ClamAV安装使用
1. ClamAV 简介
ClamAV 是一个开源的防病毒软件,可用于检测木马,病毒,恶意软件和其他恶意威胁。适用于 Linux、macOS 和 Windows 平台。
官网网站:http://www.clamav.net/downloads
GitHub:https://github.com/Cisco-Talos/clamav
2. Linux 平台安装使用
2.1 安装包安装
2.1.1 下载安装包并执行安装
- CentOS / AmazonLinux2
wget http://www.clamav.net/downloads/production/clamav-1.0.0.linux.x86_64.rpm
rpm -ivh clamav-1.0.0.linux.x86_64.rpm
- Ubuntu
wget http://www.clamav.net/downloads/production/clamav-1.0.0.linux.x86_64.deb
dpkg -i clamav-1.0.0.linux.x86_64.deb
2.1.2 创建用户及目录文件
# 创建用户和组
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
# 创建日志存放目录和文件
mkdir -p /usr/local/clamav/logs
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
# 创建隔离文件存放目录
mkdir -p /usr/local/clamav/infected
# 创建病毒库文件存放目录
mkdir -p /usr/local/clamav/update
# 修改目录权限
chown -R clamav.clamav /usr/local/clamav/
2.1.3 修改配置文件
# 复制配置文件
cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
# 注释掉Example行
sed -i 's/Example/#Example/g' /usr/local/etc/clamd.conf
# 文末追加配置
echo -e '
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/update/clamd.pid
DatabaseDirectory /usr/local/clamav/update
' >> /usr/local/etc/clamd.conf
# 注释掉Example行
sed -i 's/Example/#Example/g' /usr/local/etc/freshclam.conf
# 文末追加配置
echo -e '
DatabaseDirectory /usr/local/clamav/update
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/update/freshclam.pid
' >> /usr/local/etc/freshclam.conf
2.2 源码编译安装
2.2.1 安装基础组件和依赖包
- CentOS / AmazonLinux2
# 安装基础组件
yum install -y gcc gcc-c++ make python3 python3-pip valgrind git
# 安装依赖包
yum install -y bzip2-devel check-devel libcurl-devel libxml2-devel ncurses-devel openssl-devel pcre2-devel sendmail-devel zlib-devel
- Ubuntu
# 安装基础组件
apt-get install -y gcc make pkg-config python3 python3-pip python3-pytest valgrind git
# 安装依赖包
apt-get install -y check libbz2-dev libcurl4-openssl-dev libmilter-dev libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev
2.2.2 安装 cmake
依赖版本:3.14+
# pip安装cmake
python3 -m pip install --upgrade pip setuptools wheel scikit-build
python3 -m pip install cmake pytest
# 查看cmake版本
cmake --version
2.2.3 安装 rust
依赖版本:1.56+
# 安装rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source "$HOME/.cargo/env"
# 查看rust版本
rustc --version
2.2.4 安装 json-c
# clone json-c源码
git clone https://github.com/json-c/json-c.git
mkdir json-c-build && cd json-c-build
cmake ../json-c
make && make install
# 查看json-c库
ldconfig -v |grep json
cd ~
2.2.5 创建用户及目录文件
# 创建用户和组
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
# 创建日志存放目录和文件
mkdir -p /usr/local/clamav/logs
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
# 创建隔离文件存放目录
mkdir -p /usr/local/clamav/infected
# 创建病毒库文件存放目录
mkdir -p /usr/local/clamav/update
# 修改目录权限
chown -R clamav.clamav /usr/local/clamav/
2.2.6 下载源码并解压
wget http://www.clamav.net/downloads/production/clamav-1.0.0.tar.gz
tar -zxf clamav-1.0.0.tar.gz
2.2.7 编译安装
cd clamav-1.0.0/
mkdir build && cd build
cmake .. \
-D CMAKE_INSTALL_PREFIX=/usr \
-D CMAKE_INSTALL_LIBDIR=/usr/lib64 \
-D APP_CONFIG_DIRECTORY=/etc/clamav \
-D DATABASE_DIRECTORY=/var/lib/clamav \
-D ENABLE_JSON_SHARED=OFF
cmake --build .
cmake --build . --target install
# 查看版本
clamscan --version
cd ~
2.2.8 修改配置文件
# 复制配置文件
cp /etc/clamav/clamd.conf.sample /etc/clamav/clamd.conf
cp /etc/clamav/freshclam.conf.sample /etc/clamav/freshclam.conf
# 注释掉Example行
sed -i 's/Example/#Example/g' /etc/clamav/clamd.conf
# 文末追加配置
echo -e '
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/update/clamd.pid
DatabaseDirectory /usr/local/clamav/update
' >> /etc/clamav/clamd.conf
# 注释掉Example行
sed -i 's/Example/#Example/g' /etc/clamav/freshclam.conf
# 文末追加配置
echo -e '
DatabaseDirectory /usr/local/clamav/update
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/update/freshclam.pid
' >> /etc/clamav/freshclam.conf
2.3 基本使用命令
2.3.1 更新病毒库
# 手动执行更新
freshclam
# 显示当前病毒库的版本
freshclam -V
2.3.2 执行病毒查杀
# 指定目录查杀并将结果输出到文件
clamscan -vri /root/ --move=/usr/local/clamav/infected -l /usr/local/clamav/logs/clamscan-20221214.log
扫描结果示例:
...
Scanning /root/result.txt
Scanning /root/iplist.txt
Scanning /root/.ssh/known_hosts
Scanning /root/clamav-1.0.0.linux.x86_64.rpm
Scanning /root/clamav-1.0.0.linux.x86_64.deb
----------- SCAN SUMMARY -----------
Known viruses: 8645665
Engine version: 1.0.0
Scanned directories: 70
Scanned files: 167
Infected files: 0
Data scanned: 184.38 MB
Data read: 108.87 MB (ratio 1.69:1)
Time: 211.784 sec (3 m 31 s)
Start Date: 2022:12:14 16:39:07
End Date: 2022:12:14 16:42:39
2.3.3 定时更新和查杀
# 导出当前crontab到临时文件crontab.conf
crontab -l > crontab.conf
# 向临时文件追加计划任务
echo -ne '
0 1 * * * /usr/local/bin/freshclam --quiet
0 2 * * * /usr/local/bin/clamscan -vri /root/ --move=/usr/local/clamav/infected -l /usr/local/clamav/logs/clamscan-$(date +\%Y\%m\%d).log
' >> crontab.conf
# 引用文件导入crontab
crontab crontab.conf
# 重启crond服务
systemctl restart crond.service
# 删除临时文件
rm -f crontab.conf