1.Clamav是什么东西？

Clamav是一款开源杀毒软件，使用范围广。可以提前扫描发现服务上的病毒，特别服务挖矿程序的预警。

2.安装Clamav

可以直接在官网网站下载

http://www.clamav.net/downloads/production/clamav-0.101.3.tar.gz

通常服务器批量安装先建立私服下载，因为后面病毒库的更新也需要在建立的私服服务器上更新，先用nginx搭建一个小型的私服服务器。

 server {
        listen   80;
        server_name  clamav.server_name.local;
        location / {
            root   /u01/install/clamavdb;    #设定此目录为病毒库镜像目录
            index  index.html index.htm;
        }
    }

cp clamav-0.101.3.tar.gz /u01/install/clamavdb

sed  -i  '$a 172.20.0.109 clamav.server_name.local'  /etc/hosts

wget http://clamav.server_name.local/clamav-0.101.3.tar.gz

在私服服务器中增加clamav的配置文件

然后执行修改命令，此处修改两个部分：clamd.conf，freshclam.conf。

                1）修改clamd.conf，命令如下。

                        vim /usr/local/clamav/etc/clamd.conf

                        // 注释掉第8行,如下

                        #Example　　

                        #添加以下内容         

                        LogFile /usr/local/clamav/logs/clamd.log           

                        PidFile /usr/local/clamav/updata/clamd.pid

                        DatabaseDirectory /usr/local/clamav/updata

                2）修改freshclam.conf，命令如下。

                        vim /usr/local/clamav/etc/freshclam.conf

                        // 注释掉第8行,如下

                        #Example

                        #添加以下内容

                        DatabaseDirectory /usr/local/clamav/updata

                        UpdateLogFile /usr/local/clamav/logs/freshclam.log

                        PidFile /usr/local/clamav/updata/freshclam.pid   

      

拷贝/usr/local/clamav/etc/clamd.conf 和/usr/local/clamav/etc/freshclam.conf到/u01/install/clamavdb

cp /usr/local/clamav/etc/clamd.conf /u01/install/clamavdb
cp /usr/local/clamav/etc/freshclam.conf /u01/install/clamavdb

3.下载好后对压缩包进行解压，命令如下。

   tar -zxvf clamav-0.101.3.tar.gz

4. 安装依赖包，命令如下。

 yum install gcc gcc-c++ openssl openssl-devel  -y

5. 进行Clamav的编译安装，命令如下。

cd clamav-0.101.3/

./configure --prefix=/usr/local/clamav

make && make install

6.在Clamav中添加用户和用户组，命令如下。

  groupadd clamav

  useradd -g clamav clamav

7.配置Clamav

创建日志目录和病毒库目录，命令如下。

mkdir /usr/local/clamav/{updata,logs}    

创建日志文件命令如下：

touch  /usr/local/clamav/logs/{clamd.log,freshclam.log}

对日志文件授权

chown clamav:clamav /usr/local/clamav/logs/clamd.log

chown clamav:clamav /usr/local/clamav/logs/freshclam.log

chown clamav:clamav /usr/local/clamav/updata

chown -R clamav.clamav /usr/local/clamav/

增加配置

cd /usr/local/clamav/etc/
wget http://clamav.server_name.local/freshclam.conf
wget http://clamav.server_name.local/clamd.conf 

8.运行Clamav

建立运行文件软连接

  ln -s /usr/local/clamav/bin/clamscan /usr/local/sbin/clamscan
  /usr/local/clamav/bin/freshclam ##更新病毒库，一般在中国大陆的服务器会报错，更新不了病毒库以下是解决方案

以上步骤一般会报错，请这样解决。

通过手工，注意不要用wget，wget本人测试也是在官方文章下来不了，一定要用浏览器下载。下载三个文件如图所示：

同时修改私有库中的

 http://clamav.server_name.local/freshclam.conf 
 http://clamav.server_name.local/clamd.conf 

对应的配置项PrivateMirror和ScriptedUpdates如下，这样在执行更新病毒命令之后不就会去你clamav.server_name.local私有服务上下载freshclam.conf 和clamd.conf

ScriptedUpdates yes

# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no

# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb

# This option allows you to easily point freshclam to private mirrors.
# If PrivateMirror is set, freshclam does not attempt to use DNS
# to determine whether its databases are out-of-date, instead it will
# use the If-Modified-Since request or directly check the headers of the
# remote database files. For each database, freshclam first attempts
# to download the CLD file. If that fails, it tries to download the
# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
# and ScriptedUpdates. It can be used multiple times to provide
# fall-back mirrors.
# Default: disabled
PrivateMirror  clamav.server_name.local

再次执行

/usr/local/clamav/bin/freshclam

如下图所示

9.扫描服务器病毒

• -r：迭代目录
• -l：指定日志路径
• --max-dir-recursion：指定目录深度

clamscan -r /etc --max-dir-recursion=5 -l /root/etcclamav.log

总结以上步骤：

1.nginx增加私有服务配置，在/u01/install/clamavdb存放freshclam.conf 和clamd.conf 和3个病毒库文件

main.cvd ,bytecode.cvd,daily.cvd,并且将clamav-0.101.3.tar.gz放入/u01/install/clamavdb以便后续下载安装

2.在需要安装的机器上

sed  -i  '$a 172.20.0.109 clamav.server_name.local'  /etc/hosts

wget http://clamav.server_name.local/clamav-0.101.3.tar.gz

修改hosts，下载软件安装，具体步骤参考上述

3.如果执行/usr/local/clamav/bin/freshclam还报错，就看看freshclam.conf 和clamd.conf配置文件配置PrivateMirror和ScriptedUpdates如上步骤8。

4.定义手工更新daily.cvd即可

如果按以上步骤还有障碍的请留言