Linux环境中Clamav杀毒软件详细使用步骤 _Linux环境

提兵百万西湖上，立马吴山第一峰！这篇文章主要讲述Linux环境中Clamav杀毒软件详细使用步骤相关的知识，希望能为你提供帮助。
1.Clamav介绍【Linux环境中Clamav杀毒软件详细使用步骤】Clam AntiVirus 是一款 UNIX 下开源的 (GPL) 反病毒工具包，专为邮件网关上的电子邮件扫描而设计。该工具包提供了包含灵活且可伸缩的监控程序、命令行扫描程序以及用于自动更新数据库的高级工具在内的大量实用程序。该工具包的核心在于可用于各类场合的反病毒引擎共享库。
主要使用ClamAV开源杀毒引擎检测木马、病毒、恶意软件和其他恶意的威胁
2.部署Clamav杀毒软件 2.1.安装依赖软件

1.安装依赖软件 [root@192_168_81_210 ~]# yum -y install gccgcc-c++ openssl openssl-devel libcurl-devel

2.2.安装高版本的curl
clamav需要高版本的curl，因此需要进行如下操作

1.安装curl的yum源 [root@192_168_81_210 ~]# rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-1.rhel7.noarch.rpm2.搜索可用的curl版本 [root@192_168_81_210 ~]# yum --showduplicates list curl --disablerepo="*" --enablerepo="city*"3.启用yum源 [root@192_168_81_210 ~]# vim /etc/yum.repos.d/city-fan.org.repo [city-fan.org] name=city-fan.org repository for Red Hat Enterprise Linux (and clones) $releasever ($basearch) #baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$releasever enabled=1#将enable=0全部改为1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org4.安装curl [root@192_168_81_210 ~]# yum update curl --enablerepo=city-fan.org -y

2.3.安装clamav

1.创建管理用户 [root@192_168_81_210 ~]# groupadd clamav [root@192_168_81_210 ~]# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav2.编译安装clamav [root@192_168_81_210 ~]# tar xf clamav-0.102.3.tar.gz -C /usr/local/ [root@192_168_81_210 ~]# cd /usr/local/clamav-0.102.3 [root@192_168_81_210 /usr/local/clamav-0.102.3]#./configure --prefix=/usr/local/clamav & & make & & make install

2.4.配置clamav

1.创建clamav所在的日志目录和更新病毒库的目录 [root@192_168_81_210 ~]# mkdir /usr/local/clamav/logs -p [root@192_168_81_210 ~]# mkdir /usr/local/clamav/updata -p [root@192_168_81_210 ~]# touch /usr/local/clamav/logs/clamd.log [root@192_168_81_210 ~]# touch /usr/local/clamav/logs/freshclam.log2.修改目录属性 [root@192_168_81_210 ~]# chown clamav:clamav /usr/local/clamav/logs/clamd.log [root@192_168_81_210 ~]# chown clamav:clamav /usr/local/clamav/logs/freshclam.log [root@192_168_81_210 ~]# chown clamav:clamav /usr/local/clamav/updata3.准备clamav配置文件 [root@192_168_81_210 ~]# cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.conf [root@192_168_81_210 ~]# cp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf4.配置clamav [root@192_168_81_210 ~]# vim /usr/local/clamav/etc/clamd.conf #Example//注释掉这一行 #添加以下内容 LogFile /usr/local/clamav/logs/clamd.log PidFile /usr/local/clamav/updata/clamd.pid DatabaseDirectory /usr/local/clamav/updata [root@192_168_81_210 ~]# vim /usr/local/clamav/etc/freshclam.conf #Example//注释掉这一行 #添加以下内容 DatabaseDirectory /usr/local/clamav/updata UpdateLogFile /usr/local/clamav/logs/freshclam.log PidFile /usr/local/clamav/updata/freshclam.pid

3.更新病毒库

[root@192_168_81_210 ~]# /usr/local/clamav/bin/freshclam ClamAV update process started at Mon Jan 10 15:33:44 2022 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.102.3 Recommended version: 0.103.4 DONT PANIC! Read https://www.clamav.net/documents/upgrading-clamav daily database available for download (remote version: 26417) Time: 50.0s, ETA: 0.0s [=============================> ] 54.84MiB/54.84MiB Testing database: /usr/local/clamav/updata/tmp.2d3e0/clamav-916efc430b8ed2604cfb6a9ee168689c.tmp-daily.cvd ... Database test passed. daily.cvd updated (version: 26417, sigs: 1970392, f-level: 90, builder: raynman) main database available for download (remote version: 62) Time: 114.0s, ETA: 0.0s [=============================> ] 162.58MiB/162.58MiB Testing database: /usr/local/clamav/updata/tmp.2d3e0/clamav-7749b161578776d0ca3d108dd9b52726.tmp-main.cvd ... Database test passed. main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for download (remote version: 333) Time: 4.4s, ETA: 0.0s [=============================> ] 286.79KiB/286.79KiB Testing database: /usr/local/clamav/updata/tmp.2d3e0/clamav-f0f2f2da0b8333a43dbc70bcb905c513.tmp-bytecode.cvd ... Database test passed. bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)

4.Clamav常用命令参数

/usr/local/clamav/bin/clamscan--查杀当前目录下的文件 /usr/local/clamav/bin/clamscan -r--查杀当前目录的所有文件及目录 /usr/local/clamav/bin/clamscan dir--查杀dir目录 /usr/local/clamav/bin/clamscan -r dir --查杀目录dir下的所有文件及目录clamscan -r -i /home--remove-l /var/log/clamscan.log#递归扫描home目录，将病毒文件删除，并且记录日志，将有问题的文件都会进行记录 clamscan -r -i /home--move=/opt/infected-l /var/log/clamscan.log#扫描指定目录，然后将感染文件移动到指定目录，并记录日志

5.杀毒扫描报告说明

----------- SCAN SUMMARY ----------- Known viruses: 9141451#已知病毒 Engine version: 0.102.4#软件版本 Scanned directories: 498#扫描目录 Scanned files: 738#扫描文件 Infected files: 4#感染文件!!! Data scanned: 530.25 MB#扫描数据 Data read: 14131.60 MB (ratio 0.04:1)#数据读取 Time: 203.805 sec (3 m 23 s)#扫描用时

文章图片

7.8.病毒文件扫描结果
会在日志中记录一个FOUND字样，并且会将病毒文件删除。

文章图片

6.设置定时任务

##每天凌晨11点进行文件扫描 crontab -e 0 23 * * * root/usr/local/bin/clamscan.sh ##配置扫描文件 vim /usr/local/clamscan.sh clamscan -r -i /home--move=/opt/infected-l /var/log/clamscan.log