --move=/opt/infected -l /var/log/clamscan.log
定时扫描与邮件提醒
新建bash文件, 如 clam_scan_period.sh
, 并给运行权限.
#!/bin/bash
receiver="xxxxxxx@qq.com"
logFile="/var/log/clamscan-$(date +'%Y-%m-%d').log"
mailSubject="Infected file Found"
# 扫描前更新病毒库
freshclam
# 扫描 /root目录
clamscan -r -i /root -l ${logFile}
infectedCount=$(tail "$logFile"|grep Infected|cut -d " " -f3)
# 如果有感染文件,发送邮件通知
if [ ${infectedCount} -ge 0 ]; then
mailContent= "${infectedCount} files may be infected. Please check the log file attached and get more detail."
echo "${mailContent}" | mail -a "${logFile}" -s "${mailSubject}" "${receiver}"
fi
echo "Scan finish. ${infectedCount} files may be infected"
-
发邮件需要配置, 否则的话只会记录在
/var/spool/mail/root
发邮件配置可查看: centos发送邮件配置 -
测试执行是否正常
sh -x clam_scan_period.sh
, 需要有问题的文件测试可以扫描clamav安装解压包的test文件夹. -
设置每周一亮点定时扫描一次. linux定时任务
# vi /etc/crontab
0 2 * * 0 root command to be executed
参考: