时间戳

首页 > 技术文章 > 转 linux下ClamAV使用

转 linux下ClamAV使用

feiyun8616 2019-08-30 11:33 原文

linux下ClamAV使用

linux下ClamAV使用

第一步:Clamav下载
http://www.clamav.net/downloads
#yuminstall wget –y
第二步:创建clamav用户和组
groupadd clamav (创建clamav组)
useradd -g clamav clamav(创建clamav用户并加入clamav组)
<ignore_js_op>
第三步:编译安装
tar xvf *.gz
cd clam*

cd clamav-0.99.2
<ignore_js_op>
安装依赖包
yum install gcc openssl openssl-devel -y


./configure --prefix=/usr/local/clamav
make&&make install

第四步:配置
mkdir /usr/local/clamav/logs
#(日志存放目录)
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
mkdir /usr/local/clamav/updata

#(clanav 病毒库目录)
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/updata/

chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log

mkdir /usr/local/clamav/database
chown -R root.clamav /usr/local/clamav/database

mkdir /usr/local/clamav/share/clamav
chown -R root.clamav /usr/local/clamav/share/clamav

cd ../
cp *.cvd /usr/local/clamav/share/clamav/
chown -R root.clamav /usr/local/clamav/share/clamav

 

cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf


vim clamd.conf
#Example (注释掉Example这一行).
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/updata/clamd.pid
DatabaseDirectory /usr/local/clamav/updata

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim freshclam.conf
#Example (注释掉Example这一行).
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/clamav/bin/clamscan --version

uplaod to /usr/local/clamav/share/clamav/
chown -R root.clamav /usr/local/clamav/share/clamav

/usr/local/clamav/bin/freshclam

 

第五步:升级病毒库
/usr/local/clamav/bin/freshclam

这个过程很久,大概半个小时。可以开启screen来进行。
/usr/local/clamav/bin/clamscan --remove (查杀当前目录并删除感染的文件)

注意:确保网络正常
第六步:计划任务
实际生产环境应用
一般使用计划任务,让服务器每天晚上定时跟新和定时杀毒。保存杀毒日志,我的crontab文件如下
1 3 * ** /usr/local/clamav/bin/freshclam
30 3 * * * /usr/local/clamav/bin/clamscan --infected -r / --remove -l /var/log/clamscan.log

 

----------- SCAN SUMMARY -----------
Known viruses: 6295509
Engine version: 0.101.4
Scanned directories: 74
Scanned files: 55
Infected files: 0
Data scanned: 0.60 MB
Data read: 0.37 MB (ratio 1.64:1)
Time: 66.905 sec (1 m 6 s)

标签: linux

 


####issue 1

第五步:升级病毒库
/usr/local/clamav/bin/freshclam

[root@localhost clamav]# /usr/local/clamav/bin/freshclam
ClamAV update process started at Fri Aug 30 10:38:30 2019
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
WARNING: Can't get information about database.clamav.net: Temporary failure in name resolution
WARNING: Can't download main.cvd from database.clamav.net
Trying again in 5 secs...
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
WARNING: Can't get information about database.clamav.net: Temporary failure in name resolution
WARNING: Can't download main.cvd from database.clamav.net
Trying again in 5 secs...
^CUpdate process terminated

 


fix:
如果更新不了,或者更新特别慢,可以手动下载病毒库文件,放到/var/lib/clamav/文件下,在更新病毒库。

病毒库文件链接(三个文件):
bytecode.cvd:http://database.clamav.net/bytecode.cvd

daily.cvd:http://39.137.1.205/cache/database.clamav.net/daily.cvd

main.cvd:http://39.137.1.205/cache/database.clamav.net/main.cvd


uplaod to /usr/local/clamav/share/clamav/
chown -R root.clamav /usr/local/clamav/share/clamav

D:\temp\software_safe


###issue 2

LibClamAV Warning: cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_5067-7054139-0 uses PCREs but support is disabled, skipping


fix:
ignore

推荐阅读