病毒更新还需要研究一下,因为手工更新病毒库也失败了
cd /tools
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/clamav-0.100.0.tar.gz
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/zlib-1.2.7.tar.gz
tar xvzf zlib-1.2.7.tar.gz
cd zlib-1.2.7
./configure
make && make install
sleep 2
/usr/bin/chattr -i /etc/passwd
/usr/bin/chattr -i /etc/inittab
/usr/bin/chattr -i /etc/group
/usr/bin/chattr -i /etc/shadow
/usr/bin/chattr -i /etc/gshadow
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
/usr/bin/chattr +i /etc/passwd
/usr/bin/chattr +i /etc/inittab
/usr/bin/chattr +i /etc/group
/usr/bin/chattr +i /etc/shadow
/usr/bin/chattr +i /etc/gshadow
cd ..
tar -xvzf clamav-0.100.0.tar.gz
cd clamav-0.100.0
./configure --prefix=/opt/clamav --with-pcre
make && make install
echo $?
echo 'export PATH=$PATH:/opt/clamav/bin' >> /etc/profile
tail -1 /etc/profile
source /etc/profile
sleep 2
#创建目录
mkdir /opt/clamav/logs -p
mkdir /opt/clamav/updata -p
touch /opt/clamav/logs/freshclam.log
touch /opt/clamav/logs/clamd.log
#编辑权限
chown clamav:clamav /opt/clamav/logs/clamd.log
chown clamav:clamav /opt/clamav/logs/freshclam.log
cd /opt/clamav/etc/
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/clamd.conf
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/freshclam.conf
#配置clamav
mkdir -p /opt/clamav/share/clamav
chown clamav:clamav /opt/clamav/share/clamav
chown -R clamav.clamav /opt/clamav/
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service
systemctl status clamav-freshclam.service
cd /opt/clamav/share/clamav
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/main.cvd
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/daily.cvd
wget https://xxx.oss-cn-hangzhou.aliyuncs.com/clamav/bytecode.cvd
#先停止freshclam
systemctl stop clamav-freshclam.service
systemctl status clamav-freshclam.service
#再更新
/opt/clamav/bin/freshclam
#(根据网络质量确定更新时长)或者
#cd /opt/clamav/share/clamav
#wget http://database.clamav.net/main.cvd
#wget http://database.clamav.net/daily.cvd
#wget http://database.clamav.net/bytecode.cvd
#更新完成启动
systemctl start clamav-freshclam.service
systemctl status clamav-freshclam.service
#说明:如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件
#rm -f /opt/clamav/share/clamav/mirrors.dat ,再手动更新一次病毒库。
#全盘扫描
clamscan -r / --max-dir-recursion=5 -l /tmp/allclamav.log
grep FOUND /tmp/allclamav.log
虚拟机中毒了,但是密码忘了,进不去怎么办?进入单用户模式,参考Centos7重置密码
通过e键,进入编辑模式,修改ro为rw init=/sysroot/bin/sh
按“Ctrl+x”键进入单用户模式,接着执行
# 使用chroot进入系统
chroot /sysroot
# 重置密码
passwd root
# 更新selinux信息
touch /.autorelabel
# 退出chroot
exit
然后重启,即可
发现病毒,但是无法删掉
[root@bw42 ~]# grep FOUND /tmp/allclamav.log
/usr/lib/primary.jpg: Unix.Malware.Agent-1395347 FOUND
/usr/lib/updated/h64: Unix.Malware.Agent-1395347 FOUND
/usr/lib/updated/dhcpi: Multios.Coinminer.Miner-6781728-2 FOUND
/tools/clamav-0.103.1/test/clam.cab: Clamav.Test.File-6 FOUND
/tools/clamav-0.103.1/test/clam.exe: Clamav.Test.File-6 FOUND
正常情况是这样的
[root@bw41 ~]# clamscan -r --remove /usr/lib/primary.jpg
/usr/lib/primary.jpg: Unix.Malware.Agent-1395347 FOUND
/usr/lib/primary.jpg: Removed.
----------- SCAN SUMMARY -----------
Known viruses: 8670667
Engine version: 0.103.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.84 MB
Data read: 3.10 MB (ratio 0.27:1)
Time: 26.668 sec (0 m 26 s)
Start Date: 2023:07:12 17:23:15
End Date: 2023:07:12 17:23:41
异常情况是这样的
[root@bw42 ~]# clamscan -r --remove /usr/lib/updated/dhcpi
/usr/lib/updated/dhcpi: Multios.Coinminer.Miner-6781728-2 FOUND
traverse_unlink: Failed to unlink: /usr/lib/updated/dhcpi
Error:Operation not permitted
ERROR: Can't remove file '/usr/lib/updated/dhcpi'
----------- SCAN SUMMARY -----------
Known viruses: 8670667
Engine version: 0.103.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Not removed: 1
Data scanned: 7.46 MB
Data read: 7.01 MB (ratio 1.06:1)
Time: 26.904 sec (0 m 26 s)
Start Date: 2023:07:12 15:57:57
End Date: 2023:07:12 15:58:24
解决办法是
chattr -a -i /usr/lib/updated/dhcpi
rm -f /usr/lib/updated/dhcpi
# 接着再杀进程即可
601
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
