ClamAV是使用广泛且基于GPL License的开源代码的典型杀毒软件,它支持各种平台,如:windows、linux、Unix等操作系统,并被广泛应用于其他应用程序,如:邮件客户端服务器、HTTP病毒扫描代理等。
下面开始安装
[root@nsh ~]# yum install -y epel-release [root@nsh ~]# yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
修改配置文件
[root@nsh ~]# sed -i '/^Example/d' /etc/clamd.d/scan.conf [root@nsh ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
编辑配置文件
[root@nsh ~]# vim /etc/clamd.d/scan.conf
User clamscan LocalSocket /var/run/clamd.scan/clamd.sock
更新病毒库
[root@nsh ~]# freshclam ClamAV update process started at Tue Oct 29 13:43:11 2019 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily-25551.cdiff [100%] Downloading daily-25552.cdiff [100%] Downloading daily-25553.cdiff [100%] Downloading daily-25554.cdiff [100%] Downloading daily-25555.cdiff [100%] Downloading daily-25556.cdiff [100%] Downloading daily-25557.cdiff [100%] Downloading daily-25558.cdiff [100%] Downloading daily-25559.cdiff [100%] Downloading daily-25560.cdiff [100%] Downloading daily-25561.cdiff [100%] ............................................................... Downloading daily-25614.cdiff [100%] Downloading daily-25615.cdiff [100%] Downloading daily-25616.cdiff [100%] daily.cld updated (version: 25616, sigs: 1960147, f-level: 63, builder: raynman) Downloading bytecode-331.cdiff [100%] bytecode.cld updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg) Database updated (6526490 signatures) from database.clamav.net (IP: 104.16.219.84)
设置定期更新病毒库(可选)
crontab -e 00 01,13 * * * /usr/bin/freshclam --quiet
因为freshclam不是系统服务,可新建如下
vim /usr/lib/systemd/system/freshclam.service [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 2 #一天更新两次 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target systemctl enable freshclam.service systemctl start freshclam.service systemctl status freshclam.service
启动查杀服务
systemctl enable clamd@scan.service systemctl start clamd@scan.service systemctl status clamd@scan.service
查看clamAV的配置信息:
[root@nsh ~]# clamconf Checking configuration files in /etc Config file: clamd.d/scan.conf ------------------------------ AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile disabled LogFileUnlock disabled LogFileMaxSize = "1048576" LogTime disabled LogClean disabled .................................................................................... HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamd.d/scan.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SafeBrowsing disabled Bytecode = "yes" mail/clamav-milter.conf not found Software settings ----------------- Version: 0.101.4 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information -------------------- Database directory: /var/lib/clamav main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 05:38:10 2017 daily.cld: version 25616, sigs: 1960147, built on Mon Oct 28 16:57:02 2019 bytecode.cld: version 331, sigs: 94, built on Fri Sep 20 00:12:33 2019 Total number of signatures: 6526490 Platform information -------------------- uname: Linux 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.7 (1.2.7), compile flags: a9 platform id: 0x0a2169690800000000040805 Build information ----------------- GNU C: 4.8.5 20150623 (Red Hat 4.8.5-39) (4.8.5) CPPFLAGS: CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 105, dconf: 105
测试一下:下载个含病毒的文件并杀掉
[root@nsh ~]# wget http://www.eicar.org/download/eicar_com.zip --2019-10-29 14:32:00-- http://www.eicar.org/download/eicar_com.zip Resolving www.eicar.org (www.eicar.org)... 213.211.198.62 Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 184 [application/octet-stream] Saving to: ‘eicar_com.zip’ 100%[=================================================================================================================================>] 184 --.-K/s in 0s 2019-10-29 14:32:07 (34.2 MB/s) - ‘eicar_com.zip’ saved [184/184] [root@nsh ~]# clamscan --infected --remove --recursive . ./eicar_com.zip: Eicar-Test-Signature FOUND ./eicar_com.zip: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 6515529 Engine version: 0.101.4 Scanned directories: 3 Scanned files: 9 Infected files: 1 Data scanned: 0.01 MB Data read: 0.00 MB (ratio 2.00:1) Time: 103.178 sec (1 m 43 s)
查杀两个目录
[root@nsh ~]# clamscan --infected --remove --recursive /home /root ----------- SCAN SUMMARY ----------- Known viruses: 6515529 Engine version: 0.101.4 Scanned directories: 4 Scanned files: 8 Infected files: 0 Data scanned: 0.01 MB Data read: 0.00 MB (ratio 2.00:1) Time: 96.905 sec (1 m 36 s)
扫描整个系统
[root@nsh ~]# clamscan --infected --recursive --exclude-dir="^/sys" / LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes ----------- SCAN SUMMARY ----------- Known viruses: 6515529 Engine version: 0.101.4 Scanned directories: 13069 Scanned files: 61419 Infected files: 0 Data scanned: 2688.47 MB Data read: 2923.47 MB (ratio 0.92:1) Time: 1150.914 sec (19 m 10 s)
完成
总结:简单无脑,但是还是需要研究...............................