ClamAV 杀毒软件
ClamAV 是Linux平台最受欢迎的杀毒软件,它属于免费开源产品,支持多种平台,比如 Linux/Unix、MAC OS X、Windows、OpenVMS等。
[TOC]
不同系统下的安装
注意如下几个命令的区别:
- clamd 是ClamAv的守护进程,通过clamd可以控制ClamAv执行各种操作
- freshclam 为ClamAv自带的病毒库下载更新工具
- clamscan 是 ClamAv 通用的命令,不依赖服务,执行速度稍慢,命令参数较多,比如支持 -r 递归
- clamdscan 是搭配clamd常驻服务的扫毒工具,执行效率较高,但是可用的参数较少,比如不支持 -r 递归
centos 通过 yum 在线安装
- 通过 yum 安装 ClamAV,默认版本 0.103.11
#.安装epel
yum install -y epel-release
yum clean all && yum makecache
#.安装clamav
yum install -y -q clamav clamav-update
systemctl start clamav-freshclam.service
#.确认clamav版本
clamdscan --version
#.测试clamdscan
clamdscan -i /root/
- 执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本
freshclam --version
#.在线升级病毒库
freshclam
centos 通过 make 编译安装
- 安装 ClamAV 0.101.1
#.创建用户和目录(执行freshclam必须switch to clamav user)
cat /etc/group | grep clamav || groupadd clamav
cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
mkdir -p /usr/local/clamav/{logs,update}
chown -R clamav:clamav /usr/local/clamav
#.安装依赖
yum install -y -q gcc gcc-c++ openssl-devel libcurl-devel e2fsprogs-devel
#.编译安装(由于 clamav-1.4.1.tar.gz 解压后无 configure 而暂时搁置)
cd /opt/
wget -c http://iso.sqlfans.cn/linux/clamav-0.101.1.tar.gz
tar -zxvf clamav-0.101.1.tar.gz > /dev/null
cd clamav-0.101.1
./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
[ $? -eq 0 ] && make -j$(nproc)
[ $? -eq 0 ] && make install
#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
mkdir -p /usr/local/clamav/{logs,update}
\cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.conf
sed -i -e 's/^Example/#Example/' /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | grep "^LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | grep "^PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | grep "^DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/clamd.conf
cat /usr/local/clamav/etc/clamd.conf | egrep "(#Example|^LogFile|^PidFile|^DatabaseDirectory)"
#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
\cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf
sed -i -e 's/^Example/#Example/' /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | grep "^UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | grep "^PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | grep "^DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/clamav/etc/freshclam.conf
cat /usr/local/clamav/etc/freshclam.conf | egrep "(#Example|^UpdateLogFile|^PidFile|^DatabaseDirectory)"
#.启动clamav
chown -R clamav:clamav /usr/local/clamav
systemctl start clamav-freshclam.service
#.创建软链
ln -s /usr/local/clamav/bin/clamscan /usr/sbin/clamscan
ln -s /usr/local/clamav/bin/clamdscan /usr/sbin/clamdscan
ln -s /usr/local/clamav/bin/freshclam /usr/sbin/freshclam
ln -s /usr/local/clamav/sbin/clamd /usr/sbin/clamd
#.确认clamav版本
clamdscan --version
#.测试clamdscan
clamdscan -i /root/
- 执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本
freshclam --version
#.先停掉服务,再升级病毒库
systemctl stop clamav-freshclam.service
freshclam
centos 通过 rpm 离线安装
- 安装 ClamAV 1.4.1
#.创建用户和目录(执行freshclam必须switch to clamav user)
cat /etc/group | grep clamav || groupadd clamav
cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
mkdir -p /usr/local/clamav/{logs,update}
chown -R clamav:clamav /usr/local/clamav
#.下载安装
cd /opt/
wget -c http://iso.sqlfans.cn/linux/clamav-1.4.1.linux.x86_64.rpm
rpm -ivh --prefix=/usr/local/clamav clamav-1.4.1.linux.x86_64.rpm
#.设置环境变量
echo PATH=/usr/local/clamav/bin:/usr/local/clamav/sbin:$PATH > /etc/profile.d/path.sh
source /etc/profile.d/path.sh
#.确认ClamAV版本
clamdscan --version
- 配置 ClamAV
#.若执行 clamdscan 提示缺少库文件,就要更新ldconfig
find / -name libclamav.so.12
echo "/usr/local/clamav/lib64/" > /etc/ld.so.conf.d/clamav.conf
ldconfig
#.若执行 clamdscan 提示 /lib64/libc.so.6: version `GLIBC_2.28' not found 则要安装 glibc-2.28
#.可参考 https://wiki.sqlfans.cn/infosec/upgrade-app-glibc228.html
#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
\cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/etc/clamd.conf
sed -i -e 's/^Example/#Example/' /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "^LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "^PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "^DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | egrep "(#Example|^LogFile|^PidFile|^DatabaseDirectory)"
#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
\cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
sed -i -e 's/^Example/#Example/' /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | egrep "(#Example|^UpdateLogFile|^PidFile|^DatabaseDirectory)"
#.修改目录权限
chown -R clamav:clamav /usr/local/clamav
#.查看ClamAV版本
clamdscan --version
#.测试clamdscan
clamdscan -i /root/
- 执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本
freshclam --version
#.在线升级病毒库
freshclam
ubuntu 通过 deb 离线安装
- 安装 ClamAV 1.4.1
#.创建用户和目录(执行freshclam必须switch to clamav user)
cat /etc/group | grep clamav || groupadd clamav
cat /etc/passwd | grep clamav || useradd -g clamav clamav -s /usr/sbin/nologin
mkdir -p /usr/local/clamav/{logs,update}
chown -R clamav:clamav /usr/local/clamav
#.下载安装
# apt install -y clamav clamav-daemon
cd /opt/
wget -c http://iso.sqlfans.cn/ubuntu/deb/clamav-1.4.1.linux.x86_64.deb
dpkg -i clamav-1.4.1.linux.x86_64.deb
#.修改ClamAv守护进程 clamd 的配置文件 clamd.conf
\cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
sed -i -e 's/^Example/#Example/' /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "^LogFile" || echo "LogFile /usr/local/clamav/logs/clamd.log" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "^PidFile" || echo "PidFile /usr/local/clamav/logs/clamd.pid" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | grep "^DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/clamd.conf
cat /usr/local/etc/clamd.conf | egrep "(#Example|^LogFile|^PidFile|^DatabaseDirectory)"
#.修改ClamAv病毒库升级工具 freshclam 的配置文件 freshclam.conf
\cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
sed -i -e 's/^Example/#Example/' /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^UpdateLogFile" || echo "UpdateLogFile /usr/local/clamav/logs/freshclam.log" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^PidFile" || echo "PidFile /usr/local/clamav/logs/freshclam.pid" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^DatabaseDirectory" || echo "DatabaseDirectory /usr/local/clamav/update" >> /usr/local/etc/freshclam.conf
cat /usr/local/etc/freshclam.conf | egrep "(#Example|^UpdateLogFile|^PidFile|^DatabaseDirectory)"
#.查看ClamAV版本
clamdscan --version
#.测试clamdscan
clamdscan -i /root/
- 执行 freshclam 在线更新病毒数据库
#.查看当前的病毒库版本
freshclam --version
#.在线升级病毒库
freshclam
更新病毒库
在线更新
- freshclam 为ClamAv自带的病毒库下载更新工具,执行 freshclam 可以在线更新病毒数据库
#.查看当前的病毒库版本
freshclam --version
#.在线升级病毒库
freshclam
离线更新
- 下载3个最新的病毒库文件:main.cvd、daily.cvd、bytecode.cvd 并放到指定的目录下,然后重新加载病毒库
#.确认 freshclam.conf 所配置的 DatabaseDirectory 目录
find / -name freshclam.conf
cat /usr/local/etc/freshclam.conf | grep "^DatabaseDirectory"
cat /usr/local/clamav/etc/freshclam.conf | grep "^DatabaseDirectory"
#.将3个最新的病毒库文件,放到 DatabaseDirectory 目录下
cd /usr/local/clamav/update
wget -c http://iso.sqlfans.cn/20250120/main.cvd
wget -c http://iso.sqlfans.cn/20250120/daily.cvd
wget -c http://iso.sqlfans.cn/20250120/bytecode.cvd
#.利用 sigtool 查看病毒库的更新时间
sigtool -i /usr/local/clamav/update/daily.cvd
#.重新加载病毒库
clamdscan --reload
#.查看当前的病毒库版本
freshclam --version
附录
如何彻底卸载clamav
- Centos 系统卸载 clamav
systemctl stop clamav-freshclam.service 2> /dev/null
rpm -e clamav 2> /dev/null
userdel -r clamav 2> /dev/null
rm -f /usr/local/etc/clamd.conf
rm -f /usr/local/etc/freshclam.conf
rm -rf /usr/local/clamav
rm -rf /opt/clamav*
- Ubuntu 系统卸载 clamav
systemctl stop clamav-freshclam.service 2> /dev/null
dpkg -r clamav 2> /dev/null
userdel -r clamav 2> /dev/null
rm -f /usr/local/etc/clamd.conf
rm -f /usr/local/etc/freshclam.conf
rm -rf /usr/local/clamav
rm -rf /opt/clamav*
clamscan 的基本使用
- 常用的扫描命令
#.全盘扫描会拖慢系统的速度
clamscan -r /
#.扫描目录,比如 /home
clamscan -r /home
#.扫描目录,-i 只输出被感染的文件, --bell 扫描到病毒文件发出警报声音
clamscan -r -i --bell /home
#.扫描目录,--remove 扫描到病毒后立即删除(慎用)
clamscan -r /home --remove
#.扫描目录,--move 扫描到病毒后立即移动到/tmp目录
clamscan -r /home --move=/tmp
#.扫描目录,-l 生成扫描日志文件
clamscan -r /home -l /var/log/clamscan.log
- 配置定时任务
#.设置cron任务:每天 01:02 更新病毒库,每天 02:03 执行杀毒并保存日志
crontab -l | grep freshclam || echo "2 1 * * * freshclam --quiet" >> /var/spool/cron/`whoami`
crontab -l | grep clamscan || echo "3 2 * * * clamscan -r /home --remove -l /var/log/clamscan.log" >> /var/spool/cron/`whoami`