Clamav是一款开源杀毒软件,使用范围广。可以提前扫描发现服务上的病毒,特别服务挖矿程序的预警。
可以直接在官网网站下载
http://www.clamav.net/downloads/production/clamav-0.101.3.tar.gz
通常服务器批量安装先建立私服下载,因为后面病毒库的更新也需要在建立的私服服务器上更新,先用nginx搭建一个小型的私服服务器。
server {
listen 80;
server_name clamav.server_name.local;
location / {
root /u01/install/clamavdb; #设定此目录为病毒库镜像目录
index index.html index.htm;
}
}
cp clamav-0.101.3.tar.gz /u01/install/clamavdb
sed -i '$a 172.20.0.109 clamav.server_name.local' /etc/hosts
wget http://clamav.server_name.local/clamav-0.101.3.tar.gz
然后执行修改命令,此处修改两个部分:clamd.conf,freshclam.conf。
1)修改clamd.conf,命令如下。
vim /usr/local/clamav/etc/clamd.conf
// 注释掉第8行,如下
#Example
#添加以下内容
LogFile /usr/local/clamav/logs/clamd.log
PidFile /usr/local/clamav/updata/clamd.pid
DatabaseDirectory /usr/local/clamav/updata
2)修改freshclam.conf,命令如下。
vim /usr/local/clamav/etc/freshclam.conf
// 注释掉第8行,如下
#Example
#添加以下内容
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid
cp /usr/local/clamav/etc/clamd.conf /u01/install/clamavdb
cp /usr/local/clamav/etc/freshclam.conf /u01/install/clamavdb
tar -zxvf clamav-0.101.3.tar.gz
yum install gcc gcc-c++ openssl openssl-devel -y
cd clamav-0.101.3/
./configure --prefix=/usr/local/clamav
make && make install
groupadd clamav
useradd -g clamav clamav
创建日志目录和病毒库目录,命令如下。
mkdir /usr/local/clamav/{updata,logs}
创建日志文件命令如下:
touch /usr/local/clamav/logs/{clamd.log,freshclam.log}
对日志文件授权
chown clamav:clamav /usr/local/clamav/logs/clamd.log
chown clamav:clamav /usr/local/clamav/logs/freshclam.log
chown clamav:clamav /usr/local/clamav/updata
chown -R clamav.clamav /usr/local/clamav/
增加配置
cd /usr/local/clamav/etc/
wget http://clamav.server_name.local/freshclam.conf
wget http://clamav.server_name.local/clamd.conf
建立运行文件软连接
ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
/usr/local/clamav/bin/freshclam ##更新病毒库,一般在中国大陆的服务器会报错,更新不了病毒库以下是解决方案
以上步骤一般会报错,请这样解决。
通过手工,注意不要用wget,wget本人测试也是在官方文章下来不了,一定要用浏览器下载。下载三个文件如图所示:
同时修改私有库中的
http://clamav.server_name.local/freshclam.conf
http://clamav.server_name.local/clamd.conf
对应的配置项PrivateMirror和ScriptedUpdates如下,这样在执行更新病毒命令之后不就会去你clamav.server_name.local私有服务上下载freshclam.conf 和clamd.conf
ScriptedUpdates yes
# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no
# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb
# This option allows you to easily point freshclam to private mirrors.
# If PrivateMirror is set, freshclam does not attempt to use DNS
# to determine whether its databases are out-of-date, instead it will
# use the If-Modified-Since request or directly check the headers of the
# remote database files. For each database, freshclam first attempts
# to download the CLD file. If that fails, it tries to download the
# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
# and ScriptedUpdates. It can be used multiple times to provide
# fall-back mirrors.
# Default: disabled
PrivateMirror clamav.server_name.local
再次执行
/usr/local/clamav/bin/freshclam
如下图所示
clamscan -r /etc --max-dir-recursion=5 -l /root/etcclamav.log
总结以上步骤:
1.nginx增加私有服务配置,在/u01/install/clamavdb存放freshclam.conf 和clamd.conf 和3个病毒库文件
main.cvd ,bytecode.cvd,daily.cvd,并且将clamav-0.101.3.tar.gz放入/u01/install/clamavdb以便后续下载安装
2.在需要安装的机器上
sed -i '$a 172.20.0.109 clamav.server_name.local' /etc/hosts
wget http://clamav.server_name.local/clamav-0.101.3.tar.gz
修改hosts,下载软件安装,具体步骤参考上述
3.如果执行/usr/local/clamav/bin/freshclam还报错,就看看freshclam.conf 和clamd.conf配置文件配置PrivateMirror和ScriptedUpdates如上步骤8。
4.定义手工更新daily.cvd即可
如果按以上步骤还有障碍的请留言
页面更新:2024-04-01
本站资料均由网友自行发布提供,仅用于学习交流。如有版权问题,请与我联系,QQ:4156828
© CopyRight 2008-2024 All Rights Reserved. Powered By bs178.com 闽ICP备11008920号-3
闽公网安备35020302034844号