建立源
yum install -y epel-release
yum -y update
安装
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
clamd --version
配置
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
vi /etc/clamd.d/clamd.conf
#注释掉Example,即将Example改为#Example
vi /etc/freshclam.conf
#注释掉Example,即将Example改为#Example(发现当前版本默认已经注释掉了)
#启用每日自动更新病毒库
vi /etc/sysconfig/freshclam
#注释掉,即FRESHCLAM_DELAY=disabled-warn # REMOVE ME改为#FRESHCLAM_DELAY=disabled-warn # REMOVE ME(发现当前版本默认已经注释掉了)
vi /etc/clamd.d/scan.conf
#注释掉Example,即将Example改为#Example
#去掉注释,即#LocalSocket /var/run/clamd.scan/clamd.sock改为LocalSocket /var/run/clamd.scan/clamd.sock
添加用户
groupadd clamav
useradd -g clamav -s /bin/false clamav
启动自动更新病毒库服务
#添加启动文件
vi /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
#启动服务
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
systemctl status clam-freshclam.service
#手动更新病毒库
freshclam
启动clamd
cd /usr/lib/systemd/system
systemctl enable clamd@scan.service
systemctl start clamd@scan.service
systemctl status clamd@scan.service
扫描
#不依赖守护进程扫描
clamscan -ri --move=/file/clamavlogs /file
#依赖守护进程扫描
sudo clamdscan --no-summary --fdpass --move=/file/clamavlogs /file/1.jpg
参数示意
- -r 递归扫描文件夹内文件,clamdscan无法递归扫描
- -i 仅打印扫描到的问题文件
- --no-summary 不打印统计信息
- --move=/file/clamavlogs 将扫描到的问题文件剪切到指定目录
- --fdpass 将文件权限赋予clamd,只有clamdscan命令能用
添加非root用户clamdscan权限
若要用其它用户执行clamdscan命令,需要给该用户加上权限,否则扫描报错
visudo
#在最后一行加上:用户名 ALL=(ALL) NOPASSWD:/usr/bin/clamdscan
