1.ClamAV杀毒软件的安装

2.病毒库更新

2.1关闭自动更新

2.2下载病毒库

2.3更新病毒库

3.启动服务

4.查杀病毒

5.计划任务

1.ClamAV杀毒软件的安装

[root@zabbix-agent ~]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

[root@zabbix-agent ~]# yum -y install epel-release

Installed:

 epel-release.noarch 0:7-9                                                                                                    

Complete!

[root@zabbix-agent ~]# yum clean all

[root@zabbix-agent ~]# yum makecache

[root@zabbix-agent ~]# yum repolist

repo id                                      repo name                                                                   status

base/7/x86_64                                CentOS-7 - Base                                                              9,591

epel/x86_64                                  Extra Packages for Enterprise Linux 7 - x86_64                              12,201

extras/7/x86_64                              CentOS-7 - Extras                                                              329

updates/7/x86_64                             CentOS-7 - Updates                                                           1,651

repolist: 23,772

[root@zabbix-agent ~]# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Installed:

 clamav.x86_64 0:0.99.2-13.el7                             clamav-data.noarch 0:0.99.2-13.el7                                

 clamav-devel.x86_64 0:0.99.2-13.el7                       clamav-filesystem.noarch 0:0.99.2-13.el7                          

 clamav-lib.x86_64 0:0.99.2-13.el7                         clamav-scanner-systemd.noarch 0:0.99.2-13.el7                    

 clamav-server.x86_64 0:0.99.2-13.el7                      clamav-server-systemd.noarch 0:0.99.2-13.el7                      

 clamav-update.x86_64 0:0.99.2-13.el7                    

Dependency Installed:

 clamav-scanner.noarch 0:0.99.2-13.el7     keyutils-libs-devel.x86_64 0:1.5.8-3.el7   krb5-devel.x86_64 0:1.15.1-8.el7      

 libcom_err-devel.x86_64 0:1.42.9-10.el7   libkadm5.x86_64 0:1.15.1-8.el7             libselinux-devel.x86_64 0:2.5-11.el7  

 libsepol-devel.x86_64 0:2.5-6.el7         libtool-ltdl.x86_64 0:2.4.2-22.el7_3       libverto-devel.x86_64 0:0.2.5-4.el7  

 nmap-ncat.x86_64 2:6.40-7.el7             openssl-devel.x86_64 1:1.0.2k-8.el7        pcre-devel.x86_64 0:8.32-17.el7      

 zlib-devel.x86_64 0:1.2.7-17.el7        

Updated:

 dracut.x86_64 0:033-502.el7_4.1                                systemd.x86_64 0:219-42.el7_4.4                              

Dependency Updated:

 dracut-config-rescue.x86_64 0:033-502.el7_4.1 dracut-network.x86_64 0:033-502.el7_4.1 e2fsprogs.x86_64 0:1.42.9-10.el7    

 e2fsprogs-libs.x86_64 0:1.42.9-10.el7         krb5-libs.x86_64 0:1.15.1-8.el7         libcom_err.x86_64 0:1.42.9-10.el7    

 libgudev1.x86_64 0:219-42.el7_4.4             libselinux.x86_64 0:2.5-11.el7          libselinux-python.x86_64 0:2.5-11.el7

 libselinux-utils.x86_64 0:2.5-11.el7          libsepol.x86_64 0:2.5-6.el7             libss.x86_64 0:1.42.9-10.el7        

 openssl.x86_64 1:1.0.2k-8.el7                 openssl-libs.x86_64 1:1.0.2k-8.el7      pcre.x86_64 0:8.32-17.el7            

 systemd-libs.x86_64 0:219-42.el7_4.4          systemd-sysv.x86_64 0:219-42.el7_4.4    zlib.x86_64 0:1.2.7-17.el7          

Complete!

在两个配置文件/etc/freshclam.conf和/etc/clamd.d/scan.conf中移除“Example”字符

[root@zabbix-agent ~]# cp /etc/freshclam.conf /etc/freshclam.conf.bak

[root@zabbix-agent ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

[root@zabbix-agent ~]# cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.bak

[root@zabbix-agent ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

[root@zabbix-agent ~]# vim /etc/clamd.d/scan.conf

LocalSocket /var/run/clamd.scan/clamd.sock

2.病毒库更新

2.1关闭自动更新

freshclam命令通过文件/etc/cron.d/clamav-update来自动运行,该文件的内容

[root@zabbix-agent ~]# vim /etc/cron.d/clamav-update

## Adjust this line...

MAILTO=root

## It is ok to execute it as root; freshclam drops privileges and becomes

## user 'clamupdate' as soon as possible

0  */3 * * * root /usr/share/clamav/freshclam-sleep

但默认情况下是禁止了自动更新功能,需要移除文件/etc/sysconfig/freshclam最后一行的配置才能启用

[root@zabbix-agent ~]# vim /etc/sysconfig/freshclam

# FRESHCLAM_DELAY=

定义服务器类型(本地或者TCP),在这里定义为使用本地socket,将文件/etc/clam.d/scan.conf中的这一行前面的注释符号去掉:

[root@zabbix-agent ~]# vim /etc/clamd.d/scan.conf

#LocalSocket /var/run/clamd.scan/clamd.sock

2.2下载病毒库

https://www.clamav.net/downloads

将main.cvd\daily.cvd\bytecode.cvd三个文件下载后上传到/var/lib/clamav目录下

[root@zabbix-agent clamav]# pwd

/var/lib/clamav

[root@zabbix-agent clamav]# ll

total 113136

-rw-r--r-- 1 clamupdate clamupdate     76781 Jun 13  2016 bytecode.cvd

-rw-r--r-- 1 clamupdate clamupdate   6626001 Jun 13  2016 daily.cvd

-rw-r--r-- 1 clamupdate clamupdate 109143933 Jun 13  2016 main.cvd

将原有病毒库文件删除,更新为下载最新版本。

[root@zabbix-agent clamav]# ll

total 158088

-rw-r--r-- 1 root root    153228 Jan 12 21:56 bytecode.cvd

-rw-r--r-- 1 root root  43830800 Jan 12 21:57 daily.cvd

-rw-r--r-- 1 root root 117892267 Jan 12 21:57 main.cvd

[root@zabbix-agent clamav]# vim /etc/freshclam.conf

DatabaseDirectory /var/lib/clamav    将注释#号去掉

[root@zabbix-agent clamav]# systemctl enable [email protected]

[root@zabbix-agent system]# ln -s '/usr/lib/systemd/system/[email protected]' '/etc/systemd/system/multi-user.target.wants/[email protected]'

2.3更新病毒库

建立clam-freshclam.service服务

[root@zabbix-agent ~]# vim /usr/lib/systemd/system/clam-freshclam.service

# Run the freshclam as daemon 

[Unit] 

Description = freshclam scanner 

After = network.target 

[Service] 

Type = forking 

ExecStart = /usr/bin/freshclam -d -c 4 

Restart = on-failure 

PrivateTmp = true 

[Install] 

WantedBy=multi-user.target

[root@zabbix-agent ~]# systemctl start clam-freshclam.service

[root@zabbix-agent ~]# systemctl status clam-freshclam.service

● clam-freshclam.service - freshclam scanner

  Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; disabled; vendor preset: disabled)

  Active: active (running) since Fri 2018-01-12 22:34:43 CST; 8s ago

 Process: 2533 ExecStart=/usr/bin/freshclam -d -c 4 (code=exited, status=0/SUCCESS)

Main PID: 2534 (freshclam)

  CGroup: /system.slice/clam-freshclam.service

          └─2534 /usr/bin/freshclam -d -c 4

Jan 12 22:34:43 zabbix-agent systemd[1]: Starting freshclam scanner...

Jan 12 22:34:43 zabbix-agent systemd[1]: Started freshclam scanner.

Jan 12 22:34:43 zabbix-agent freshclam[2534]: freshclam daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Jan 12 22:34:43 zabbix-agent freshclam[2534]: ClamAV update process started at Fri Jan 12 22:34:43 2018

Jan 12 22:34:43 zabbix-agent freshclam[2534]: main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

Jan 12 22:34:44 zabbix-agent freshclam[2534]: Downloading daily-24213.cdiff [100%]

Jan 12 22:34:44 zabbix-agent freshclam[2534]: Downloading daily-24214.cdiff [100%]

Jan 12 22:34:46 zabbix-agent freshclam[2534]: Downloading daily-24215.cdiff [100%]

Jan 12 22:34:49 zabbix-agent freshclam[2534]: daily.cld updated (version: 24215, sigs: 1823104, f-level: 63, builder: neo)

Jan 12 22:34:50 zabbix-agent freshclam[2534]: bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)

Hint: Some lines were ellipsized, use -l to show in full.

[root@zabbix-agent ~]# freshclam

ClamAV update process started at Fri Jan 12 22:37:24 2018

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

daily.cld is up to date (version: 24215, sigs: 1823104, f-level: 63, builder: neo)

bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)

[root@zabbix-agent ~]# systemctl enable clam-freshclam.service

Created symlink from /etc/systemd/system/multi-user.target.wants/clam-freshclam.service to /usr/lib/systemd/system/clam-freshclam.service.

[root@zabbix-agent ~]#cp /usr/share/clamav/template/clamd.conf /etc/clamd.conf

[root@zabbix-agent ~]#vim /etc/clamd.conf

#Example

TCPSocket 3310

TCPAddr 127.0.0.1

[root@zabbix-agent ~]# /usr/sbin/clamd restart

[root@zabbix-agent ~]# clamdscan -V

ClamAV 0.99.2/24262/Sun Jan 28 09:21:42 2018

3.启动服务

[root@zabbix-agent ~]# systemctl start [email protected]

[root@zabbix-agent ~]# systemctl status [email protected]

[email protected] - Generic clamav scanner daemon

  Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)

  Active: active (running) since Fri 2018-01-12 22:53:43 CST; 3s ago

Main PID: 2935 (clamd)

  CGroup: /system.slice/system-clamd.slice/[email protected]

          └─2935 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes

Jan 12 22:53:43 zabbix-agent systemd[1]: Started Generic clamav scanner daemon.

Jan 12 22:53:43 zabbix-agent systemd[1]: Starting Generic clamav scanner daemon...

Jan 12 22:53:43 zabbix-agent clamd[2935]: Received 0 file descriptor(s) from systemd.

Jan 12 22:53:43 zabbix-agent clamd[2935]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Jan 12 22:53:43 zabbix-agent clamd[2935]: Running as user clamscan (UID 994, GID 991)

Jan 12 22:53:43 zabbix-agent clamd[2935]: Log file size limited to 1048576 bytes.

Jan 12 22:53:43 zabbix-agent clamd[2935]: Reading databases from /var/lib/clamav

Jan 12 22:53:43 zabbix-agent clamd[2935]: Not loading PUA signatures.

Jan 12 22:53:43 zabbix-agent clamd[2935]: Bytecode: Security mode set to "TrustSigned".

[root@zabbix-agent ~]# systemctl enable [email protected]

4.查杀病毒

扫描所有用户的主目录就使用

[root@zabbix-agent ~]# clamscan -r /home

扫描您计算机上的所有文件并且显示所有的文件的扫描结果,就使用

[root@zabbix-agent ~]# clamscan -r /

----------- SCAN SUMMARY -----------

Known viruses: 6383388

Engine version: 0.99.2

Scanned directories: 10373

Scanned files: 30631

Infected files: 0

Total errors: 15881

Data scanned: 1520.95 MB

Data read: 2276.20 MB (ratio 0.67:1)

Time: 236.625 sec (3 m 56 s)

扫描您计算机上的所有文件并且显示有问题的文件的扫描结果,就使用

[root@zabbix-agent ~]# clamscan -r --bell -i /

----------- SCAN SUMMARY -----------

Known viruses: 6383388

Engine version: 0.99.2

Scanned directories: 10373

Scanned files: 30631

Infected files: 0

Total errors: 15881

Data scanned: 1520.95 MB

Data read: 2276.20 MB (ratio 0.67:1)

Time: 198.461 sec (3 m 18 s)

查杀当前目录并删除感染的文件

[root@zabbix-agent ~]# clamscan -r --remove

clamscan常用参数

-r/--recursive[=yes/no]

所有文件

--log=FILE/-l FILE

增加扫描报告

clamscan -l /var/log/clamscan.log /


--move [路径]

移动病毒文件至

--remove [路径]

删除病毒文件

--quiet

只输出错误消息

--infected/-i

只输出感染文件

--suppress-ok-results/-o

跳过扫描OK的文件

--bell

扫描到病毒文件发出警报声音

--unzip(unrar)

解压压缩文件扫描

5.计划任务

说明

基本格式

* * * * * command

第1列表示分钟1~59每分钟用*或者*/1表示

第2列表示小时1~23(0表示0点)

第3列表示日期1~31

第4列表示月份1~12

第5列表示星期0~6(0表示星期天)

第6列要运行的命令

[root@zabbix-agent ~]# crontab -e

0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log

[root@zabbix-agent ~]# vim /etc/crontab

0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log

[root@zabbix-agent ~]# crontab -l -u root

0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log

[root@zabbix-agent ~]# systemctl start  crond.service

[root@zabbix-agent ~]# systemctl status  crond.service

● crond.service - Command Scheduler

  Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)

  Active: active (running) since Fri 2018-01-12 22:25:20 CST; 1h 27min ago

Main PID: 614 (crond)

  CGroup: /system.slice/crond.service

          └─614 /usr/sbin/crond -n

Jan 12 22:25:20 zabbix-agent systemd[1]: Started Command Scheduler.

Jan 12 22:25:20 zabbix-agent systemd[1]: Starting Command Scheduler...

Jan 12 22:25:20 zabbix-agent crond[614]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 83% if used.)

Jan 12 22:25:20 zabbix-agent crond[614]: (CRON) INFO (running with inotify support)

Jan 12 23:40:01 zabbix-agent crond[614]: (*system*) RELOAD (/etc/crontab)

[root@zabbix-agent ~]# systemctl enable crond.service