Clamav杀毒安装配置手册

最新推荐文章于 2024-06-02 00:00:33 发布

CHSUM

最新推荐文章于 2024-06-02 00:00:33 发布

阅读量2k

点赞数

分类专栏：笔记文章标签： centos clamav 反病毒

本文链接：https://blog.csdn.net/intheafk/article/details/109860839

版权

笔记专栏收录该内容

14 篇文章 0 订阅

订阅专栏

Clamav杀毒安装配置手册

一、部署本地病毒库镜像源

官方参考文档

1. 安装配置代理服务器

1.1 安装

    $ sudo curl -o /path/nginx-1.16.1.tar.gz http://nginx.org/download/nginx-1.16.1.tar.gz
    $ sudo tar -zxf /path/nginx-1.16.1.tar.gz -C /path/nginx-1.16.1
    $ cd /path/nginx-1.16.1 
    $ sudo ./configure --prefix=/data/nginx --sbin-path=/data/nginx/sbin/nginx --conf-path=/data/nginx/conf/nginx.conf \
    --error-log-path=/data/nginx/logs/error.log --http-log-path=/data/nginx/logs/access.log --pid-path=/data/nginx/nginx.pid \
    --lock-path=/data/nginx/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module \
    --with-http_gzip_static_module --http-client-body-temp-path=/data/nginx/client/ --http-proxy-temp-path=/data/nginx/proxy/ \
    --http-fastcgi-temp-path=/data/nginx/fcgi/ --http-uwsgi-temp-path=/data/nginx/uwsgi --http-scgi-temp-path=/data/nginx/scgi \
    --with-pcre --with-threads --with-file-aio --with-http_realip_module --with-http_sub_module
    $ sudo make && sudo make install

1.2 配置

    server {
        listen   80;
        server_name  clamav.server_name.local;
    
        location / {
            root   html/clamdb;    #设定此目录为病毒库镜像目录
            index  index.html index.htm;
        }
    }

2. 下载病毒库

2.1 安装perl环境

    $ yum install perl perl-Net-DNS epel-release clamav*

2.2 部署下载脚本

    $ vi clamdownloader.pl
    #!/usr/bin/env perl
    #
    # File name: clamdownloader.pl
    # Author:    Frederic Vanden Poel
    #
    #############################################################################
    #
    use strict;
    use warnings;

    use Net::DNS;
    my $clamdb="/data/nginx/html/clamdb";    #修改此目录为代理服务家目录
    # mirror where files such as daily-12133.cdiff exist
    my $mirror="http://database.clamav.net";

    # get the TXT record for current.cvd.clamav.net
    my $txt = getTXT("current.cvd.clamav.net");

    exit unless $txt;

    chdir($clamdb) || die ("Can't chdir to $clamdb : $!\n");

    # dump the record in a file
    print "TXT from DNS: $txt\n";
    open D, ">dns.txt";
    print D "$txt";
    close D;

    # temp dir for wget updates
    mkdir("$clamdb/temp");

    # get what we need
    my ( $clamv, $mainv , $dailyv, $x, $y, $z, $safebrowsingv, $bytecodev ) = split /:/, $txt ;

    print "FIELDS main=$mainv daily=$dailyv bytecode=$bytecodev\n";

    updateFile('main',$mainv);
    updateFile('daily',$dailyv);
    updateFile('bytecode',$bytecodev);

    sub getTXT {
      use Net::DNS;
      my $domain = shift @_;
      my $rr;
      my $res = Net::DNS::Resolver->new;
      my $txt_query = $res->query($domain,"TXT");
      if ($txt_query) {
      return ($txt_query->answer)[0]->txtdata;
      } else {
        warn "Unable to get TXT Record : ", $res->errorstring, "\n";
        return 0;
      }
    }

    sub getLocalVersion {
      my $file=shift @_;
      my $cmd="sigtool -i $clamdb/$file.cvd";
      open P, "$cmd |" || die("Can't run $cmd : $!");
      while (<P>) {
        next unless /Version: (\d+)/;
        return $1;
      }
      return -1;
    }

    sub updateFile {
      my $file=shift @_;
      my $currentversion=shift @_;
      my $old=0;
      if  ( ! -e "$file.cvd" ) {
        warn "file $file.cvd does not exists, skipping\n";
      }
      if  ( ! -z "$file.cvd" ) {
        $old = getLocalVersion($file);
        if ( $old > 0 ) {
          print "$file old: $old current: $currentversion\n";
           # mirror all the diffs
           for (my $count = $old + 1 ; $count <= $currentversion; $count++) {
             print `wget -nH -nd -N -nv $mirror/$file-$count.cdiff 2>&1`;
          }
        } else {
           warn "file $file.cvd version unknown, skipping cdiffs\n";
        }
      } else {
        warn "file $file.cvd is zero, skipping cdiffs\n";
      }

    return if ( $currentversion == $old );

    # update the full file using a copy, then move back
    print `cp -v -a $file.cvd temp/$file.cvd 2>&1`;
    print `cd temp && wget -nH -nd -N -nv $mirror/$file.cvd 2>&1`;
    if  ( -e "temp/$file.cvd" && ! -z "temp/$file.cvd" ) {
      if ( (stat("temp/$file.cvd"))[9] > (stat("$file.cvd"))[9] ) {
        print "file temp/$file.cvd is newer than $file.cvd\n";
        print `mv -v temp/$file.cvd $file.cvd 2>&1`;
      } else {
        print "file temp/$file.cvd not touched by wget\n";
        print `rm -v temp/$file.cvd`;
      }
    } else {
      warn "temp/$file.cvd is not valid, not copying back !\n";
      unlink "temp/$file.cvd";
      }
    }

3. 下载最新病毒库

    $ ./clamdownloader.pl
    TXT from DNS: 0.102.3:59:25844:1592303341:1:63:49191:331
    FIELDS main=59 daily=25844 bytecode=331
    file main.cvd does not exists, skipping
    LibClamAV Error: cl_cvdhead: Can't open file /data/nginx/html/clamdb/main.cvd
    ERROR: cvdinfo: Can't read/parse CVD header of /data/nginx/html/clamdb/main.cvd
    file main.cvd version unknown, skipping cdiffs
    cp: cannot stat ‘main.cvd’: No such file or directory
    2020-06-16 18:56:16 URL:http://database.clamav.net/main.cvd [117859675/117859675] -> "main.cvd" [1]
    Use of uninitialized value in numeric gt (>) at ./clamdownloader.pl line 94.
    file temp/main.cvd is newer than main.cvd
    ‘temp/main.cvd’ -> ‘main.cvd’
    file daily.cvd does not exists, skipping
    LibClamAV Error: cl_cvdhead: Can't open file /data/nginx/html/clamdb/daily.cvd
    ERROR: cvdinfo: Can't read/parse CVD header of /data/nginx/html/clamdb/daily.cvd
    file daily.cvd version unknown, skipping cdiffs
    cp: cannot stat ‘daily.cvd’: No such file or directory
    2020-06-16 18:56:41 URL:http://database.clamav.net/daily.cvd [70240083/70240083] -> "daily.cvd" [1]
    Use of uninitialized value in numeric gt (>) at ./clamdownloader.pl line 94.
    file temp/daily.cvd is newer than daily.cvd
    ‘temp/daily.cvd’ -> ‘daily.cvd’
    file bytecode.cvd does not exists, skipping
    LibClamAV Error: cl_cvdhead: Can't open file /data/nginx/html/clamdb/bytecode.cvd
    ERROR: cvdinfo: Can't read/parse CVD header of /data/nginx/html/clamdb/bytecode.cvd
    file bytecode.cvd version unknown, skipping cdiffs
    cp: cannot stat ‘bytecode.cvd’: No such file or directory
    2020-06-16 18:56:44 URL:http://database.clamav.net/bytecode.cvd [296388/296388] -> "bytecode.cvd" [1]
    Use of uninitialized value in numeric gt (>) at ./clamdownloader.pl line 94.
    file temp/bytecode.cvd is newer than bytecode.cvd
    ‘temp/bytecode.cvd’ -> ‘bytecode.cvd’
    [root@GJSK-FIN-PRD-BJ-G-MON-NODE-001 scripts]# ./clamdownloader.pl
    TXT from DNS: 0.102.3:59:25844:1592303341:1:63:49191:331
    FIELDS main=59 daily=25844 bytecode=331
    main old: 59 current: 59
    daily old: 25844 current: 25844
    bytecode old: 331 current: 331

4. 测试本地镜像

    $ sudo echo "10.200.110.1 clamav.server_name.local" >> /etc/hosts
    $ sudo curl -I http://clamav.server_name.local/daily.cvd   HTTP/1.1 200 OK
	Server: nginx/1.16.1
	Date: Wed, 17 Jun 2020 04:59:20 GMT
	Content-Type: application/octet-stream
	Content-Length: 70609071
	Last-Modified: Tue, 16 Jun 2020 13:01:00 GMT
	Connection: keep-alive
	ETag: "5ee8c28c-43568af"
	Accept-Ranges: bytes

5. 定时更新镜像源

    $ sudo crontab -e
    0 1 * * * /bin/perl /data/scripts/clamdownloader.pl 2>&1 >/dev/null

二、客户端安装配置Clamav

官方参考文档

1. 安装

    $ sudo yum install clamav*
    $ mkdir -p /data/clamav/{database,log,run}
    $ chown -R clamupdate.clamupdate /data/clamav

2. 配置

    注释
    DNSDatabaseInfo current.cvd.clamav.net
    修改项
    DatabaseDirectory /data/clamav/database	#病毒库
    UpdateLogFile /data/clamav/log/freshclam.log #更新日志
    PidFile /data/clamav/run/freshclam.pid #进程ID
    ScriptedUpdates yes # 更新
    PrivateMirror clamav.server_name.local #病毒库地址

3. 更新病毒库

    $ sudo freshclam 
    ClamAV update process started at Tue Jun 16 20:09:18 2020
    WARNING: DNS Update Info disabled. Falling back to HTTP mode.
    Reading CVD header (daily.cld): Time: 0.0s, ETA: 0.0s [=============================>] 153B/153B 
    WARNING: remote_cvdhead: file not found: http://clamav.server_name.local/daily.cld
    Reading CVD header (daily.cvd): Time: 0.0s, ETA: 0.0s [=============================>] 512B/512B 
    OK
    daily database available for download (remote version: 25844)
    Time: 0.1s, ETA: 0.0s [=============================>] 66.99MiB/66.99MiB   
    Testing database: '/data/clamav/database/tmp.5e011/clamav-9990037da7d632bfdb6b1b111037a3f1.tmp-daily.cvd' ...
    Database test passed.
    daily.cvd updated (version: 25844, sigs: 2622498, f-level: 63, builder: raynman)
    Reading CVD header (main.cld): Time: 0.0s, ETA: 0.0s [=============================>] 153B/153B 
    WARNING: remote_cvdhead: file not found: http://clamav.server_name.local/main.cld
    Time: 0.0s, ETA: 0.0s [=============================>] 512B/512B ] 0B/512B 
    OK
    main database available for download (remote version: 59)
    Time: 0.2s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB  
    Testing database: '/data/clamav/database/tmp.5e011/clamav-93133aa81442761a171df91da930a58b.tmp-main.cvd' ...
    Database test passed.
    main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
    Reading CVD header (bytecode.cld): Time: 0.0s, ETA: 0.0s [=============================>] 153B/153B 
    WARNING: remote_cvdhead: file not found: http://clamav.server_name.local/bytecode.cld
    Time: 0.0s, ETA: 0.0s [=============================>] 512B/512B ] 0B/512B 
    OK
    bytecode database available for download (remote version: 331)
    Time: 0.0s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB 
    Testing database: '/data/clamav/database/tmp.5e011/clamav-fe11fe78069738b81b242f3466cce6d6.tmp-bytecode.cvd' ...
    Database test passed.
    bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

4. 启动服务

    $ systemctl start clamav-freshclam.service
    $ systemctl enable clamav-freshclam.service
    Created symlink from /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service to /usr/lib/systemd/system/clamav-freshclam.service.
    $ systemctl status clamav-freshclam.service
    ● clamav-freshclam.service - ClamAV virus database updater
       Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: disabled)
       Active: active (running) since Tue 2020-06-16 23:21:53 CST; 14s ago
     Docs: man:freshclam(1)
       man:freshclam.conf(5)
       https://www.clamav.net/documents
     Main PID: 20137 (freshclam)
       CGroup: /system.slice/clamav-freshclam.service
       └─20137 /usr/bin/freshclam -d --foreground=true
    
    Jun 16 23:21:53 NODE-001 freshclam[20137]: WARNING: DNS Update Info disabled. Falling ba...de.
    Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (daily.cld): WARNING: remo...cld
    Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (daily.cvd): OK
    Jun 16 23:21:53 NODE-001 freshclam[20137]: daily.cvd database is up to date (version: 25...an)
    Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (main.cld): WARNING: remot...cld
    Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (main.cvd): OK
    Jun 16 23:21:53 NODE-001 freshclam[20137]: main.cvd database is up to date (version: 59,...gr)
    Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (bytecode.cld): WARNING: r...cld
    Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (bytecode.cvd): OK
    Jun 16 23:21:53 NODE-001 freshclam[20137]: bytecode.cvd database is up to date (version:...eg)
    Hint: Some lines were ellipsized, use -l to show in full.

三、本地扫描

	$ clamscan  -r /data/nginx
	/data/nginx/sbin/nginx: OK
	/data/nginx/conf/koi-win: OK
	/data/nginx/conf/koi-utf: OK
	/data/nginx/conf/win-utf: OK
	/data/nginx/conf/mime.types: OK
	/data/nginx/conf/mime.types.default: OK
	/data/nginx/conf/fastcgi_params: OK
	/data/nginx/conf/fastcgi_params.default: OK
	/data/nginx/conf/fastcgi.conf: OK
	/data/nginx/conf/fastcgi.conf.default: OK
	/data/nginx/conf/uwsgi_params: OK
	/data/nginx/conf/uwsgi_params.default: OK
	/data/nginx/conf/scgi_params: OK
	/data/nginx/conf/scgi_params.default: OK
	/data/nginx/conf/nginx.conf.default: OK
	/data/nginx/conf/nginx.conf: OK
	/data/nginx/logs/error.log: OK
	/data/nginx/logs/access.log: OK
	/data/nginx/html/50x.html: OK
	/data/nginx/html/index.html: OK
	/data/nginx/html/clamdb/dns.txt: OK
	/data/nginx/html/clamdb/main.cvd: OK
	/data/nginx/html/clamdb/daily.cvd: OK
	/data/nginx/html/clamdb/bytecode.cvd: OK
	/data/nginx/html/clamdb/daily-25845.cdiff: OK
	/data/nginx/nginx.pid: OK
	
	----------- SCAN SUMMARY -----------
	Known viruses: 7200353
	Engine version: 0.102.3
	Scanned directories: 12
	Scanned files: 26
	Infected files: 0
	Data scanned: 7.77 MB
	Data read: 186.57 MB (ratio 0.04:1)
	Time: 16.177 sec (0 m 16 s)

CHSUM

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
1
评论
Clamav杀毒安装配置手册

Clamav杀毒安装配置手册一、部署本地病毒库镜像源官方参考文档1. 安装配置代理服务器1.1 安装 $ sudo curl -o /path/nginx-1.16.1.tar.gz http://nginx.org/download/nginx-1.16.1.tar.gz $ sudo tar -zxf /path/nginx-1.16.1.tar.gz -C /path/nginx-1.16.1 $ cd /path/nginx-1.16.1 $ sudo.
复制链接

扫一扫