ClamAV安装使用

1. ClamAV 简介

ClamAV 是一个开源的防病毒软件，可用于检测木马，病毒，恶意软件和其他恶意威胁。适用于 linux、MacOS 和 windows 平台。

官网网站：http://www.clamav.net/downloads

GitHub：https://github.com/Cisco-Talos/clamav

2. Linux 平台安装使用

2.1 安装包安装

2.1.1 下载安装包并执行安装

• Centos / AmazonLinux2

wget Http://www.clamav.net/downloads/production/clamav-1.0.0.linux.x86_64.rpmrpm -ivh clamav-1.0.0.linux.x86_64.rpm

• ubuntu

wget http://www.clamav.net/downloads/production/clamav-1.0.0.linux.x86_64.debdpkg -i clamav-1.0.0.linux.x86_64.deb

2.1.2 创建用户及目录文件

# 创建用户和组groupadd clamavuseradd -g clamav -s /bin/false -c "Clam Antivirus" clamav# 创建日志存放目录和文件mkdir -p /usr/local/clamav/logstouch /usr/local/clamav/logs/clamd.logtouch /usr/local/clamav/logs/freshclam.log# 创建隔离文件存放目录mkdir -p /usr/local/clamav/infected# 创建病毒库文件存放目录mkdir -p /usr/local/clamav/update# 修改目录权限chown -R clamav.clamav /usr/local/clamav/

2.1.3 修改配置文件

# 复制配置文件cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.confcp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf# 注释掉Example行sed -i 's/Example/#Example/g' /usr/local/etc/clamd.conf# 文末追加配置echo -e 'LogFile /usr/local/clamav/logs/clamd.logPidFile /usr/local/clamav/update/clamd.pid  DatabaseDirectory /usr/local/clamav/update' >> /usr/local/etc/clamd.conf# 注释掉Example行sed -i 's/Example/#Example/g' /usr/local/etc/freshclam.conf# 文末追加配置echo -e 'DatabaseDirectory /usr/local/clamav/updateUpdateLogFile /usr/local/clamav/logs/freshclam.logPidFile /usr/local/clamav/update/freshclam.pid' >> /usr/local/etc/freshclam.conf

2.2 源码编译安装

2.2.1 安装基础组件和依赖包

• CentOS / AmazonLinux2

# 安装基础组件yum install -y GCc gcc-c++ make python3 python3-pip valgrind git# 安装依赖包yum install -y bzip2-devel check-devel libcurl-devel libxml2-devel ncurses-devel openssl-devel pcre2-devel sendmail-devel zlib-devel

• Ubuntu

# 安装基础组件apt-get install -y gcc make pkg-config Python3 python3-pip python3-pytest valgrind git# 安装依赖包apt-get install -y check libbz2-dev libcurl4-openssl-dev libmilter-dev libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev

2.2.2 安装 cmake

依赖版本：3.14+

# pip安装cmakepython3 -m pip install --upgrade pip setuptools wheel scikit-buildpython3 -m pip install cmake pytest# 查看cmake版本cmake --version

2.2.3 安装 rust

依赖版本：1.56+

# 安装rustcurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shsource "$HOME/.carGo/env"# 查看rust版本rustc --version

2.2.4 安装 JSON-c

# clone json-c源码git clone https://github.com/json-c/json-c.gitmkdir json-c-build && cd json-c-buildcmake ../json-cmake && make install# 查看json-c库ldconfig -v |grep jsoncd ~

2.2.5 创建用户及目录文件

# 创建用户和组groupadd clamavuseradd -g clamav -s /bin/false -c "Clam Antivirus" clamav# 创建日志存放目录和文件mkdir -p /usr/local/clamav/logstouch /usr/local/clamav/logs/clamd.logtouch /usr/local/clamav/logs/freshclam.log# 创建隔离文件存放目录mkdir -p /usr/local/clamav/infected# 创建病毒库文件存放目录mkdir -p /usr/local/clamav/update# 修改目录权限chown -R clamav.clamav /usr/local/clamav/

2.2.6 下载源码并解压

wget http://www.clamav.net/downloads/production/clamav-1.0.0.tar.gztar -zxf clamav-1.0.0.tar.gz

2.2.7 编译安装

cd clamav-1.0.0/mkdir build && cd buildcmake .. \    -D CMAKE_INSTALL_PREFIX=/usr \    -D CMAKE_INSTALL_LIBDIR=/usr/lib64 \    -D APP_CONFIG_DIRECTORY=/etc/clamav \    -D DATABASE_DIRECTORY=/var/lib/clamav \    -D ENABLE_JSON_SHARED=OFFcmake --build .cmake --build . --target install# 查看版本clamscan --versioncd ~

2.2.8 修改配置文件

# 复制配置文件cp /etc/clamav/clamd.conf.sample /etc/clamav/clamd.confcp /etc/clamav/freshclam.conf.sample /etc/clamav/freshclam.conf# 注释掉Example行sed -i 's/Example/#Example/g' /etc/clamav/clamd.conf# 文末追加配置echo -e 'LogFile /usr/local/clamav/logs/clamd.logPidFile /usr/local/clamav/update/clamd.pid  DatabaseDirectory /usr/local/clamav/update' >> /etc/clamav/clamd.conf# 注释掉Example行sed -i 's/Example/#Example/g' /etc/clamav/freshclam.conf# 文末追加配置echo -e 'DatabaseDirectory /usr/local/clamav/updateUpdateLogFile /usr/local/clamav/logs/freshclam.logPidFile /usr/local/clamav/update/freshclam.pid' >> /etc/clamav/freshclam.conf

2.3 基本使用命令

2.3.1 更新病毒库

# 手动执行更新freshclam# 显示当前病毒库的版本freshclam -V

2.3.2 执行病毒查杀

# 指定目录查杀并将结果输出到文件clamscan -vri /root/ --move=/usr/local/clamav/infected -l /usr/local/clamav/logs/clamscan-20221214.log

扫描结果示例：

...Scanning /root/result.txtScanning /root/iplist.txtScanning /root/.ssh/known_hostsScanning /root/clamav-1.0.0.linux.x86_64.rpmScanning /root/clamav-1.0.0.linux.x86_64.deb----------- SCAN SUMMARY -----------Known viruses: 8645665Engine version: 1.0.0Scanned directories: 70Scanned files: 167Infected files: 0Data scanned: 184.38 MBData read: 108.87 MB (ratio 1.69:1)Time: 211.784 sec (3 m 31 s)Start Date: 2022:12:14 16:39:07End Date:   2022:12:14 16:42:39

2.3.3 定时更新和查杀

# 导出当前crontab到临时文件crontab.confcrontab -l > crontab.conf# 向临时文件追加计划任务echo -ne '0 1 * * *  /usr/local/bin/freshclam --quiet0 2 * * *  /usr/local/bin/clamscan -vri /root/ --move=/usr/local/clamav/infected -l /usr/local/clamav/logs/clamscan-$(date +\%Y\%m\%d).log' >> crontab.conf# 引用文件导入crontabcrontab crontab.conf# 重启crond服务systemctl restart crond.service# 删除临时文件rm -f crontab.conf

来源地址：https://blog.csdn.net/zhongxj183/article/details/128346651