Linux病毒扫描工具ClamAV(Clam AntiVirus)安装使用
| 阿里云国内75折 回扣 微信号:monov8 |
| 阿里云国际,腾讯云国际,低至75折。AWS 93折 免费开户实名账号 代冲值 优惠多多 微信号:monov8 飞机:@monov6 |
目录
三、配置SELinux(注如果服务器已经禁用selinux可跳过这步)
简介
Clam AntiVirusClamAVNet是Linux平台上的开源病毒扫描程序主要应用于邮件服务器采用多线程后台操作可以自动升级病毒库。
104开始后面的版本不再提供configure文件建意使用rpm包安装或YUM安装
注Centos6使用RPM包安装需要glibc-2.17 。
Yum安装
一、安装epel软件源
# 安装
yum install -y epel-release
# 缓存
yum clean all && yum makecache 二、安装clamav程序
yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
三、配置SELinux(注如果服务器已经禁用selinux可跳过这步)
配置ClamAV权限
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1
查看设置结果
[root@Centos7 ~]# getsebool -a | grep antivirus
antivirus_can_scan_system --> on
antivirus_use_jit --> on
四、配置ClamAV
Centos7:
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/clamd.d/scan.conf
sed -i "/#User clamscan/a\User\ root" /etc/clamd.d/scan.conf
sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" /etc/freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" /etc/freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" /etc/freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
Centos6:
sed -i -e "s/^Example/#Example/" /etc/clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/clamd.conf
sed -i "/#User clamscan/a\User\ root" /etc/clamd.conf
sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" /etc/freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" /etc/freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" /etc/freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.mynetwork.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
#127.0.0.1换成病毒库服务器IP五、更新病毒库
[root@Centos7 ~]# freshclam
ClamAV update process started at Thu May 12 16:46:43 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.5 Recommended version: 0.103.6
DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
daily database available for update (local version: 26538, remote version: 26539)
Current database is 1 version behind.
Downloading database patch # 26539...
Time: 0.9s, ETA: 0.0s [========================>] 2.58KiB/2.58KiB
Testing database: '/var/lib/clamav/tmp.e5f8f0bc41/clamav-ada8b1afd9011a46f4ee45b0799cf5e1.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 26539, sigs: 1984354, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
病毒库保存位置
/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd
六、启动Clamd服务
systemctl start clamd@scan
systemctl enable clamd@scan七、扫描病毒
clamscan 可用以扫描文件, 用户目录亦或是整个系统
##扫描文件
clamscan targetfile
##递归扫描home目录并且记录日志
clamscan -r -i /home -l /var/log/clamav.log
##递归扫描home目录将病毒文件删除并且记录日志
clamscan -r -i /home --remove -l /var/log/clamav.log
##扫描指定目录然后将感染文件移动到指定目录并记录日志
clamscan -r -i /home --move=/tmp/clamav -l /var/log/clamav.log
##查看相应的帮助信息
clamscan -h
##扫描计算机上的所有文件并且显示所有的文件的扫描结果
clamscan -r /
##扫描计算机上的所有文件并且显示有问题的文件的扫描结果
clamscan -r --bell -i /·
##扫描所有用户的主目录
clamscan -r /home 扫描所有用户的主目录八、说明:
-r -i递归扫描目录-l指定记录日志文件--remove删除病毒文件--move移动病毒到指定目录
1.重点扫描目录
clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log
clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log
clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log
clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log
2.扫描报告说明
[root@Centos7 ~]# clamscan /log
/log/mariadb.log: OK
----------- SCAN SUMMARY -----------
Known viruses: 8616415 #已知病毒
Engine version: 0.103.5 #软件版本
Scanned directories: 1 #扫描目录
Scanned files: 1 #扫描文件
Infected files: 0 #感染文件!!!
Data scanned: 0.01 MB #扫描数据
Data read: 0.00 MB (ratio 2.00:1) #数据读取
Time: 27.221 sec (0 m 27 s) #扫描用时
Start Date: 2022:05:12 10:27:33 #扫描开始
End Date: 2022:05:12 10:28:00 #扫塔结束
3.查看病毒文件
cat /var/log/clamav-bin.log | grep "FOUND" RPM安装方法
一、配置用户
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav二、安装RPM包
[root@centos7 ~]# rpm -ivh clamav-0.105.0.linux.x86_64.rpm
Preparing... ################################# [100%]
package clamav-0.105.0-1.x86_64 is already installed
[root@centos7 ~]# cd /usr/local/bin/
[root@centos7 bin]# ll /usr/local/bin/
total 3872
-rwxr-xr-x 1 root root 1024 May 3 00:49 clamav-config
-rwxr-xr-x 1 root root 105656 May 3 00:52 clambc
-rwxr-xr-x 1 root root 105216 May 3 00:52 clamconf
-rwxr-xr-x 1 root root 121696 May 3 00:52 clamdscan
-rwxr-xr-x 1 root root 331984 May 3 00:52 clamdtop
-rwxr-xr-x 1 root root 134184 May 3 00:52 clamscan
-rwxr-xr-x 1 root root 1760656 May 3 00:52 clamsubmit
-rwxr-xr-x 1 root root 52080 May 3 00:52 freshclam
-rwxr-xr-x 1 root root 1338728 May 3 00:52 sigtool三、配置ClamAV
cd /usr/local/etc/
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
sed -i -e "s/^Example/#Example/" clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" clamd.conf
sed -i -e "s/^Example/#Example/" freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
#127.0.0.1换成自己的病毒库服务器四、下载更新病毒库
[root@centos7 bin]# ./freshclam
Creating missing database directory: /var/lib/clamav
Assigned ownership of database directory to user "root".
ClamAV update process started at Thu May 12 16:59:29 2022
daily database available for download (remote version: 26539)
Time: 52.1s, ETA: 0.0s [========================>] 55.93MiB/55.93MiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-add1274594c0ed97fd32eb9fc7ea1d09.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26539, sigs: 1984354, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time: 2m 32s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-92a2b56c4e7163088ab9da5fd9fdbcdb.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time: 1.3s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-87a700069267480d54c6c1b6c4244472.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)五、问题解决
Centos6安装后运行会提示缺少Glibc_2.14和2.17
/usr/local/bin/clamscan: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /usr/local/bin/clamscan)
/usr/local/bin/clamscan: /lib64/libc.so.6: version `GLIBC_2.17' not found (required by /usr/local/bin/clamscan)安装glibc
wget https://ftp.gnu.org/gnu/glibc/glibc-2.17.tar.gz
tar -zxvf glibc-2.17.tar.gz
cd glibc-2.17
mkdir -p build
cd build/
../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin
make
make install
export LD_PRELOAD=/lib64/libc-2.17.so #一定要执行不然系统要坏要坏要坏。
rm -f /lib64/libc.so.6
ln -s /lib64/libc-2.17.so /lib64/libc.so.6验证
[root@centos6 ~]# strings /lib64/libc.so.6 |grep GLIBC
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_2.13
GLIBC_2.14
GLIBC_2.15
GLIBC_2.16
GLIBC_2.17
GLIBC_PRIVATE
ClamAV 软件包可能与上游版本有所不同。一些例子
数据库和应用程序配置路径可能会有所不同
默认的源代码安装将进入/usr/local其中
applications in /usr/local/bin
daemons in /usr/local/sbin
libraries in /usr/local/lib
headers in /usr/local/include
configs in /usr/local/etc/
databases in /usr/local/share/clamav/
Linux 软件包安装可能会进入/usr其中
applications in /usr/bin
daemons in /usr/sbin
libraries in /usr/lib
headers in /usr/include
configs in /etc/clamav
databases in /var/lib/clamavPACKAGES 安装方法
104开始后面的版本不再提供configure文件建意使用rpm包安装
1、创建用户和组
groupadd clamav && useradd -g clamav clamav && id clamav #创建clamav运行用户和组2、安装依赖环境
yum -y install gcc gcc-c++ openssl-devel libcurl-devel #安装clamav的依赖包3、编译安装
tar -zxvf clamav-0.103.3.tar.gz #接着解压包
cd clamav-0.103.3
./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
make && make install4、配置ClamAV
cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
sed -i -e "s/^Example/#Example/" clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" clamd.conf
sed -i -e "s/^Example/#Example/" freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/" freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/" freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root" freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf
#127.0.0.1换成自己的病毒库服务器5、启动ClamAV
chown -R clamav.clamav /usr/local/clamav/
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service
systemctl status clamav-freshclam.service
6、更新病毒库
#先停止freshclam
systemctl stop clamav-freshclam.service
#再更新
/usr/local/clamav/bin/freshclam 根据网络质量确定更新时长#或者
cd /var/lib/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd#更新完成启动
systemctl start clamav-freshclam.service
systemctl status clamav-freshclam.service7、创建软链接
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
#说明如果在手动更新病毒库的时候遇到错误此时就要删除掉旧的镜像地址文件
#rm -f /var/lib/clamav/mirrors.dat再手动更新一次病毒库。8、扫描病毒
clamscan /
扫描参数
-r/--recursive[=yes/no] #所有文件
--log=FILE/-l FILE #增加扫描报告
--move [路径] #移动病毒文件至..
--remove [路径] #删除病毒文件
--quiet #只输出错误消息
--infected/-i #只输出感染文件
--suppress-ok-results/-o #跳过扫描OK的文件
--bell #扫描到病毒文件发出警报声音
--unzip(unrar) #解压压缩文件扫描9、定时扫描
#让服务器每天晚上定时更新和杀毒保存杀毒日志crontab文件如下
1 3 * * * /usr/local/clamav/bin/freshclam --quiet
20 3 * * * /usr/local/clamav/bin/clamscan -r /home --remove -l /var/log/clamscan.log内网更新方法
1、配置freshclam
vim freshclam.conf
#PrivateMirror mirror1.example.com #取消注释并修改为自己的服务器址地,如:127.0.0.1
2、搭建病毒库服务器
搭建一个http服务器即可此处略
下载病毒库文件到本地HTTP服务器
http://database.clamav.net/main.cvd
http://database.clamav.net/daily.cvd
http://database.clamav.net/bytecode.cvd
或从其他服务器复制此三个文件到HTTP服务器
注freshclam自动更新时可能 daily.cvd 名称为 daily.cld