下载Clamav及病毒库 http://www.clamav.net/download.html
1.下载
wget http://www.clamav.net/downloads/production/clamav-0.101.3.tar.gz
2.创建clamav用户和存放病毒库目录
clamav用户和用户组
groupadd clamav && useradd -g clamav clamav && id clamav
日志存放目录
mkdir -p /usr/local/clamav/logs
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log
病毒存放目录
mkdir -p /usr/local/clamav/updata
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/updata/
3.解压安装包
tar xf clamav-0.101.3.tar.gz
4.安装依赖
yum install gcc gcc-c++ openssl openssl-devel -y
5.编译安装
cd clamav-0.101.3/
./configure --prefix=/usr/local/clamav --with-pcre
make && make install
6.配置clamav
cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
#修改配置文件clamd.conf
vim clamd.conf
Example 注释掉这一行.
添加下面三行:
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/updata/clamd.pid
DatabaseDirectory /usr/local/clamav/updata
#修改配置文件clamd.conf
vim freshclam.conf
Example 注释掉这一行.
添加下面三行:
DatabaseDirectory /usr/local/clamav/updata
LogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid
7.启动clamav
chown -R clamav.clamav /usr/local/clamav/
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service
systemctl status clamav-freshclam.service
8.更新病毒库
先停止freshclam
systemctl stop clamav-freshclam.service
再更新
/usr/local/clamav/bin/freshclam
或者去Clamav病毒库 http://www.clamav.net/download.html下载main\daily\bytecode.cvd三个文件,下载的文件在 /opt/clamav/share/clamav 目录
cd /usr/local/clamav/share/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd
更新完成启动
systemctl start clamav-freshclam.service
systemctl status clamav-freshclam.service
创建软链接
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
9.扫描杀毒
常用方法:
#扫描并不隔离或删除文件
clamscan -r --bell -i ${路径}
例如:
[root@centos7 clamav]# clamscan -r --bell -i /home/
----------- SCAN SUMMARY -----------
Known viruses: 6526435 ## 病毒库
Engine version: 0.100.0 ## 引擎版本
Scanned directories: 2 ## 扫描的目录
Scanned files: 3 ## 扫描的文件
Infected files: 0 ## 感染的文件数
Data scanned: 0.00 MB ## 扫描文件的大小
Data read: 0.00 MB (ratio 0.00:1)
Time: 20.303 sec (0 m 20 s) ## 扫描花费的时间
#扫描并删除文件
clamscan -r –remove ${路径}
#扫描并移动病毒和感染文件到指定目录
mkdir -p /home/bill/my_virus_collection
clamscan -r --move=/tmp/virus_collection ${路径}
#扫描定时扫描任务
mkdir -p/tmp/virus_collection
echo "#scan virus" >>/etc/crontab
echo '30 4 5 * * /user/local/clamav/bin/clamscan -r --move=/tmp/virus_collection / >/dev/null 2>&1' >>/etc/crontab