Linux杀毒软件(ClamAV)

Clam AntiVirus是一个类UNIX系统上使用的反病毒软件包.主要应用于邮件服务器,采用多线程后台操作,可以自动升级病毒库.

一、下载安装

1.下载
clamav官网：http://www.clamav.net/downloads，最新稳定版是0.100.2。 点击这里下载或者wget直接下载源码包。

wget https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz (下载可能有问题，windows下载上传)

2.解压

tar -zxf  clamav-0.102.0.tar.gz

3.编译安装

cd clamav-0.99.
./configure --prefix=/usr/local/clamav
make
make install

出现Your libcurl (e.g. libcurl-devel) is too old. Installing ClamAV with clamonacc requires libcurl 7.45 or higher. For a quick fix, run ./configure again with --disable-clamonacc if you do not wish to use on-access scanning features. For more information on 
升级libcurl

1、安装repo

rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-1.rhel7.noarch.rpm

2、查看该 repo 包含的 curl 版本

yum.repos.d]# yum --showduplicates list curl --disablerepo="*" --enablerepo="city*"
 
Loaded plugins: fastestmirror
city-fan.org | 3.0 kB 00:00:00
city-fan.org-debuginfo | 3.0 kB 00:00:00
city-fan.org-source | 3.0 kB 00:00:00
(1/3): city-fan.org-debuginfo/7/primary_db | 39 kB 00:00:02
(2/3): city-fan.org-source/7/primary_db | 344 kB 00:00:03
(3/3): city-fan.org/7/primary_db | 489 kB 00:00:03
Loading mirror speeds from cached hostfile
* city-fan.org: nervion.us.es
* city-fan.org-debuginfo: www.city-fan.org
* city-fan.org-source: nervion.us.es
Installed Packages
curl.x86_64 7.29.0-42.el7 @anaconda
Available Packages
curl.x86_64 7.62.0-1.0.cf.rhel7 city-fan.org

3、修改该repo的enable为1

vi /etc/yum.repos.d/city-fan.org.repo
 
[city-fan.org]
 
name=city-fan.org repository for Red Hat Enterprise Linux (and clones) $releasever ($basearch)
 
#baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch
 
mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$releasever
 
enabled=1
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org

4、安装最新的curl

yum install curl

Error: Package: libcurl-7.65.1-1.0.cf.rhel7.x86_64 (city-fan.org) Requires: libnghttp2.so.14()(64bit)

yum install epel-release -y

yum --enablerepo=epel install libnghttp2 -y && yum install libcurl -y

4.添加用户组和组成员

groupadd clamav
useradd -g clamav clamav

二、配置

1.创建日志目录和病毒库目录

mkdir /usr/local/clamav/logs   -p
mkdir /usr/local/clamav/updata -p

2. 创建日志文件

touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log

3. 文件授权

chown clamav:clamav /usr/local/clamav/logs/clamd.log
chown clamav:clamav /usr/local/clamav/logs/freshclam.log
chown clamav:clamav /usr/local/clamav/updata

4. 修改配置文件

cp  /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.conf
cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf

编辑这两个配置文件内容

vim /usr/local/clamav/etc/clamd.conf
 
#Example　　//注释掉这一行
#添加以下内容
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/updata/clamd.pid
DatabaseDirectory /usr/local/clamav/updata

vim /usr/local/clamav/etc/freshclam.conf
 
#Example　　//注释掉这一行
#添加以下内容
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid

三、执行

1. 更新病毒库

/usr/local/clamav/bin/freshclam

2.杀毒扫描

参数：
-r 递归扫描子目录
-i 只显示发现的病毒文件
–no-summary 不显示统计信息
用法：
--帮助
/usr/local/clamav/bin/clamscan --help
--默认扫描当前目录下的文件，并显示扫描结果统计信息
/usr/local/clamav/bin/clamscan
--扫描当前目录下的所有目录和文件，并显示结果统计信息　　 　
/usr/local/clamav/bin/clamscan -r　
--扫描data目录下的所有目录和文件，并显示结果统计信息　
/usr/local/clamav/bin/clamscan -r /data　
--扫描data目录下的所有目录和文件，只显示有问题的扫描结果
/usr/local/clamav/bin/clamscan -r --bell -i /data
--扫描data目录下的所有目录和文件，不显示统计信息
/usr/local/clamav/bin/clamscan --no-summary -ri /data

例如:
/usr/local/clamav/bin/clamscan  -r /data

3. 自动定时更新和杀毒

  一般使用计划任务，让服务器每天定时更新和定时杀毒，保存杀毒日志。设置crontab定时任务。

    * * *          /usr/local/clamav/bin/freshclam --quiet
   * * *          /usr/local/clamav/bin/clamscan  -r /home  --remove -l /var/log/clamscan.log

摘自

https://www.jianshu.com/p/4a427f7cb9d7

https://www.cnblogs.com/yaun1498078591/p/10082430.html