clamav 远程杀毒服务安装

背景知识:

clamav 作为开源的杀毒程序,可以直接对本地文件进行定期杀毒扫描,也可以启动杀毒服务,由远程程序调用服务将文件传输过来,扫描后返回是否为病毒的状态,可用于业务系统中文件上传后调起远程扫描,达到嵌入业务系统的目的。

clamav安装:

1、下载程序

这里使用的是 0.102.3版本

下载地址:https://download.csdn.net/download/ajian132/12510361

#创建程序目录
mkdir /usr/local/clamav
cd /usr/local/clamav
#将下载的程序文件 上传至 /usr/local/clamav

2、安装依赖

yum install gcc openssl openssl-devel  -y
yum install gcc gcc++ 
yum install gcc gcc-c++ gcc-g77 
yum install curl-devel

3、升级libcurl

在安装过程中遇到了以下错误:Your libcurl (e.g. libcurl-devel) is too old. Installing ClamAV with clamonacc requires libcurl 7.45 or higher.。需要升级libcurl。

#安装repo
rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-1.rhel7.noarch.rpm
#查看该 repo 包含的 curl 版本
yum --showduplicates list curl --disablerepo="*" --enablerepo="city*"
#修改该repo的enable为1
vi /etc/yum.repos.d/city-fan.org.repo
#enabled=0 修改为 enabled=1
#安装最新的curl
yum install curl
yum install epel-release -y
yum --enablerepo=epel install libnghttp2 -y && yum install libcurl -y

4、编译安装

#clamav用户和用户组
groupadd clamav && useradd -g clamav clamav && id clamav

#日志存放目录
mkdir -p /usr/local/clamav/logs     
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log

#病毒库存放目录
mkdir -p /usr/local/clamav/updata
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/updata/

#解压安装包
tar xf clamav-0.102.3.tar.gz

#编译安装
cd clamav-0.102.3
./configure --prefix=/usr/local/clamav  --with-pcre
make && make install

5、配置clamav

cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf

vi freshclam.conf
#Example  注释掉这一行. 
# 添加下面配置
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid

vi clamd.conf
#Example  注释掉这一行. 
# 添加下面配置
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid
TCPSocket 3310
TCPAddr 192.168.31.193
#TCPAddr 为监听服务的地址

6、下载(更新)病毒库文件

#直接更新
/usr/local/clamav/bin/freshcla

#手动下载
cd /usr/local/clamav/updata/
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd

7、启动clamav-daemon服务

#权限
chown -R clamav.clamav /usr/local/clamav/

#启动clamav-freshclam服务
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service 
systemctl status clamav-freshclam.service
systemctl stop clamav-freshclam.service 


#需要在/usr/local/clamav/share/clamav 目录下放置病毒库文件
#启动远程服务
systemctl start clamav-daemon.service
systemctl enable clamav-daemon.service

#查看状态
systemctl status clamav-daemon.service

#停止
systemctl stop clamav-daemon.service 


#查看3310端口是否启动监听
netstat -tunlp | grep 3310

#扫描单独文件命令
/usr/local/clamav/bin/clamscan file.zip
8、启动clamav-rest服务

下载地址:https://download.csdn.net/download/ajian132/12510676

修改程序入口配置

clamav 远程杀毒服务安装_第1张图片

启动服务后测试:

clamav 远程杀毒服务安装_第2张图片

病毒文件:

clamav 远程杀毒服务安装_第3张图片

非病毒文件:

clamav 远程杀毒服务安装_第4张图片

你可能感兴趣的:(安全,centos,clamav)