Centos7安装和使用ClamAV杀毒软件

1.ClamAV杀毒软件的安装

2.病毒库更新

2.1关闭自动更新

2.2下载病毒库

2.3更新病毒库

3.启动服务

4.查杀病毒

5.计划任务

1.ClamAV杀毒软件的安装

[root@zabbix-agent ~]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

[root@zabbix-agent ~]# yum -y install epel-release

Installed:  epel-release.noarch 0:7-9                                                                                                     Complete!

[root@zabbix-agent ~]# yum clean all [root@zabbix-agent ~]# yum makecache [root@zabbix-agent ~]# yum repolist

repo id                                      repo name                                                                   status base/7/x86_64                                CentOS-7 - Base                                                              9,591 epel/x86_64                                  Extra Packages for Enterprise Linux 7 - x86_64                              12,201 extras/7/x86_64                              CentOS-7 - Extras                                                              329 updates/7/x86_64                             CentOS-7 - Updates                                                           1,651 repolist: 23,772

[root@zabbix-agent ~]# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Installed:  clamav.x86_64 0:0.99.2-13.el7                             clamav-data.noarch 0:0.99.2-13.el7                                  clamav-devel.x86_64 0:0.99.2-13.el7                       clamav-filesystem.noarch 0:0.99.2-13.el7                            clamav-lib.x86_64 0:0.99.2-13.el7                         clamav-scanner-systemd.noarch 0:0.99.2-13.el7                      clamav-server.x86_64 0:0.99.2-13.el7                      clamav-server-systemd.noarch 0:0.99.2-13.el7                        clamav-update.x86_64 0:0.99.2-13.el7                     Dependency Installed:  clamav-scanner.noarch 0:0.99.2-13.el7     keyutils-libs-devel.x86_64 0:1.5.8-3.el7   krb5-devel.x86_64 0:1.15.1-8.el7        libcom_err-devel.x86_64 0:1.42.9-10.el7   libkadm5.x86_64 0:1.15.1-8.el7             libselinux-devel.x86_64 0:2.5-11.el7    libsepol-devel.x86_64 0:2.5-6.el7         libtool-ltdl.x86_64 0:2.4.2-22.el7_3       libverto-devel.x86_64 0:0.2.5-4.el7    nmap-ncat.x86_64 2:6.40-7.el7             openssl-devel.x86_64 1:1.0.2k-8.el7        pcre-devel.x86_64 0:8.32-17.el7        zlib-devel.x86_64 0:1.2.7-17.el7         Updated:  dracut.x86_64 0:033-502.el7_4.1                                systemd.x86_64 0:219-42.el7_4.4                               Dependency Updated:  dracut-config-rescue.x86_64 0:033-502.el7_4.1 dracut-network.x86_64 0:033-502.el7_4.1 e2fsprogs.x86_64 0:1.42.9-10.el7      e2fsprogs-libs.x86_64 0:1.42.9-10.el7         krb5-libs.x86_64 0:1.15.1-8.el7         libcom_err.x86_64 0:1.42.9-10.el7      libgudev1.x86_64 0:219-42.el7_4.4             libselinux.x86_64 0:2.5-11.el7          libselinux-python.x86_64 0:2.5-11.el7  libselinux-utils.x86_64 0:2.5-11.el7          libsepol.x86_64 0:2.5-6.el7             libss.x86_64 0:1.42.9-10.el7          openssl.x86_64 1:1.0.2k-8.el7                 openssl-libs.x86_64 1:1.0.2k-8.el7      pcre.x86_64 0:8.32-17.el7              systemd-libs.x86_64 0:219-42.el7_4.4          systemd-sysv.x86_64 0:219-42.el7_4.4    zlib.x86_64 0:1.2.7-17.el7           Complete!

在两个配置文件/etc/freshclam.conf和/etc/clamd.d/scan.conf中移除“Example”字符

[root@zabbix-agent ~]# cp /etc/freshclam.conf /etc/freshclam.conf.bak [root@zabbix-agent ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf [root@zabbix-agent ~]# cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.bak [root@zabbix-agent ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

[root@zabbix-agent ~]# vim /etc/clamd.d/scan.conf

LocalSocket /var/run/clamd.scan/clamd.sock

2.病毒库更新

2.1关闭自动更新

freshclam命令通过文件/etc/cron.d/clamav-update来自动运行，该文件的内容

[root@zabbix-agent ~]# vim /etc/cron.d/clamav-update

## Adjust this line... MAILTO=root ## It is ok to execute it as root; freshclam drops privileges and becomes ## user 'clamupdate' as soon as possible 0  */3 * * * root /usr/share/clamav/freshclam-sleep

但默认情况下是禁止了自动更新功能，需要移除文件/etc/sysconfig/freshclam最后一行的配置才能启用

[root@zabbix-agent ~]# vim /etc/sysconfig/freshclam

# FRESHCLAM_DELAY=

定义服务器类型（本地或者TCP），在这里定义为使用本地socket，将文件/etc/clam.d/scan.conf中的这一行前面的注释符号去掉：

[root@zabbix-agent ~]# vim /etc/clamd.d/scan.conf

#LocalSocket /var/run/clamd.scan/clamd.sock

2.2下载病毒库

https://www.clamav.net/downloads

将main.cvd\daily.cvd\bytecode.cvd三个文件下载后上传到/var/lib/clamav目录下

[root@zabbix-agent clamav]# pwd

/var/lib/clamav

[root@zabbix-agent clamav]# ll

total 113136 -rw-r--r-- 1 clamupdate clamupdate     76781 Jun 13  2016 bytecode.cvd -rw-r--r-- 1 clamupdate clamupdate   6626001 Jun 13  2016 daily.cvd -rw-r--r-- 1 clamupdate clamupdate 109143933 Jun 13  2016 main.cvd

将原有病毒库文件删除，更新为下载最新版本。

[root@zabbix-agent clamav]# ll

total 158088 -rw-r--r-- 1 root root    153228 Jan 12 21:56 bytecode.cvd -rw-r--r-- 1 root root  43830800 Jan 12 21:57 daily.cvd -rw-r--r-- 1 root root 117892267 Jan 12 21:57 main.cvd

[root@zabbix-agent clamav]# vim /etc/freshclam.conf

DatabaseDirectory /var/lib/clamav    将注释#号去掉

[root@zabbix-agent clamav]# systemctl enable [email protected] [root@zabbix-agent system]# ln -s '/usr/lib/systemd/system/[email protected]' '/etc/systemd/system/multi-user.target.wants/[email protected]'

2.3更新病毒库

建立clam-freshclam.service服务

[root@zabbix-agent ~]# vim /usr/lib/systemd/system/clam-freshclam.service

# Run the freshclam as daemon  [Unit]  Description = freshclam scanner  After = network.target  [Service]  Type = forking  ExecStart = /usr/bin/freshclam -d -c 4  Restart = on-failure  PrivateTmp = true  [Install]  WantedBy=multi-user.target

[root@zabbix-agent ~]# systemctl start clam-freshclam.service [root@zabbix-agent ~]# systemctl status clam-freshclam.service

● clam-freshclam.service - freshclam scanner   Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; disabled; vendor preset: disabled)   Active: active (running) since Fri 2018-01-12 22:34:43 CST; 8s ago  Process: 2533 ExecStart=/usr/bin/freshclam -d -c 4 (code=exited, status=0/SUCCESS) Main PID: 2534 (freshclam)   CGroup: /system.slice/clam-freshclam.service           └─2534 /usr/bin/freshclam -d -c 4 Jan 12 22:34:43 zabbix-agent systemd[1]: Starting freshclam scanner... Jan 12 22:34:43 zabbix-agent systemd[1]: Started freshclam scanner. Jan 12 22:34:43 zabbix-agent freshclam[2534]: freshclam daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jan 12 22:34:43 zabbix-agent freshclam[2534]: ClamAV update process started at Fri Jan 12 22:34:43 2018 Jan 12 22:34:43 zabbix-agent freshclam[2534]: main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Jan 12 22:34:44 zabbix-agent freshclam[2534]: Downloading daily-24213.cdiff [100%] Jan 12 22:34:44 zabbix-agent freshclam[2534]: Downloading daily-24214.cdiff [100%] Jan 12 22:34:46 zabbix-agent freshclam[2534]: Downloading daily-24215.cdiff [100%] Jan 12 22:34:49 zabbix-agent freshclam[2534]: daily.cld updated (version: 24215, sigs: 1823104, f-level: 63, builder: neo) Jan 12 22:34:50 zabbix-agent freshclam[2534]: bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo) Hint: Some lines were ellipsized, use -l to show in full.

[root@zabbix-agent ~]# freshclam

ClamAV update process started at Fri Jan 12 22:37:24 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cld is up to date (version: 24215, sigs: 1823104, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)

[root@zabbix-agent ~]# systemctl enable clam-freshclam.service

Created symlink from /etc/systemd/system/multi-user.target.wants/clam-freshclam.service to /usr/lib/systemd/system/clam-freshclam.service.

[root@zabbix-agent ~]#cp /usr/share/clamav/template/clamd.conf /etc/clamd.conf [root@zabbix-agent ~]#vim /etc/clamd.conf

#Example TCPSocket 3310 TCPAddr 127.0.0.1

[root@zabbix-agent ~]# /usr/sbin/clamd restart [root@zabbix-agent ~]# clamdscan -V

ClamAV 0.99.2/24262/Sun Jan 28 09:21:42 2018

3.启动服务

[root@zabbix-agent ~]# systemctl start [email protected] [root@zabbix-agent ~]# systemctl status [email protected]

● [email protected] - Generic clamav scanner daemon   Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)   Active: active (running) since Fri 2018-01-12 22:53:43 CST; 3s ago Main PID: 2935 (clamd)   CGroup: /system.slice/system-clamd.slice/[email protected]           └─2935 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes Jan 12 22:53:43 zabbix-agent systemd[1]: Started Generic clamav scanner daemon. Jan 12 22:53:43 zabbix-agent systemd[1]: Starting Generic clamav scanner daemon... Jan 12 22:53:43 zabbix-agent clamd[2935]: Received 0 file descriptor(s) from systemd. Jan 12 22:53:43 zabbix-agent clamd[2935]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jan 12 22:53:43 zabbix-agent clamd[2935]: Running as user clamscan (UID 994, GID 991) Jan 12 22:53:43 zabbix-agent clamd[2935]: Log file size limited to 1048576 bytes. Jan 12 22:53:43 zabbix-agent clamd[2935]: Reading databases from /var/lib/clamav Jan 12 22:53:43 zabbix-agent clamd[2935]: Not loading PUA signatures. Jan 12 22:53:43 zabbix-agent clamd[2935]: Bytecode: Security mode set to "TrustSigned".

[root@zabbix-agent ~]# systemctl enable [email protected]

4.查杀病毒

扫描所有用户的主目录就使用

[root@zabbix-agent ~]# clamscan -r /home

扫描您计算机上的所有文件并且显示所有的文件的扫描结果，就使用

[root@zabbix-agent ~]# clamscan -r /

----------- SCAN SUMMARY ----------- Known viruses: 6383388 Engine version: 0.99.2 Scanned directories: 10373 Scanned files: 30631 Infected files: 0 Total errors: 15881 Data scanned: 1520.95 MB Data read: 2276.20 MB (ratio 0.67:1) Time: 236.625 sec (3 m 56 s)

扫描您计算机上的所有文件并且显示有问题的文件的扫描结果，就使用

[root@zabbix-agent ~]# clamscan -r --bell -i /

----------- SCAN SUMMARY ----------- Known viruses: 6383388 Engine version: 0.99.2 Scanned directories: 10373 Scanned files: 30631 Infected files: 0 Total errors: 15881 Data scanned: 1520.95 MB Data read: 2276.20 MB (ratio 0.67:1) Time: 198.461 sec (3 m 18 s)

查杀当前目录并删除感染的文件

[root@zabbix-agent ~]# clamscan -r --remove

clamscan常用参数

-r/--recursive[=yes/no]	所有文件
--log=FILE/-l FILE	增加扫描报告
clamscan -l /var/log/clamscan.log /
--move [路径]	移动病毒文件至
--remove [路径]	删除病毒文件
--quiet	只输出错误消息
--infected/-i	只输出感染文件
--suppress-ok-results/-o	跳过扫描OK的文件
--bell	扫描到病毒文件发出警报声音
--unzip(unrar)	解压压缩文件扫描

5.计划任务

说明

基本格式

* * * * * command

第1列表示分钟1~59每分钟用*或者*/1表示

第2列表示小时1~23（0表示0点）

第3列表示日期1~31

第4列表示月份1~12

第5列表示星期0~6（0表示星期天）

第6列要运行的命令

[root@zabbix-agent ~]# crontab -e

0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log

[root@zabbix-agent ~]# vim /etc/crontab

0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log

[root@zabbix-agent ~]# crontab -l -u root

0 23 * * 6 /usr/bin/clamscan --infected -r / -l /var/log/clamscan.log

[root@zabbix-agent ~]# systemctl start  crond.service [root@zabbix-agent ~]# systemctl status  crond.service

● crond.service - Command Scheduler   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)   Active: active (running) since Fri 2018-01-12 22:25:20 CST; 1h 27min ago Main PID: 614 (crond)   CGroup: /system.slice/crond.service           └─614 /usr/sbin/crond -n Jan 12 22:25:20 zabbix-agent systemd[1]: Started Command Scheduler. Jan 12 22:25:20 zabbix-agent systemd[1]: Starting Command Scheduler... Jan 12 22:25:20 zabbix-agent crond[614]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 83% if used.) Jan 12 22:25:20 zabbix-agent crond[614]: (CRON) INFO (running with inotify support) Jan 12 23:40:01 zabbix-agent crond[614]: (*system*) RELOAD (/etc/crontab)

[root@zabbix-agent ~]# systemctl enable crond.service

转载于:https://blog.51cto.com/11199460/2083697