If you are installing ClamAV for the first time, you have to add a new user and group to your system:
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
1.建立源,epel-release
yum install -y epel-release (这是一个源)
yum -y update
2.安装clamav包
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
3.设定clamav守護進程(Configuration of Clam daemon)
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
vim /etc/clamd.d/clamd.conf
Example改为#Example
sed -i -e 's/^Example/#Example/' /etc/clamd.d/clamd.conf(这是用命令行来为Example加#)
Configure SELinux for ClamAV.You had to write this command to get it working with SELinux:
setsebool -P antivirus_can_scan_system 1 (实际操作并没有用到此行)
4.1修改freshclam配置(Enable Freshclam)
cp /etc/freshclam.conf /etc/freshclam.conf.bak
vim /etc/freshclam.conf
Example改为#Example
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf (这是用命令行来为Example加#)
4.2 启用每日自动更新病毒库
freshclam通过/etc/cron.d/clamav-update来运行,默认情况下是禁止的,
vim /etc/sysconfig/freshclam
FRESHCLAM_DELAY=disabled-warn # REMOVE ME改为#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
4.3配置扫描文件
Edit the configuration installed by the clamd-scanner package:
vim /etc/clamd.d/scan.conf
Example改为#Example sed -i -e 's/^Example/#Example/' /etc/clamd.d/scan.conf (这是用命令行来为Example加#)
#LocalSocket /var/run/clamd.scan/clamd.sock改为LocalSocket /var/run/clamd.scan/clamd.sock (85行)
资料:https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/
4.4建立“clam-freshclam.service”服务
vim /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
4.5启动更新病毒库服务
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
systemctl status clam-freshclam.service
看到active字样,就表示clam-freshclam.service安装成功。
4.6 手动更新病毒库:
freshclam
*******************************************************************************************************************************
*******************************************************************************************************************************
*******************************************************************************************************************************
5.启动服务
cd /usr/lib/systemd/system
systemctl enable clamd@scan.service
会显示Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@scan.service.
systemctl start clamd@scan.service
systemctl status clamd@scan.service
7.扫描home,-r选项表示包含子目录
# clamscan --infected --remove --recursive /home
备注
如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件#rm -f /var/lib/clamav/mirrors.dat
再手动更新一次病毒库,#freshclam