clamav安装使用
程序员文章站
2022-05-27 13:29:30
...
clamav-0.103.1安装环境:
$ cat /etc/issue
Ubuntu 20.04 LTS \n \l
安装依赖库
$ sudo apt-get install libssl-dev
$ sudo apt-get install zlib1g zlib1g-dev
$ sudo apt-get install libcurl4-openssl-dev
$ sudo apt-get install libpcre3 libpcre3-dev
下载clamav,配置选项–disable-clamav忽略对clamav用户和用户组的检查。
$ wget https://www.clamav.net/downloads/production/clamav-0.103.1.tar.gz
$ tar -xmf clamav-0.103.1.tar.gz
$ cd clamav-0.103.1/
$
$ ./configure --prefix=/opt/clamav --disable-clamav -with-zlib=/usr/local/zlib
$ make
$ sudo make install
创建相关目录和文件,并修改一下目录权限
$ sudo mkdir -p /opt/clamav/logs
$ sudo mkdir /opt/clamav/updata
$ sudo touch /opt/clamav/logs/freshclam.log
$ sudo touch /opt/clamav/logs/clamd.log
$
$ cd /opt/clamav/logs/
$ chown clamav:clamav clamd.log
$ sudo groupadd clamav
$ sudo useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
$
$ sudo chown clamav:clamav clamd.log
$ sudo chown clamav:clamav freshclam.log
生成默认配置文件
$ sudo cp /opt/clamav/etc/clamd.conf.sample /opt/clamav/etc/clamd.conf
$ sudo cp /opt/clamav/etc/freshclam.conf.sample /opt/clamav/etc/freshclam.conf
$
$ sudo vi /opt/clamav/etc/clamd.conf
#Example
LogFile /opt/clamav/logs/clamd.log
PidFile /opt/clamav/updata/clamd.pid
#DatabaseDirectory /opt/clamav/updata
DatabaseDirectory /opt/clamav/share/clamav
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket
$ sudo vi /opt/clamav/etc/freshclam.conf
# Comment or remove the line below.
# Example
# use database.clamav.net instead.
DatabaseMirror database.clamav.net
修改目录权限
$ sudo mkdir -p /opt/clamav/share/clamav
$ sudo chown clamav:clamav /opt/clamav/share
$
$ sudo chown kai:kai /opt/clamav/share
$ sudo chown kai:kai /opt/clamav/share/clamav/
id命令可查看用户的id信息,方便判断访问权限类的错误。
$ id clamav
uid=1001(clamav) gid=1001(clamav) groups=1001(clamav)
更新病毒库
运行freshclam更新病毒库。
$ /opt/clamav/bin/freshclam
ClamAV update process started at Mon Feb 8 08:01:09 2021
daily.cvd database is up to date (version: 26073, sigs: 4116267, f-level: 63, builder: raynman)
main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
CLAMAV自测试文件
clamav自测试文件位于test目录下。
$ /opt/clamav/bin/clamscan -r /home/kai/av/clamav-0.103.1/test/
/home/kai/av/clamav-0.103.1/test/clam.exe.rtf: Clamav.Test.File-6 FOUND
/home/kai/av/clamav-0.103.1/test/clam_cache_emax.tgz: Clamav.Test.File-6 FOUND
/home/kai/av/clamav-0.103.1/test/clam.exe.szdd: Clamav.Test.File-6 FOUND
/home/kai/av/clamav-0.103.1/test/clam-fsg.exe: Clamav.Test.File-6 FOUND
/home/kai/av/clamav-0.103.1/test/clam-mew.exe: Clamav.Test.File-6 FOUND
...
----------- SCAN SUMMARY -----------
Known viruses: 8665590
Engine version: 0.103.1
Scanned directories: 2
Scanned files: 171
Infected files: 46
Data scanned: 26.00 MB
Data read: 13.76 MB (ratio 1.89:1)
Time: 50.815 sec (0 m 50 s)
Start Date: 2021:02:08 08:02:39
End Date: 2021:02:08 08:03:30
EICAR病毒文件测试
EICAR (European Insitute for Computer Anti-Virus Research) 标准防病毒测试文件
$ /opt/clamav/bin/clamscan -r /home/kai/av/eicar/
/home/kai/av/eicar/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/home/kai/av/eicar/eicarcom2.zip: Win.Test.EICAR_HDB-1 FOUND
/home/kai/av/eicar/eicar.com.txt: Win.Test.EICAR_HDB-1 FOUND
/home/kai/av/eicar/eicar.com: Win.Test.EICAR_HDB-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8665590
Engine version: 0.103.1
Scanned directories: 1
Scanned files: 4
Infected files: 4
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.662 sec (0 m 17 s)
Start Date: 2021:02:08 08:07:28
End Date: 2021:02:08 08:07:45
守护进程检测模式
通信采用UNIX套接口。
vi /opt/clamav/etc/clamd.conf
#Example
LogFile /opt/clamav/logs/clamd.log
PidFile /opt/clamav/updata/clamd.pid
DatabaseDirectory /opt/clamav/share/clamav
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket
创建文件列表:
$ cat eee.txt
/home/kai/av/eicar/eicar.com
/home/kai/av/eicar/eicarcom2.zip
/home/kai/av/eicar/eicar.com.txt
/home/kai/av/eicar/eicar_com.zip
clamdscan开始扫描:
$ /opt/clamav/bin/clamdscan --infected --file-list=eee.txt
/home/kai/av/eicar/eicar.com: Win.Test.EICAR_HDB-1 FOUND
/home/kai/av/eicar/eicarcom2.zip: Win.Test.EICAR_HDB-1 FOUND
/home/kai/av/eicar/eicar.com.txt: Win.Test.EICAR_HDB-1 FOUND
/home/kai/av/eicar/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
----------- SCAN SUMMARY -----------
Infected files: 4
Time: 0.004 sec (0 m 0 s)
Start Date: 2021:02:08 08:52:37
End Date: 2021:02:08 08:52:37
资源使用情况
clamdtop查看clamd资源使用情况。
Primary threads: live 1 idle 0 max 10 +---------------------------------------+
[|||| ] |Mem: heap 3M mmap 0M unused 0M|
Queue: 0 items 0 max |Libc: used 3M free 0M total 3M|
[ ] |Pool: count 1 used 1173M total 1173M|
|[|||||||||||||||||||||||||||||||||||>] |
+---------------------------------------+
COMMAND QUEUEDSINCE FILE
STATS 0.000s