先主要說說centos下的安裝
第一步:Clamav下載
http://www.clamav.net/downloads
wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz
第二步:創建clamav用戶和組
groupadd clamav #創建clamav組 useradd -g clamav clamav #創建clamav用戶並加入clamav組
第三步:編譯安裝
tar -xf clamav-0.99.2.tar.gz cd clamav-0.99.2
安裝依賴包
yum -y install gcc openssl openssl-devel ./configure--prefix=/usr/local/clamav make&&make install
關於debian下的安裝,很不幸debian會經常報error: Your OpenSSL installation is misconfigured or missing的錯誤
解決方法就是用apt-get安裝:
先更新一下apt-get
apt-get update apt-get upgrade
安裝守護進程和殺毒本體
apt-get install clamav clamav-daemon
如果運行freshclam時出現日志文档被佔用的報錯,無法啓動clamav的更新程序,把日志rm -f刪了就行
第四步:配置
mkdir /usr/local/clamav/logs #(日志存放目錄) touch /usr/local/clamav/logs/clamd.log touch /usr/local/clamav/logs/freshclam.log mkdir /usr/local/clamav/updata #(clanav 病毒庫目錄) chown -R root.clamav /usr/local/clamav/ chown -R clamav.clamav /usr/local/clamav/updata/ chown clamav.clamav /usr/local/clamav/logs/clamd.log chown clamav.clamav /usr/local/clamav/logs/freshclam.log cd /usr/local/clamav/etc cp clamd.conf.sample clamd.conf cp freshclam.conf.sample freshclam.conf
編輯配置文档clamd.conf
vim clamd.conf
#Example 注釋掉這一行, 接著在下面改一改。注意, 寫下面路徑的時候, 你就在當前指定好的路徑裡面新建文档, 賦予足夠的權限, 安裝程序不會幫你自動做這件事:
LogFile /usr/local/clamav/logs/clamd.log PidFile /usr/local/clamav/updata/clamd.pid DatabaseDirectory /usr/local/clamav/updata
編輯配置文档freshclam.conf
vim freshclam.conf
#Example 注釋掉這一行, 接著在下面改一改。注意事項也是一樣,如果過後升級病毒庫的時候提示你log文档路徑不存在, 你也要自己手動去建立才行:
DatabaseDirectory /usr/local/clamav/updata UpdateLogFile /usr/local/clamav/logs/freshclam.log PidFile /usr/local/clamav/updata/freshclam.pid
第五步:升級病毒庫
/usr/local/clamav/bin/freshclam
PS:這個過程很久,大概半個小時。確保網路正常
--help / -h show help --version / -V print version number and exit --verbose / -v be verbose --debug enable debug messages --quiet only output error messages --no-warnings don't print and log warnings --stdout write to stdout instead of stderr --show-progress show download progress percentage --config-file=FILE read configuration from FILE. --log=FILE / -l FILE log into FILE --daemon / -d run in daemon mode --pid=FILE / -p FILE save daemon's pid in FILE --user=USER / -u USER run as USER --no-dns force old non-DNS verification method --checks=#n / -c #n number of checks per day, 1 <= n <= 50 --datadir=DIRECTORY download new databases into DIRECTORY --daemon-notify[=/path/clamd.conf] send RELOAD command to clamd --local-address=IP / -a IP bind to IP for HTTP downloads --on-update-execute=COMMAND execute COMMAND after successful update --on-error-execute=COMMAND execute COMMAND if errors occured --on-outdated-execute=COMMAND execute COMMAND when software is outdated --list-mirrors print mirrors from mirrors.dat --enable-stats enable statistical information reporting --stats-host-id=UUID HostID in the form of an UUID to use when submitting statistical information --update-db=DBNAME only update database DBNAME
第六步:殺毒
/usr/local/clamav/bin/clamscan -r --remove #查殺當前目錄並刪除感染的文档 /usr/local/clamav/bin/clamscan -r --bell -i / #掃描所有文档並且顯示有問題的文档的掃描結果
其他參數
> -r/--recursive[=yes/no] 所有文档 > --log=FILE/-l FILE 增加掃描報告 > # clamscan -l /var/log/clamscan.log / > --move [路徑] 移動病毒文档至.. > --remove [路徑] 刪除病毒文档 > --quiet 只輸出錯誤消息 > --infected/-i 只輸出感染文档 > --suppress-ok-results/-o 跳過掃描OK的文档 > --bell 掃描到病毒文档發出警報聲音 > --unzip(unrar) 解壓壓縮文档掃描
第七步:計劃任務
實際生産環境應用
一般使用計劃任務,讓服務器每天晚上定時跟新和定時殺毒。保存殺毒日志,我的crontab文档如下
16 4 * * * /usr/local/clamav/bin/freshclam 16 5 * * * /usr/local/clamav/bin/clamscan --infected -r / --remove -l /var/log/clamscan.log
返回值
>0 : 無病毒 >1 : 發現病毒 >40: 已經通過的未知選項 >50: 數據庫初始化錯誤 >52: 不支持的文档格式 >53: 無法打開目錄 >54: 不能打開文档(ofm) >55: 讀文档錯誤(ofm) >56: Can't stat input file / directory. >57: Can't get absolute path name of current working directory. >58: I/O 錯誤, 請檢查文档系統 >59: 無法在/etc/passwd獲得當前用戶的信息 >60: 無法在/etc/passwd獲得'clamav'(默認名)用戶的信息 >61: Can't fork. >63: 不能創建臨時文档/目錄(檢查權限). >64: 無法對臨時目錄進行寫操作 (請指定另一個目錄). >70: 無法分配或釋放内存 (calloc). >71: 無法分配内存 (malloc).
遇到的問題
NOTE: Problem: "Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons." Resolve: from freshclam.conf file find the line #DatabaseMirror db.XY.clamav.net and uncomment it out to DatabaseMirror db.us.clamav.net #or DatabaseMirror db.ac.clamav.net
