ClamAV病毒扫描工具安装使用
1. 安装1.1 yum安装ClamAV1.2 配置SELinux1.3 配置文件修改 2 离线安装ClamAV3. 扫描
【资料图】
1. 安装
1.1 yum安装ClamAV
yum install -y epel-releaseyum clean all && yum makecacheyum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
1.2 配置SELinux
setsebool -P antivirus_can_scan_system 1 setsebool -P clamd_use_jit 1
1.3 配置文件修改
vim /etc/clamd.d/scan.conf#添加以下内容 病毒库保存位置DatabaseDirectory /home/clamav/lib
vim /etc/freshclam.conf#添加以下内容 病毒库保存位置DatabaseDirectory /home/clamav/lib
2 离线安装ClamAV
# 解压tar -zxvf clamav-0.103.2.tar.gzcd clamav-0.103.2# 安装到/usr/local/clamav下面./configure --prefix=/usr/local/clamavmake && make install
# 创建组groupadd clamav# 创建用户并添加组useradd -g clamav clamav# 创建扫扫描出来的病毒存放目录mkdir /home/clamav/virus# 创建扫描日志目录mkdir /home/clamav/scan-log# 给用户组目录权限chown -R clamav:clamav /home/clamav/
cp /usr/local/clamav/etc/clamd.conf.sample /usr/local/clamav/etc/clamd.confcp /usr/local/clamav/etc/freshclam.conf.sample /usr/local/clamav/etc/freshclam.conf
vim /usr/local/clamav/etc/clamd.conf#添加以下内容LogFile /home/clamav/clamd.logPidFile /home/clamav/clamd.pidDatabaseDirectory /home/clamav/lib
vim /usr/local/clamav/etc/freshclam.conf#添加以下内容DatabaseDirectory /home/clamav/libUpdateLogFile /home/clamav/freshclam.logPidFile /home/clamav/freshclam.pid
3. 扫描
# yum直接运行freshclam # 离线安装需要进入/usr/local/clamav/bin./freshclam
扫描参数说明
参数说明
-r递归扫描目录
-d以指定的文件作为病毒库 , 默认配置的病毒库
-i仅仅打印被感染的文件
-l指定记录日志文件
–quiet使用安静模式,仅仅打印出错误信息
–remove删除病毒文件
–move移动病毒到指定目录
–max-dir-recursion指定目录深度
./clamscan -r -i /etc --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-etc.log./clamscan -r -i /bin --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-bin.log./clamscan -r -i /usr --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-usr.log./clamscan -r -i /var --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-var.log./clamscan -r -i /opt --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-opt.log./clamscan -r -i /tmp --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-tmp.log./clamscan -r -i /boot --move=/home/clamav/virus -l /home/clamav/scan-log/clamav-boot.log
扫描结果说明:
名称说明
Known viruses已知病毒
Engine versionclamav版本
Scanned directories扫描目录个数
Scanned files扫描文件个数
Infected files感染文件个数
Data scanned扫描数据MB
Data read数据读取MB
Time扫描用时
Start Date开始时间
End Date结束时间
cat /home/clamav/secan-log/clamav-usr.log | grep "FOUND"