clamav使用:定时扫描与提醒

centos下安装与配置

官网上写的是比较清楚的了. clamav安装

sudo yum  -y groupinstall "Development Tools" 
sudo yum -y  install openssl openssl-devel libcurl-devel zlib-devel libpng-devel libxml2-devel json-c-devel bzip2-devel pcre2-devel ncurses-devel sendmail sendmail-devel  valgrind check
# 如果连接无效, 在该页面重新获取.  https://www.clamav.net/downloads
wget https://www.clamav.net/downloads/production/clamav-0.101.4.tar.gz
tar xzf clamav-0.101.4.tar.gz
mkdir /usr/local/share/clamav
cd clamav-0*
#./configure --enable-check
./configure 
make -j2
make check
make install
# 允许clam扫描
setsebool -P antivirus_can_scan_system 1
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
sudo chown -R clamav:clamav /usr/local/share/clamav

最小配置: 复制配置文件, 并去除文件里 #Example 的注释, 进行使用

 cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
 cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
# 运行更新病毒库
freshclam

部分操作:

##扫描文件
clamscan targetfile
##递归扫描home目录，并且记录日志
clamscan -r -i /home  -l  /var/log/clamscan.log
##递归扫描home目录，将病毒文件删除，并且记录日志
clamscan -r -i /home  --remove  -l /var/log/clamscan.log
##建议##扫描指定目录，然后将感染文件移动到指定目录，并记录日志
clamscan -r -i /home  --move=/opt/infected  -l /var/log/clamscan.log

定时扫描与邮件提醒

新建bash文件, 如 clam_scan_period.sh, 并给运行权限.

#!/bin/bash
receiver="[email protected]"
logFile="/var/log/clamscan-$(date +'%Y-%m-%d').log"
mailSubject="Infected file Found"
# 扫描前更新病毒库
freshclam 
# 扫描 /root目录
clamscan -r -i /root  -l  ${logFile}
infectedCount=$(tail "$logFile"|grep Infected|cut -d " " -f3)
# 如果有感染文件,发送邮件通知
if [ ${infectedCount} -ge 0 ]; then 
    mailContent= "${infectedCount} files may be infected. Please check the log file attached and get more detail."
    echo "${mailContent}" | mail -a "${logFile}" -s "${mailSubject}"  "${receiver}" 
fi
echo "Scan finish. ${infectedCount} files may be infected"

• 发邮件需要配置, 否则的话只会记录在 /var/spool/mail/root
  发邮件配置可查看: centos发送邮件配置

• 测试执行是否正常 sh -x clam_scan_period.sh, 需要有问题的文件测试可以扫描clamav安装解压包的test文件夹.

• 设置每周一亮点定时扫描一次. linux定时任务

# vi /etc/crontab
0  2  *  *  0 root  command to be executed

参考:

ClamAV —— Linux 下的安全软件
ClamAV病毒查杀