操作步骤

1. 安装zlib

 yum install zlib zlib-devel  openssl openssl-devel -y

2. 下载并安装clamav源码包

到官网上(http://www.clamav.net/downloads)下载源码包(本文以clamav-0.99.2.tar.gz为例),解压到 /usr/local 目录下,并且重名为 clamav

 

mkdir /usr/local/clamav

注:如果没有创建clamav,之后无法编译

useradd clamav -s /sbin/nologin -M

id clamav

grep clamav /etc/passwd

wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz

tar xf clamav-0.99.2.tar.gz

cd clamav-0.99.2

./configure --prefix=/usr/local/clamav

注:如果这一步没有加参数 --prefix ,默认配置文件会安装到 /usr/local/etc 目录下

make && make install  (此处安装特别耗费时间)

 

3. 修改配置文件

先创建日志目录和病毒库目录

mkdir /usr/local/clamav/logs    (日志存放目录)

mkdir /usr/local/clamav/updata    (clanav 病毒库目录)

修改配置文件

vim /usr/local/clamav/etc/clamd.conf

 

# Example                                  注释掉这一行8

LogFile/usr/local/clamav/logs/clamd.log        删掉前面的注释目录改为logs下面  14

PidFile /usr/local/clamav/updata/clamd.pid      删掉前面的注释路径改一下      57

DatabaseDirectory/usr/local/clamav/updata      同上                        65

 

4.下面创建日志文件

touch /usr/local/clamav/logs/freshclam.log

chown clamav:clamav /usr/local/clamav/logs/freshclam.log

touch /usr/local/clamav/logs/clamd.log

chown clamav:clamav /usr/local/clamav/logs/clamd.log

chown clamav:clamav /usr/local/clamav/updata

 

 

/usr/local/clamav/bin/freshclam        (升级病毒库请确保服务器可以访问外网

/usr/local/clamav/bin/clamscan --remove (查杀当前目录并删除感染的文件)

 

实际生产环境应用

一般使用计划任务,让服务器每天晚上定时跟新和定时杀毒。保存杀毒日志,我的crontab文件如下

1 3  * * *          /usr/local/clamav/bin/freshclam

20 3 * * *         /usr/local/clamav/bin/clamscan  -r/home  --remove -l /var/log/clamscan.log

 

 

5.常见问题

问题一:启动clamav失败,报错需要修改/usr/local/etc/clamd.conf /usr/local/etc/freshclam.conf

解决办法:原因可能是在运行 ./configure 的时候没有加参数 --prefix=/usr/local/clamav 来指定安装路径,导致默认安装到/usr/local/etc路径中。

 问题二:比如如下示例表明对cron目录下的文件进行扫描,提示失败,解决办法

[root@localhost data]# clamscan -r cron

LibClamAV Error: cl_load(): No such file or directory: /usr/local/clamav/share/clamav

ERROR: Can't get file status


----------- SCAN SUMMARY -----------

Known viruses: 0

Engine version: 0.99.2

Scanned directories: 0

Scanned files: 0

Infected files: 0

Data scanned: 0.00 MB

Data read: 0.00 MB (ratio 0.00:1)

Time: 0.001 sec (0 m 0 s)

解决办法:

1.安装epel源

yum install epel-release

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

6.演示:

[root@reserve sync]# clamscan -r drcron_cpv

LibClamAV Warning:**************************************************

LibClamAV Warning: ***  The virus database is older than 7 days!  ***

LibClamAV Warning: ***   Please update it as soon as possible.    ***

LibClamAV Warning:**************************************************

drcron_cpv/ptask/countjs_syc.php: OK

drcron_cpv/ptask/countjs_syc_del-2017-7-24.php: OK

drcron_cpv/ptask/countjs_syc_defile.php: OK

drcron_cpv/ptask/defile.php: OK

drcron_cpv/ptask/defile-2017-7-24-1.php: OK

drcron_cpv/ptask/countjs_syc_browser-b.php: OK

drcron_cpv/ptask/countjs_syc_plan_h.php: OK

drcron_cpv/ptask/countjs_syc_plan.php: OK

drcron_cpv/ptask/countjs_img.php: OK

drcron_cpv/ptask/countjs_syc_site.php: OK

drcron_cpv/ptask/countjs_syc_del.php: OK

drcron_cpv/ptask/countjs_syc_site_h.php: OK

drcron_cpv/ptask/setcache.php: OK

drcron_cpv/ptask/countjs_browser.php: OK

drcron_cpv/ptask/setcache-2017-7-21.php: OK

drcron_cpv/ptask/setcity.php: OK

drcron_cpv/ptask/countjs_syc_img.php: OK

drcron_cpv/chksh/check_syc_site.sh: OK

 

----------- SCAN SUMMARY -----------

Known viruses: 4490129

Engine version: 0.99.2

Scanned directories: 3

Scanned files: 18

Infected files: 0

Data scanned: 0.05 MB

Data read: 0.03 MB (ratio 1.71:1)

Time: 14.412 sec (0 m 14 s)

[root@reserve sync]#

参考资料:http://linuxguest.blog.51cto.com/195664/199632/

http://www.linuxidc.com/Linux/2017-03/141437.htm

http://blog.csdn.net/liumiaocn/article/details/76577867

http://www.cnblogs.com/reblue520/p/6555908.html