ClamAV 杀毒是Linux平台最受欢迎的杀毒软件,ClamAV属于免费开源产品,支持多种平台,如:Linux/Unix、MAC OS X、Windows、OpenVMS。ClamAV是基于病毒扫描的命令行工具,但同时也有支持图形界面的ClamTK工具。ClamAV主要用于邮件服务器扫描邮件。它有多种接口从邮件服务器扫描邮件,支持文件格式有如:ZIP、RAR、TAR、GZIP、BZIP2、HTML、DOC、PDF,、SIS CHM、RTF等等。ClamAV有自动的数据库更新器,还可以从共享库中运行。
// 以下为源码包安装步骤
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
# yum -y groupinstall "Development Tools"
# yum -y install openssl openssl-devel libcurl-devel zlib-devel libpng-devel libxml2-devel json-c-devel bzip2-devel pcre2-devel ncurses-devel
# tar xf clamav-0.101.4.tar.gz
# cd clamav-0.101.4
# ./configure --prefix=/hadoop/software/clamav --disable-clamav --disable-clamav --with-systemdsystemunitdir=no
# make && make install
//cp示例配置
cp /hadoop/software/clamav/etc/freshclam.conf.sample
/hadoop/software/clamav/etc/freshclam.conf
cp /hadoop/software/clamav/etc/clamd.conf.sample /hadoop/software/clamav/etc/clamd.conf
# 创建 log 目录
mkdir -p /hadoop/software/clamav/logs
touch /hadoop/software/clamav/logs/clamd.log
touch /hadoop/software/clamav/logs/freshclam.log
touch /hadoop/software/clamav/logs/clamscan.log
# 创建 病毒 更新
mkdir -p /hadoop/software/clamav/updata
chown -R root:clamav /hadoop/software/clamav/
chown -R clamav:clamav /hadoop/software/clamav/updata/
chown -R clamav:clamav /hadoop/software/clamav/logs/clamd.log
chown -R clamav:clamav /hadoop/software/clamav/logs/freshclam.log
chown -R clamav:clamav /hadoop/software/clamav/logs/clamscan.log
// 配置编辑
# vim /hadoop/software/clamav/etc/clamd.conf
# Example // 注释掉这一行,编辑如下3行
LogFile /hadoop/software/clamav/logs/clamd.log
PidFile /hadoop/software/clamav/updata/clamd.pid
DatabaseDirectory /hadoop/software/clamav/updata
# vim /hadoop/software/clamav/etc/freshclam.conf
#Example // 注释掉这一行,编辑如下3行
DatabaseDirectory /hadoop/software/clamav/updata
UpdateLogFile /hadoop/software/clamav/logs/freshclam.log
PidFile /var/run/freshclam.pid
//使用示例
/hadoop/software/clamav/bin/freshclam // 更新病毒库
/hadoop/software/clamav/bin/clamscan --remove // 查杀当前目录并删除感染的文件
// 对 / 进行杀毒并保存log
/hadoop/software/clamav/bin/clamscan --exclude-dir="^/sys" --infected -r / --remove -l /hadoop/software/clamav/logs/clamscan.log
----------- SCAN SUMMARY -----------
Known viruses: 8939128 #已知病毒
Engine version: 0.103.0 #引擎版本
Scanned directories: 134 #扫描目录数
Scanned files: 345 #扫描文件数
Infected files: 0 #受感染文件
Data scanned: 39.09 MB #扫描数据大小
Data read: 289.37 MB (ratio 3.84:1) #数据读取
Time: 1263.709 sec #花费时长
Start Date: 2020:11:10 13:36:45
End Date: 2020:11:10 13:37:48