参考文档: Linux病毒扫描工具ClamAV(Clam AntiVirus)安装使用
ClamAV(Clam AntiVirus)是 Linux 平台上的开源病毒扫描程序,主要应用于邮件服务器,采用多线程后台操作,可以自动升级病毒库。
安装 Clamav
安装 epel 软件源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18yum install -y epel-release
yum clean all && yum makecache
````
2. 安装 clamav 程序
```bash
yum install -y \
clamav-server \
clamav-data \
clamav-update \
clamav-filesystem \
clamav \
clamav-scanner-systemd \
clamav-devel \
clamav-lib \
clamav-server-systemd配置 /etc/clamd.d/scan.conf 文件
1
2# 找到 #LocalSocket /var/run/clamd.scan/clamd.sock 行,取消注释
LocalSocket /var/run/clamd.scan/clamd.sock更新病毒库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27# freshclam
ClamAV update process started at Wed May 31 10:32:18 2023
daily database available for update (local version: 26818, remote version: 26923)
Current database is 105 versions behind.
Downloading database patch # 26819...
WARNING: downloadFile: file not found: https://database.clamav.net/daily-26819.cdiff
WARNING: downloadPatch: Can't download daily-26819.cdiff from https://database.clamav.net/daily-26819.cdiff
Downloading database patch # 26819...
WARNING: downloadFile: file not found: https://database.clamav.net/daily-26819.cdiff
WARNING: downloadPatch: Can't download daily-26819.cdiff from https://database.clamav.net/daily-26819.cdiff
Downloading database patch # 26819...
WARNING: downloadFile: file not found: https://database.clamav.net/daily-26819.cdiff
WARNING: downloadPatch: Can't download daily-26819.cdiff from https://database.clamav.net/daily-26819.cdiff
WARNING: Incremental update failed, trying to download daily.cvd
Time: 5.2s, ETA: 0.0s [========================>] 58.57MiB/58.57MiB
Testing database: '/var/lib/clamav/tmp.e13c26771d/clamav-0c50b7a0a45d4f2567c64513e77ad188.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26923, sigs: 2035746, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for update (local version: 333, remote version: 334)
Current database is 1 version behind.
Downloading database patch # 334...
Empty script bytecode-334.cdiff, need to download entire database
Time: 1.3s, ETA: 0.0s [========================>] 285.12KiB/285.12KiB
Testing database: '/var/lib/clamav/tmp.e13c26771d/clamav-8c6a73d87fea4cb17aa0810acb1727f5.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg)病毒库保存位置
- /var/lib/clamav/daily.cvd
- /var/lib/clamav/main.cvd
启动 Clamd 服务,并配置开机启动
1
systemctl enable --now clamd@scan
扫描病毒
clamscan 可以扫描文件,用户目录或者整个系统
参数说明:
- -r -i 递归扫描目录
- -l 指定记录日志文件
- –remove 删除病毒文件
- –move 移动病毒到指定目录
示例
扫描文件
1
clamscan targetfile
递归扫描home目录,并且记录日志
1
clamscan -r -i /home -l /var/log/clamav.log
递归扫描home目录,将病毒文件删除,并且记录日志
1
clamscan -r -i /home --remove -l /var/log/clamav.log
扫描指定目录,然后将感染文件移动到指定目录,并记录日志
1
clamscan -r -i /home --move=/tmp/clamav -l /var/log/clamav.log
重点扫描目录
1
2
3
4
5
6
7clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log
clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log
clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log
clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log
扫描报告说明
扫描结果说明如下
1
2
3
4
5
6
7
8
9----------- SCAN SUMMARY -----------
Known viruses: 9141451 #已知病毒
Engine version: 0.102.4 #软件版本
Scanned directories: 498 #扫描目录
Scanned files: 738 #扫描文件
Infected files: 4 #感染文件!!!
Data scanned: 530.25 MB #扫描数据
Data read: 14131.60 MB (ratio 0.04:1) #数据读取
Time: 203.805 sec (3 m 23 s) #扫描用时查看病毒文件
1
cat /var/log/clamav-bin.log | grep "FOUND"