Install and Configure ClamAV on CentOS 7
yum install -y epel-release
yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
修改配置文件
cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.backup
sed -i ‘/^Example/d’ /etc/clamd.d/scan.conf
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
vim /etc/clamd.d/scan.conf
User clamscan
LocalSocket /var/run/clamd.scan/clamd.sock
cp /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i ‘/^Example/d’ /etc/freshclam.conf
更新病毒库
freshclam
设置定期更新病毒库(可选)
crontab -e
00 01,13 * * * /usr/bin/freshclam --quiet
因为freshclam不是系统服务,可新建如下
vim /usr/lib/systemd/system/freshclam.service
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 2 #一天更新两次
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
systemctl enable freshclam.service
systemctl start freshclam.service
systemctl status freshclam.service
启动查杀服务
systemctl enable clamd@scan.service
systemctl start clamd@scan.service
systemctl status clamd@scan.service
查看clamAV的配置信息:
clamconf
测试一下:下载个含病毒的文件并杀掉
wget http://www.eicar.org/download/eicar_com.zip
clamscan --infected --remove --recursive .
clamscan --infected --remove --recursive . ./eicar_com.zip: Eicar-Test-Signature FOUND ./eicar_com.zip: Removed.
removed说明可用
查杀两个目录
clamscan --infected --remove --recursive /home /root
扫描整个系统
clamscan --infected --recursive --exclude-dir="^/sys" /