操作步驟

1. 安裝zlib包

 yum install zlib zlib-devel  openssl openssl-devel -y

2. 下載並安裝clamav原始碼包

到官網上(http://www.clamav.net/downloads)下載原始碼包(本文以clamav-0.99.2.tar.gz為例），解壓到 /usr/local 目錄下，並且重名為 clamav。

 

mkdir /usr/local/clamav

注：如果沒有建立clamav，之後無法編譯

useradd clamav -s /sbin/nologin -M

id clamav

grep clamav /etc/passwd

wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz

tar xf clamav-0.99.2.tar.gz

cd clamav-0.99.2

./configure –prefix=/usr/local/clamav

注：如果這一步沒有加引數 –prefix ，預設配置檔案會安裝到 /usr/local/etc 目錄下

make && make install  （此處安裝特別耗費時間）

 

3. 修改配置檔案

先建立日誌目錄和病毒庫目錄

mkdir /usr/local/clamav/logs    (日誌存放目錄)

mkdir /usr/local/clamav/updata    (clanav 病毒庫目錄)

修改配置檔案

vim /usr/local/clamav/etc/clamd.conf

 

# Example                                  註釋掉這一行.  第8 行

LogFile/usr/local/clamav/logs/clamd.log        刪掉前面的註釋目錄改為logs下面  第14行

PidFile /usr/local/clamav/updata/clamd.pid      刪掉前面的註釋路徑改一下      第57行

DatabaseDirectory/usr/local/clamav/updata      同上                        第65行

 

4.下面建立日誌檔案

touch /usr/local/clamav/logs/freshclam.log

chown clamav:clamav /usr/local/clamav/logs/freshclam.log

touch /usr/local/clamav/logs/clamd.log

chown clamav:clamav /usr/local/clamav/logs/clamd.log

chown clamav:clamav /usr/local/clamav/updata

 

 

/usr/local/clamav/bin/freshclam        (升級病毒庫)  請確保伺服器可以訪問外網

/usr/local/clamav/bin/clamscan –remove (查殺當前目錄並刪除感染的檔案)

 

實際生產環境應用

一般使用計劃任務，讓伺服器每天晚上定時跟新和定時防毒。儲存防毒日誌，我的crontab檔案如下

1 3  * * *          /usr/local/clamav/bin/freshclam

20 3 * * *         /usr/local/clamav/bin/clamscan  -r/home  –remove -l /var/log/clamscan.log

 

 

5.常見問題

問題一：啟動clamav失敗，報錯需要修改/usr/local/etc/clamd.conf 和/usr/local/etc/freshclam.conf 。

解決辦法：原因可能是在執行 ./configure 的時候沒有加引數 –prefix=/usr/local/clamav 來指定安裝路徑，導致預設安裝到/usr/local/etc路徑中。

 問題二：比如如下示例表明對cron目錄下的檔案進行掃描,提示失敗,解決辦法

[root@localhost data]# clamscan -r cron

LibClamAV Error: cl_load(): No such file or directory: /usr/local/clamav/share/clamav

ERROR: Can`t get file status

———– SCAN SUMMARY ———–

Known viruses: 0

Engine version: 0.99.2

Scanned directories: 0

Scanned files: 0

Infected files: 0

Data scanned: 0.00 MB

Data read: 0.00 MB (ratio 0.00:1)

Time: 0.001 sec (0 m 0 s)

解決辦法：

1.安裝epel源

yum install epel-release

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

6.演示：

[root@reserve sync]# clamscan -r drcron_cpv

LibClamAV Warning:**************************************************

LibClamAV Warning: ***  The virus database is older than 7 days!  ***

LibClamAV Warning: ***   Please update it as soon as possible.    ***

LibClamAV Warning:**************************************************

drcron_cpv/ptask/countjs_syc.php: OK

drcron_cpv/ptask/countjs_syc_del-2017-7-24.php: OK

drcron_cpv/ptask/countjs_syc_defile.php: OK

drcron_cpv/ptask/defile.php: OK

drcron_cpv/ptask/defile-2017-7-24-1.php: OK

drcron_cpv/ptask/countjs_syc_browser-b.php: OK

drcron_cpv/ptask/countjs_syc_plan_h.php: OK

drcron_cpv/ptask/countjs_syc_plan.php: OK

drcron_cpv/ptask/countjs_img.php: OK

drcron_cpv/ptask/countjs_syc_site.php: OK

drcron_cpv/ptask/countjs_syc_del.php: OK

drcron_cpv/ptask/countjs_syc_site_h.php: OK

drcron_cpv/ptask/setcache.php: OK

drcron_cpv/ptask/countjs_browser.php: OK

drcron_cpv/ptask/setcache-2017-7-21.php: OK

drcron_cpv/ptask/setcity.php: OK

drcron_cpv/ptask/countjs_syc_img.php: OK

drcron_cpv/chksh/check_syc_site.sh: OK

 

———– SCAN SUMMARY ———–

Known viruses: 4490129

Engine version: 0.99.2

Scanned directories: 3

Scanned files: 18

Infected files: 0

Data scanned: 0.05 MB

Data read: 0.03 MB (ratio 1.71:1)

Time: 14.412 sec (0 m 14 s)

[root@reserve sync]#

參考資料：http://linuxguest.blog.51cto.com/195664/199632/

http://www.linuxidc.com/Linux/2017-03/141437.htm

http://blog.csdn.net/liumiaocn/article/details/76577867

http://www.cnblogs.com/reblue520/p/6555908.html

 本文轉自 wjw555 51CTO部落格，原文連結:http://blog.51cto.com/wujianwei/1973402