操作步骤
1. 安装zlib包
yum install zlib zlib-devel openssl openssl-devel -y
2. 下载并安装clamav源码包
到官网上(http://www.clamav.net/downloads)下载源码包(本文以clamav-0.99.2.tar.gz为例),解压到 /usr/local 目录下,并且重名为 clamav。
mkdir /usr/local/clamav
注:如果没有创建clamav,之后无法编译
useradd clamav -s /sbin/nologin -M
id clamav
grep clamav /etc/passwd
wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz
tar xf clamav-0.99.2.tar.gz
cd clamav-0.99.2
./configure --prefix=/usr/local/clamav
注:如果这一步没有加参数 --prefix ,默认配置文件会安装到 /usr/local/etc 目录下
make && make install (此处安装特别耗费时间)
3. 修改配置文件
先创建日志目录和病毒库目录
mkdir /usr/local/clamav/logs (日志存放目录)
mkdir /usr/local/clamav/updata (clanav 病毒库目录)
修改配置文件
vim /usr/local/clamav/etc/clamd.conf
# Example 注释掉这一行. 第8 行
LogFile/usr/local/clamav/logs/clamd.log 删掉前面的注释目录改为logs下面 第14行
PidFile /usr/local/clamav/updata/clamd.pid 删掉前面的注释路径改一下 第57行
DatabaseDirectory/usr/local/clamav/updata 同上 第65行
4.下面创建日志文件
touch /usr/local/clamav/logs/freshclam.log
chown clamav:clamav /usr/local/clamav/logs/freshclam.log
touch /usr/local/clamav/logs/clamd.log
chown clamav:clamav /usr/local/clamav/logs/clamd.log
chown clamav:clamav /usr/local/clamav/updata
/usr/local/clamav/bin/freshclam (升级病毒库) 请确保服务器可以访问外网
/usr/local/clamav/bin/clamscan --remove (查杀当前目录并删除感染的文件)
实际生产环境应用
一般使用计划任务,让服务器每天晚上定时跟新和定时杀毒。保存杀毒日志,我的crontab文件如下
1 3 * * * /usr/local/clamav/bin/freshclam
20 3 * * * /usr/local/clamav/bin/clamscan -r/home --remove -l /var/log/clamscan.log
5.常见问题
问题一:启动clamav失败,报错需要修改/usr/local/etc/clamd.conf 和/usr/local/etc/freshclam.conf 。
解决办法:原因可能是在运行 ./configure 的时候没有加参数 --prefix=/usr/local/clamav 来指定安装路径,导致默认安装到/usr/local/etc路径中。
问题二:比如如下示例表明对cron目录下的文件进行扫描,提示失败,解决办法
[root@localhost data]# clamscan -r cron
LibClamAV Error: cl_load(): No such file or directory: /usr/local/clamav/share/clamav
ERROR: Can't get file status
----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.001 sec (0 m 0 s)
解决办法:
1.安装epel源
yum install epel-release
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
6.演示:
[root@reserve sync]# clamscan -r drcron_cpv
LibClamAV Warning:**************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning:**************************************************
drcron_cpv/ptask/countjs_syc.php: OK
drcron_cpv/ptask/countjs_syc_del-2017-7-24.php: OK
drcron_cpv/ptask/countjs_syc_defile.php: OK
drcron_cpv/ptask/defile.php: OK
drcron_cpv/ptask/defile-2017-7-24-1.php: OK
drcron_cpv/ptask/countjs_syc_browser-b.php: OK
drcron_cpv/ptask/countjs_syc_plan_h.php: OK
drcron_cpv/ptask/countjs_syc_plan.php: OK
drcron_cpv/ptask/countjs_img.php: OK
drcron_cpv/ptask/countjs_syc_site.php: OK
drcron_cpv/ptask/countjs_syc_del.php: OK
drcron_cpv/ptask/countjs_syc_site_h.php: OK
drcron_cpv/ptask/setcache.php: OK
drcron_cpv/ptask/countjs_browser.php: OK
drcron_cpv/ptask/setcache-2017-7-21.php: OK
drcron_cpv/ptask/setcity.php: OK
drcron_cpv/ptask/countjs_syc_img.php: OK
drcron_cpv/chksh/check_syc_site.sh: OK
----------- SCAN SUMMARY -----------
Known viruses: 4490129
Engine version: 0.99.2
Scanned directories: 3
Scanned files: 18
Infected files: 0
Data scanned: 0.05 MB
Data read: 0.03 MB (ratio 1.71:1)
Time: 14.412 sec (0 m 14 s)
[root@reserve sync]#
参考资料:http://linuxguest.blog.51cto.com/195664/199632/
http://www.linuxidc.com/Linux/2017-03/141437.htm
http://blog.csdn.net/liumiaocn/article/details/76577867
http://www.cnblogs.com/reblue520/p/6555908.html