一、ClamAV的安装
yum安装命令:
yum -y install epel-releaseyum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
启动并设置开机自启:
systemctl enable clamd@scan.servicesystemctl start clamd@scan.service
启动报错:ailed to start clamd scanner (scan) daemon.
1月 02 11:34:32 ICS systemd[1]: clamd@scan.service: Start request repeated too quickly.1月 02 11:34:32 ICS systemd[1]: clamd@scan.service: Failed with result 'exit-code'.-- Subject: Unit failed-- Defined-By: systemd-- Support: https://access.redhat.com/support---- The unit clamd@scan.service has entered the 'failed' state with result 'exit-code'.1月 02 11:34:32 ICS systemd[1]: Failed to start clamd scanner (scan) daemon.-- Subject: clamd@scan.service 单元已失败-- Defined-By: systemd-- Support: https://access.redhat.com/support---- clamd@scan.service 单元已失败。---- 结果为“failed”。
解决:查看详细日志信息journalctl -u clamd@scan.service
[root@ICS ~]# journalctl -u clamd@scan.service-- Logs begin at Thu 2023-12-28 11:18:09 CST, end at Tue 2024-01-02 11:35:28 CST. --1月 02 11:34:31 ICS systemd[1]: Starting clamd scanner (scan) daemon...1月 02 11:34:31 ICS clamd[765905]: Received 0 file descriptor(s) from systemd.1月 02 11:34:31 ICS clamd[765905]: Please define server type (local and/or TCP).1月 02 11:34:31 ICS clamd[765905]: ERROR: Please define server type (local and/or TCP).1月 02 11:34:31 ICS systemd[1]: clamd@scan.service: Control process exited, code=exited status>1月 02 11:34:31 ICS systemd[1]: clamd@scan.service: Failed with result 'exit-code'.1月 02 11:34:31 ICS systemd[1]: Failed to start clamd scanner (scan) daemon.1月 02 11:34:31 ICS systemd[1]: clamd@scan.service: Service RestartSec=100ms expired, scheduli>1月 02 11:34:31 ICS systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is >1月 02 11:34:31 ICS systemd[1]: Stopped clamd scanner (scan) daemon.1月 02 11:34:31 ICS systemd[1]: Starting clamd scanner (scan) daemon...1月 02 11:34:31 ICS clamd[765911]: Received 0 file descriptor(s) from systemd.1月 02 11:34:31 ICS clamd[765911]: Please define server type (local and/or TCP).1月 02 11:34:31 ICS clamd[765911]: ERROR: Please define server type (local and/or TCP).1月 02 11:34:31 ICS systemd[1]: clamd@scan.service: Control process exited, code=exited status>1月 02 11:34:31 ICS systemd[1]: clamd@scan.service: Failed with result 'exit-code'.1月 02 11:34:31 ICS systemd[1]: Failed to start clamd scanner (scan) daemon.1月 02 11:34:32 ICS systemd[1]: clamd@scan.service: Service RestartSec=100ms expired, scheduli>1月 02 11:34:32 ICS systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is >1月 02 11:34:32 ICS systemd[1]: Stopped clamd scanner (scan) daemon.1月 02 11:34:32 ICS systemd[1]: Starting clamd scanner (scan) daemon...1月 02 11:34:32 ICS clamd[765917]: Received 0 file descriptor(s) from systemd.1月 02 11:34:32 ICS clamd[765917]: Please define server type (local and/or TCP).1月 02 11:34:32 ICS clamd[765917]: ERROR: Please define server type (local and/or TCP).
处理报错:Please define server type (local and/or TCP).
vim /etc/clamd.d/scan.conf
LocalSocket /var/run/clamd.scan/clamd.sock
再次执行重启,可以发现服务状态正常:
systemctl start clamd@scan.service
源码编译安装:
1、下载地址:http://www.clamav.net/downloads/
2、安装依赖环境
yum install gcc openssl openssl-devel -y3、编译安装
cd clamav-xxxxx/./configure --prefix=/usr/local/clamav --with-pcremake && make installecho $?
此时ClamAV已经安装完成
二、常用命令参数
1、更新病毒库:freshclam
[root@ICS ~]# freshclamClamAV update process started at Tue Jan 2 11:46:18 2024daily.cld database is up-to-date (version: 27141, sigs: 2050043, f-level: 90, builder: raynman)main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
查看病毒库版本信息: clamdscan -V
[ClamAV 0.103.11/27141/Mon Jan 1 17:35:53 2024
2、扫描参数
全盘扫描并记录日志:
nohup clamscan -ri / -l /tmp/clamscan.log &
nohup clamscan -ri / -l /tmp/clamscan.log &----------- SCAN SUMMARY -----------Known viruses: 8681791 #Engine version: 0.103.11 #ClamAV 引擎的版本号Scanned directories: 37478 #扫描的目录数量Scanned files: 58325 #扫描的文件数量Infected files: 0 #被感染的文件数量Total errors: 59111 #总错误数量Data scanned: 5532.55 MB #已扫描的数据量Data read: 8252.05 MB (ratio 0.67:1) #已读取的数据量Time: 1058.357 sec (17 m 38 s) #扫描所花费的时间Start Date: 2024:01:02 11:47:59 #扫描开始时间End Date: 2024:01:02 12:05:37 #扫描结束时间
扫描指定文件:clamscan +文件名
Known viruses: 8681791Engine version: 0.103.11Scanned directories: 0Scanned files: 1Infected files: 0Data scanned: 10.11 MBData read: 4.75 MB (ratio 2.13:1)Time: 18.733 sec (0 m 18 s)Start Date: 2024:01:02 13:12:37
递归扫描目录并输出日志:
clamscan -r -i /root -l /var/log/clamav.log
Known viruses: 8681791Engine version: 0.103.11Scanned directories: 2Scanned files: 11Infected files: 0Data scanned: 10.16 MBData read: 4.77 MB (ratio 2.13:1)Time: 18.554 sec (0 m 18 s)Start Date: 2024:01:02 13:14:17
递归扫描目录并隔离感染文件到指定目录、记录日志:
clamscan -r -i /root --move=/tmp/clamav -l /var/log/clamav.log
action_setup: Failed to get realpath of /tmp/clamavKnown viruses: 8681791Engine version: 0.103.11Scanned directories: 5Scanned files: 12Infected files: 0Data scanned: 10.16 MBData read: 4.77 MB (ratio 2.13:1)Time: 18.617 sec (0 m 18 s)Start Date: 2024:01:02 13:15:51
使用clamscan命令来扫描整个系统,并使用--move选项将被感染的文件移动到指定目录。例如,如果您希望将被感染的文件移动到/mvbak目录下,命令如下:
clamscan --infected --move=/mvbak --recursive /递归扫描目录并删除病毒文件、记录日志:
clamscan -r -i /home --remove -l /var/log/clamav.log
