实验:Linux下的防毒软件ClamAV

椰子ya Linux 2020-08-15

Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件,软件与病毒码的更新皆由社群免费发布。目前ClamAV主要是使用在由Linux、FreeBSD等Unix-like系统架设的邮件服务器上,提供电子邮件的病毒扫描服务。ClamAV本身是在文字接口下运作,但也有许多图形接口的前端工具可用,另外由于其开放源代码的特性,在Windows与Mac OS X平台都有其移植版。
----摘自百度百科

wget http://www.clamav.net/downloads/production/clamav-0.102.4.tar.gz
tar -zxvf clamav-0.102.4.tar.gz

1、安装依赖包

yum -y install gcc-c++ pcre-devel zlib-devel openssl-devel llvm-devel libxml2 libxml2-devel libcurl-devel

2、编译安装

cd clamav-0.102.4/
[root@liukai clamav-0.102.4]# ls
aclocal.m4           clamdtop        COPYING.LGPL   examples            m4
ChangeLog.md         clamonacc       COPYING.llvm   freshclam           Makefile.am
clamav-config.h.in   clamscan        COPYING.lzma   fuzz                Makefile.in
clamav-config.in     clamsubmit      COPYING.pcre   INSTALL.md          NEWS.md
clamav-milter        config          COPYING.regex  libclamav           platform.h.in
clamav-types.h.in    configure       COPYING.unrar  libclamav.pc.in     README.md
clamav-version.h.in  configure.ac    COPYING.YARA   libclammspack       shared
clambc               COPYING         COPYING.zlib   libclamunrar        sigtool
clamconf             COPYING.bzip2   database       libclamunrar_iface  test
clamd                COPYING.file    docs           libfreshclam        unit_tests
clamdscan            COPYING.getopt  etc            libltdl             win32

./configure --prefix=/usr/local/clamav
make && make install

3、添加用户和用户组,并修改配置文件

groupadd clamav   (创建clamav组)
useradd -g clamav clamav(创建clamav用户并加入clamav组)

4、编辑配置文件

mkdir /usr/local/clamav/logs      #(日志存放目录)
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
mkdir /usr/local/clamav/updata   #(clanav 病毒库目录)
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/updata/
  
chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log

cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf

vim clamd.conf
#Example    注释掉这一行.
LogFile /usr/local/clamav/logs/clamd.log    
PidFile /usr/local/clamav/updata/clamd.pid     
DatabaseDirectory /usr/local/clamav/updata

vim freshclam.conf
#Example    注释掉这一行.  
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid

5、升级病毒库

/usr/local/clamav/bin/freshclam

常用方法

/usr/local/clamav/bin/clamscan -r --bell -i ${路径}   ## 扫描病毒
例如:
./bin/clamscan -r --bell -i /home/

----------- SCAN SUMMARY -----------
Known viruses: 6526435       ## 病毒库
Engine version: 0.100.0      ## 引擎版本
Scanned directories: 2       ## 扫描的目录
Scanned files: 3             ## 扫描的文件
Infected files: 0            ## 感染的文件数
Data scanned: 0.00 MB        ## 扫描文件的大小
Data read: 0.00 MB (ratio 0.00:1)
Time: 20.303 sec (0 m 20 s)  ## 扫描花费的时间

## 扫描并清除
clamscan -r –remove ${路径}

## 扫描并移动病毒和感染文件到指定目录
clamscan -r --move=/home/bill/my_virus_collection ${路径}

#### clamscan -h 查看帮助
服务器
PREV
实验:John the Ripper源码编译安装
NEXT
华为防火墙USG6307E配置