0


Linux病毒扫描工具ClamAV(Clam AntiVirus)安装使用

简介

Clam AntiVirus(ClamAVNet)是Linux平台上的开源病毒扫描程序,主要应用于邮件服务器,采用多线程后台操作,可以自动升级病毒库。

104开始,后面的版本不再提供configure文件,建意使用rpm包安装或YUM安装

注:Centos6使用RPM包安装,需要glibc-2.17 。

Yum安装

一、安装epel软件源

# 安装
yum install -y epel-release  

# 缓存 
yum clean all && yum makecache 

二、安装clamav程序

yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd 

三、配置SELinux(注:如果服务器已经禁用selinux,可跳过这步)

配置ClamAV权限

setsebool -P antivirus_can_scan_system 1 
setsebool -P clamd_use_jit 1 

查看设置结果

[root@Centos7 ~]# getsebool -a | grep antivirus 
antivirus_can_scan_system --> on 
antivirus_use_jit --> on 

四、配置ClamAV

Centos7:
sed -i -e "s/^Example/#Example/"                     /etc/clamd.d/scan.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/clamd.d/scan.conf
sed -i "/#User clamscan/a\User\ root"                /etc/clamd.d/scan.conf

sed -i -e "s/^Example/#Example/"                     /etc/freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/"     /etc/freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/"                /etc/freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root"       /etc/freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf

Centos6:
sed -i -e "s/^Example/#Example/"                     /etc/clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/clamd.conf
sed -i "/#User clamscan/a\User\ root"                /etc/clamd.conf

sed -i -e "s/^Example/#Example/"                     /etc/freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/"     /etc/freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" /etc/freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/"                /etc/freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root"       /etc/freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.mynetwork.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf

#127.0.0.1换成病毒库服务器IP

五、更新病毒库

[root@Centos7 ~]# freshclam
ClamAV update process started at Thu May 12 16:46:43 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.5 Recommended version: 0.103.6
DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
daily database available for update (local version: 26538, remote version: 26539)
Current database is 1 version behind.
Downloading database patch # 26539...
Time:    0.9s, ETA:    0.0s [========================>]    2.58KiB/2.58KiB
Testing database: '/var/lib/clamav/tmp.e5f8f0bc41/clamav-ada8b1afd9011a46f4ee45b0799cf5e1.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 26539, sigs: 1984354, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

病毒库保存位置:

/var/lib/clamav/daily.cvd 
/var/lib/clamav/main.cvd 

六、启动Clamd服务

systemctl start clamd@scan 
systemctl enable clamd@scan

七、扫描病毒

clamscan

可用以扫描文件, 用户目录亦或是整个系统:

##扫描文件 
clamscan targetfile  
 
##递归扫描home目录,并且记录日志 
clamscan -r -i /home  -l /var/log/clamav.log  
 
##递归扫描home目录,将病毒文件删除,并且记录日志 
clamscan -r -i /home  --remove  -l /var/log/clamav.log  
 
##扫描指定目录,然后将感染文件移动到指定目录,并记录日志 
clamscan -r -i /home  --move=/tmp/clamav -l /var/log/clamav.log 
 
##查看相应的帮助信息
clamscan -h               
 
##扫描计算机上的所有文件并且显示所有的文件的扫描结果
clamscan -r /             
 
##扫描计算机上的所有文件并且显示有问题的文件的扫描结果
clamscan -r --bell -i /·   
 
##扫描所有用户的主目录
clamscan -r /home       扫描所有用户的主目录

八、说明:

  • -r -i 递归扫描目录
  • -l 指定记录日志文件
  • --remove 删除病毒文件
  • --move 移动病毒到指定目录

1.重点扫描目录

clamscan -r  -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log

clamscan -r  -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log

clamscan -r  -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log

clamscan -r  -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log

2.扫描报告说明

[root@Centos7 ~]# clamscan /log
/log/mariadb.log: OK

----------- SCAN SUMMARY -----------
Known viruses: 8616415                  #已知病毒
Engine version: 0.103.5                 #软件版本
Scanned directories: 1                  #扫描目录
Scanned files: 1                        #扫描文件
Infected files: 0                       #感染文件!!!
Data scanned: 0.01 MB                   #扫描数据
Data read: 0.00 MB (ratio 2.00:1)       #数据读取
Time: 27.221 sec (0 m 27 s)             #扫描用时
Start Date: 2022:05:12 10:27:33         #扫描开始
End Date:   2022:05:12 10:28:00         #扫塔结束

3.查看病毒文件

cat /var/log/clamav-bin.log | grep "FOUND" 

RPM安装方法

一、配置用户

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

二、安装RPM包

[root@centos7 ~]# rpm -ivh clamav-0.105.0.linux.x86_64.rpm 
Preparing...                          ################################# [100%]
        package clamav-0.105.0-1.x86_64 is already installed

[root@centos7 ~]# cd /usr/local/bin/

[root@centos7 bin]# ll /usr/local/bin/
total 3872
-rwxr-xr-x 1 root root    1024 May  3 00:49 clamav-config
-rwxr-xr-x 1 root root  105656 May  3 00:52 clambc
-rwxr-xr-x 1 root root  105216 May  3 00:52 clamconf
-rwxr-xr-x 1 root root  121696 May  3 00:52 clamdscan
-rwxr-xr-x 1 root root  331984 May  3 00:52 clamdtop
-rwxr-xr-x 1 root root  134184 May  3 00:52 clamscan
-rwxr-xr-x 1 root root 1760656 May  3 00:52 clamsubmit
-rwxr-xr-x 1 root root   52080 May  3 00:52 freshclam
-rwxr-xr-x 1 root root 1338728 May  3 00:52 sigtool

三、配置ClamAV

cd /usr/local/etc/
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
cp /usr/local/etc/clamd.conf.sample     /usr/local/etc/clamd.conf

sed -i -e "s/^Example/#Example/"                     clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" clamd.conf

sed -i -e "s/^Example/#Example/"                     freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/"     freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/"                freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root"       freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf

#127.0.0.1换成自己的病毒库服务器

四、下载(更新)病毒库

[root@centos7 bin]# ./freshclam 
Creating missing database directory: /var/lib/clamav
Assigned ownership of database directory to user "root".
ClamAV update process started at Thu May 12 16:59:29 2022
daily database available for download (remote version: 26539)
Time:   52.1s, ETA:    0.0s [========================>]   55.93MiB/55.93MiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-add1274594c0ed97fd32eb9fc7ea1d09.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26539, sigs: 1984354, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time:  2m 32s, ETA:    0.0s [========================>]  162.58MiB/162.58MiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-92a2b56c4e7163088ab9da5fd9fdbcdb.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time:    1.3s, ETA:    0.0s [========================>]  286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.184e6a9e3b/clamav-87a700069267480d54c6c1b6c4244472.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)

五、问题解决

Centos6安装后运行会提示缺少Glibc_2.14和2.17

/usr/local/bin/clamscan: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /usr/local/bin/clamscan)
/usr/local/bin/clamscan: /lib64/libc.so.6: version `GLIBC_2.17' not found (required by /usr/local/bin/clamscan)

安装glibc

wget https://ftp.gnu.org/gnu/glibc/glibc-2.17.tar.gz
tar -zxvf glibc-2.17.tar.gz 
cd glibc-2.17
mkdir -p build
cd build/
../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin
make
make install
export LD_PRELOAD=/lib64/libc-2.17.so  #一定要执行,不然系统要坏,要坏,要坏。
rm -f /lib64/libc.so.6
ln -s /lib64/libc-2.17.so /lib64/libc.so.6

**验证 **

[root@centos6 ~]# strings /lib64/libc.so.6 |grep GLIBC
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_2.13
GLIBC_2.14
GLIBC_2.15
GLIBC_2.16
GLIBC_2.17
GLIBC_PRIVATE
ClamAV 软件包可能与上游版本有所不同。一些例子:
 
数据库和应用程序配置路径可能会有所不同:
 
默认的源代码安装将进入/usr/local,其中:
applications in /usr/local/bin
daemons      in /usr/local/sbin
libraries    in /usr/local/lib
headers      in /usr/local/include
configs      in /usr/local/etc/
databases    in /usr/local/share/clamav/
 
 
Linux 软件包安装可能会进入/usr,其中:
applications in /usr/bin
daemons      in /usr/sbin
libraries    in /usr/lib
headers      in /usr/include
configs      in /etc/clamav
databases    in /var/lib/clamav

PACKAGES 安装方法

104开始,后面的版本不再提供configure文件,建意使用rpm包安装

1、创建用户和组

groupadd clamav && useradd -g clamav clamav && id clamav  #创建clamav运行用户和组

2、安装依赖环境

yum -y install gcc gcc-c++ openssl-devel libcurl-devel  #安装clamav的依赖包

3编译安装

tar -zxvf clamav-0.103.3.tar.gz #接着解压包
cd clamav-0.103.3
./configure --prefix=/usr/local/clamav --disable-clamav --with-pcre
make && make install

4、配置ClamAV

cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf

sed -i -e "s/^Example/#Example/"                     clamd.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" clamd.conf

sed -i -e "s/^Example/#Example/"                     freshclam.conf
sed -i -e "s/^#ScriptedUpdates/ScriptedUpdates/"     freshclam.conf
sed -i -e "s/^#DatabaseDirectory/DatabaseDirectory/" freshclam.conf
sed -i -e "s/^#Checks 24/Checks\ 12/"                freshclam.conf
sed -i "/#DatabaseOwner/a\DatabaseOwner\ root"       freshclam.conf
sed -i -e "s/^#PrivateMirror mirror1.example.com/PrivateMirror\ 127.0.0.1/" /etc/freshclam.conf

#127.0.0.1换成自己的病毒库服务器

5、启动ClamAV

chown -R clamav.clamav /usr/local/clamav/
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service 
systemctl status clamav-freshclam.service

6、更新病毒库

#先停止freshclam
systemctl stop clamav-freshclam.service
#再更新
/usr/local/clamav/bin/freshclam  (根据网络质量确定更新时长)
#或者
cd /var/lib/clamav
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd
#更新完成启动
systemctl start clamav-freshclam.service
systemctl status clamav-freshclam.service

7、创建软链接

ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
#说明:如果在手动更新病毒库的时候遇到错误,此时就要删除掉旧的镜像地址文件
#rm -f /var/lib/clamav/mirrors.dat,再手动更新一次病毒库。

8、扫描病毒

clamscan /

扫描参数:
-r/--recursive[=yes/no]      #所有文件
--log=FILE/-l FILE           #增加扫描报告
--move [路径]                #移动病毒文件至..
--remove [路径]              #删除病毒文件
--quiet                      #只输出错误消息
--infected/-i                #只输出感染文件
--suppress-ok-results/-o     #跳过扫描OK的文件
--bell                       #扫描到病毒文件发出警报声音
--unzip(unrar)               #解压压缩文件扫描

9、定时扫描

#让服务器每天晚上定时更新和杀毒,保存杀毒日志,crontab文件如下:
1  3  * * *  /usr/local/clamav/bin/freshclam --quiet
20 3  * * *  /usr/local/clamav/bin/clamscan  -r /home  --remove -l /var/log/clamscan.log

内网更新方法

1、配置freshclam

vim freshclam.conf

#PrivateMirror mirror1.example.com    #取消注释,并修改为自己的服务器址地,如:127.0.0.1

2、搭建病毒库服务器

搭建一个http服务器即可,此处略

下载病毒库文件到本地HTTP服务器:
http://database.clamav.net/main.cvd
http://database.clamav.net/daily.cvd
http://database.clamav.net/bytecode.cvd

或从其他服务器复制此三个文件到HTTP服务器
(注:freshclam自动更新时可能 daily.cvd 名称为 daily.cld )
标签: centos 运维 安全

本文转载自: https://blog.csdn.net/ffoooxx/article/details/124725596
版权归原作者 楚枫默寒 所有, 如有侵权,请联系我们删除。

“Linux病毒扫描工具ClamAV(Clam AntiVirus)安装使用”的评论:

还没有评论