1.ClamAV杀毒软件的安装
[root@zabbix-agent ~]# cat /etc/redhat-release |
CentOS Linux release 7.2.1511 (Core) |
[root@zabbix-agent ~]# yum -y install epel-release |
Installed: epel-release.noarch 0:7-9 Complete! |
[root@zabbix-agent ~]# yum clean all [root@zabbix-agent ~]# yum makecache [root@zabbix-agent ~]# yum repolist |
repo id repo name status base/7/x86_64 CentOS-7 - Base 9,591 epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 12,201 extras/7/x86_64 CentOS-7 - Extras 329 updates/7/x86_64 CentOS-7 - Updates 1,651 repolist: 23,772 |
[root@zabbix-agent ~]# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd |
Installed: clamav.x86_64 0:0.99.2-13.el7 clamav-data.noarch 0:0.99.2-13.el7 clamav-devel.x86_64 0:0.99.2-13.el7 clamav-filesystem.noarch 0:0.99.2-13.el7 clamav-lib.x86_64 0:0.99.2-13.el7 clamav-scanner-systemd.noarch 0:0.99.2-13.el7 clamav-server.x86_64 0:0.99.2-13.el7 clamav-server-systemd.noarch 0:0.99.2-13.el7 clamav-update.x86_64 0:0.99.2-13.el7 Dependency Installed: clamav-scanner.noarch 0:0.99.2-13.el7 keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-8.el7 libcom_err-devel.x86_64 0:1.42.9-10.el7 libkadm5.x86_64 0:1.15.1-8.el7 libselinux-devel.x86_64 0:2.5-11.el7 libsepol-devel.x86_64 0:2.5-6.el7 libtool-ltdl.x86_64 0:2.4.2-22.el7_3 libverto-devel.x86_64 0:0.2.5-4.el7 nmap-ncat.x86_64 2:6.40-7.el7 openssl-devel.x86_64 1:1.0.2k-8.el7 pcre-devel.x86_64 0:8.32-17.el7 zlib-devel.x86_64 0:1.2.7-17.el7 Updated: dracut.x86_64 0:033-502.el7_4.1 systemd.x86_64 0:219-42.el7_4.4 Dependency Updated: dracut-config-rescue.x86_64 0:033-502.el7_4.1 dracut-network.x86_64 0:033-502.el7_4.1 e2fsprogs.x86_64 0:1.42.9-10.el7 e2fsprogs-libs.x86_64 0:1.42.9-10.el7 krb5-libs.x86_64 0:1.15.1-8.el7 libcom_err.x86_64 0:1.42.9-10.el7 libgudev1.x86_64 0:219-42.el7_4.4 libselinux.x86_64 0:2.5-11.el7 libselinux-python.x86_64 0:2.5-11.el7 libselinux-utils.x86_64 0:2.5-11.el7 libsepol.x86_64 0:2.5-6.el7 libss.x86_64 0:1.42.9-10.el7 openssl.x86_64 1:1.0.2k-8.el7 openssl-libs.x86_64 1:1.0.2k-8.el7 pcre.x86_64 0:8.32-17.el7 systemd-libs.x86_64 0:219-42.el7_4.4 systemd-sysv.x86_64 0:219-42.el7_4.4 zlib.x86_64 0:1.2.7-17.el7 Complete! |
在两个配置文件/etc/freshclam.conf和/etc/clamd.d/scan.conf中移除“Example”字符 |
[root@zabbix-agent ~]# cp /etc/freshclam.conf /etc/freshclam.conf.bak [root@zabbix-agent ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf [root@zabbix-agent ~]# cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.bak [root@zabbix-agent ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf |
[root@zabbix-agent ~]# vim /etc/clamd.d/scan.conf |
LocalSocket /var/run/clamd.scan/clamd.sock |
2.病毒库更新
2.1关闭自动更新
freshclam命令通过文件/etc/cron.d/clamav-update来自动运行,该文件的内容
[root@zabbix-agent ~]# vim /etc/cron.d/clamav-update |
## Adjust this line... MAILTO=root ## It is ok to execute it as root; freshclam drops privileges and becomes ## user 'clamupdate' as soon as possible 0 */3 * * * root /usr/share/clamav/freshclam-sleep |
但默认情况下是禁止了自动更新功能,需要移除文件/etc/sysconfig/freshclam最后一行的配置才能启用
[root@zabbix-agent ~]# vim /etc/sysconfig/freshclam |
# FRESHCLAM_DELAY= |
定义服务器类型(本地或者TCP),在这里定义为使用本地socket,将文件/etc/clam.d/scan.conf中的这一行前面的注释符号去掉:
[root@zabbix-agent ~]# vim /etc/clamd.d/scan.conf |
#LocalSocket /var/run/clamd.scan/clamd.sock |
2.2下载病毒库
https://www.clamav.net/downloads
将main.cvd\daily.cvd\bytecode.cvd三个文件下载后上传到/var/lib/clamav目录下
[root@zabbix-agent clamav]# pwd |
/var/lib/clamav |
[root@zabbix-agent clamav]# ll |
total 113136 -rw-r--r-- 1 clamupdate clamupdate 76781 Jun 13 2016 bytecode.cvd -rw-r--r-- 1 clamupdate clamupdate 6626001 Jun 13 2016 daily.cvd -rw-r--r-- 1 clamupdate clamupdate 109143933 Jun 13 2016 main.cvd |
将原有病毒库文件删除,更新为下载最新版本。 |
[root@zabbix-agent clamav]# ll |
total 158088 -rw-r--r-- 1 root root 153228 Jan 12 21:56 bytecode.cvd -rw-r--r-- 1 root root 43830800 Jan 12 21:57 daily.cvd -rw-r--r-- 1 root root 117892267 Jan 12 21:57 main.cvd |
[root@zabbix-agent clamav]# vim /etc/freshclam.conf |
DatabaseDirectory /var/lib/clamav 将注释#号去掉 |
[root@zabbix-agent clamav]# systemctl enable clamd@scan.service [root@zabbix-agent system]# ln -s '/usr/lib/systemd/system/clamd@scan.service' '/etc/systemd/system/multi-user.target.wants/clamd@scan.service' |
2.3更新病毒库
建立clam-freshclam.service服务
[root@zabbix-agent ~]# vim /usr/lib/systemd/system/clam-freshclam.service |
# Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target |
[root@zabbix-agent ~]# systemctl start clam-freshclam.service [root@zabbix-agent ~]# systemctl status clam-freshclam.service |
● clam-freshclam.service - freshclam scanner Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2018-01-12 22:34:43 CST; 8s ago Process: 2533 ExecStart=/usr/bin/freshclam -d -c 4 (code=exited, status=0/SUCCESS) Main PID: 2534 (freshclam) CGroup: /system.slice/clam-freshclam.service └─2534 /usr/bin/freshclam -d -c 4 Jan 12 22:34:43 zabbix-agent systemd[1]: Starting freshclam scanner... Jan 12 22:34:43 zabbix-agent systemd[1]: Started freshclam scanner. Jan 12 22:34:43 zabbix-agent freshclam[2534]: freshclam daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jan 12 22:34:43 zabbix-agent freshclam[2534]: ClamAV update process started at Fri Jan 12 22:34:43 2018 Jan 12 22:34:43 zabbix-agent freshclam[2534]: main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Jan 12 22:34:44 zabbix-agent freshclam[2534]: Downloading daily-24213.cdiff [100%] Jan 12 22:34:44 zabbix-agent freshclam[2534]: Downloading daily-24214.cdiff [100%] Jan 12 22:34:46 zabbix-agent freshclam[2534]: Downloading daily-24215.cdiff [100%] Jan 12 22:34:49 zabbix-agent freshclam[2534]: daily.cld updated (version: 24215, sigs: 1823104, f-level: 63, builder: neo) Jan 12 22:34:50 zabbix-agent freshclam[2534]: bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo) Hint: Some lines were ellipsized, use -l to show in full. |
[root@zabbix-agent ~]# freshclam |
ClamAV update process started at Fri Jan 12 22:37:24 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cld is up to date (version: 24215, sigs: 1823104, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo) |
[root@zabbix-agent ~]# systemctl enable clam-freshclam.service |
Created symlink from /etc/systemd/system/multi-user.target.wants/clam-freshclam.service to /usr/lib/systemd/system/clam-freshclam.service. |
[root@zabbix-agent ~]#cp /usr/share/clamav/template/clamd.conf /etc/clamd.conf [root@zabbix-agent ~]#vim /etc/clamd.conf |
#Example TCPSocket 3310 TCPAddr 127.0.0.1 |
[root@zabbix-agent ~]# /usr/sbin/clamd restart [root@zabbix-agent ~]# clamdscan -V |
ClamAV 0.99.2/24262/Sun Jan 28 09:21:42 2018 |
3.启动服务
[root@zabbix-agent ~]# systemctl start clamd@scan.service [root@zabbix-agent ~]# systemctl status clamd@scan.service |
● clamd@scan.service - Generic clamav scanner daemon Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2018-01-12 22:53:43 CST; 3s ago Main PID: 2935 (clamd) CGroup: /system.slice/system-clamd.slice/clamd@scan.service └─2935 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes Jan 12 22:53:43 zabbix-agent systemd[1]: Started Generic clamav scanner daemon. Jan 12 22:53:43 zabbix-agent systemd[1]: Starting Generic clamav scanner daemon... Jan 12 22:53:43 zabbix-agent clamd[2935]: Received 0 file descriptor(s) from systemd. Jan 12 22:53:43 zabbix-agent clamd[2935]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jan 12 22:53:43 zabbix-agent clamd[2935]: Running as user clamscan (UID 994, GID 991) Jan 12 22:53:43 zabbix-agent clamd[2935]: Log file size limited to 1048576 bytes. Jan 12 22:53:43 zabbix-agent clamd[2935]: Reading databases from /var/lib/clamav Jan 12 22:53:43 zabbix-agent clamd[2935]: Not loading PUA signatures. Jan 12 22:53:43 zabbix-agent clamd[2935]: Bytecode: Security mode set to "TrustSigned". |
[root@zabbix-agent ~]# systemctl enable clamd@scan.service |
4.查杀病毒
扫描所有用户的主目录就使用
[root@zabbix-agent ~]# clamscan -r /home |
扫描您计算机上的所有文件并且显示所有的文件的扫描结果,就使用
[root@zabbix-agent ~]# clamscan -r / |
----------- SCAN SUMMARY ----------- Known viruses: 6383388 Engine version: 0.99.2 Scanned directories: 10373 Scanned files: 30631 Infected files: 0 Total errors: 15881 Data scanned: 1520.95 MB Data read: 2276.20 MB (ratio 0.67:1) Time: 236.625 sec (3 m 56 s) |
扫描您计算机上的所有文件并且显示有问题的文件的扫描结果,就使用
[root@zabbix-agent ~]# clamscan -r --bell -i / |
----------- SCAN SUMMARY ----------- Known viruses: 6383388 Engine version: 0.99.2 Scanned directories: 10373 Scanned files: 30631 Infected files: 0 Total errors: 15881 Data scanned: 1520.95 MB Data read: 2276.20 MB (ratio 0.67:1) Time: 198.461 sec (3 m 18 s) |
查杀当前目录并删除感染的文件
[root@zabbix-agent ~]# clamscan -r --remove |
clamscan常用参数
-r/--recursive[=yes/no] | 所有文件 |
--log=FILE/-l FILE | 增加扫描报告 |
clamscan -l /var/log/clamscan.log / | |
--move [路径] | 移动病毒文件至 |
--remove [路径] | 删除病毒文件 |
--quiet | 只输出错误消息 |
--infected/-i | 只输出感染文件 |
--suppress-ok-results/-o | 跳过扫描OK的文件 |
--bell | 扫描到病毒文件发出警报声音 |
--unzip(unrar) | 解压压缩文件扫描 |
5.计划任务
说明
基本格式
* * * * * command
第1列表示分钟1~59每分钟用*或者*/1表示
第2列表示小时1~23(0表示0点)
第3列表示日期1~31
第4列表示月份1~12
第5列表示星期0~6(0表示星期天)
第6列要运行的命令
[root@zabbix-agent ~]# crontab -e |
0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log |
[root@zabbix-agent ~]# vim /etc/crontab |
0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log |
[root@zabbix-agent ~]# crontab -l -u root |
0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log |
[root@zabbix-agent ~]# systemctl start crond.service [root@zabbix-agent ~]# systemctl status crond.service |
● crond.service - Command Scheduler Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-01-12 22:25:20 CST; 1h 27min ago Main PID: 614 (crond) CGroup: /system.slice/crond.service └─614 /usr/sbin/crond -n Jan 12 22:25:20 zabbix-agent systemd[1]: Started Command Scheduler. Jan 12 22:25:20 zabbix-agent systemd[1]: Starting Command Scheduler... Jan 12 22:25:20 zabbix-agent crond[614]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 83% if used.) Jan 12 22:25:20 zabbix-agent crond[614]: (CRON) INFO (running with inotify support) Jan 12 23:40:01 zabbix-agent crond[614]: (*system*) RELOAD (/etc/crontab) |
[root@zabbix-agent ~]# systemctl enable crond.service |
转载于:https://blog.51cto.com/11199460/2083697
7723
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
