下载Clamav http://www.clamav.net/download.html
1.CentOS7.4安装Clamav
#安装依赖
yum -y install gcc-c++ pcre-devel zlib-devel openssl-devel llvm-devel libxml2 libxml2-devel libcurl-devel
#解压编译安装
tar zxf clamav-0.100.0.tar.gz
cd clamav-0.100.0
./configure --prefix=/opt/clamav
make && make install
2.修改配置文件
groupadd clamav
useradd clamav -s /sbin/nologin
mkdir /opt/clamav/logs
mkdir /opt/clamav/share/update
touch /opt/clamav/logs/{freshclam.log,clamd.log}
chown -R clamav:clamav /opt/clamav/logs
chown clamav.clamav /opt/clamav/share/update
cp /opt/clamav/etc/clamd.conf.sample /opt/clamav/etc/clamd.conf
#修改: clamd.conf
#Example 注释掉这一行
LogFile /opt/clamav/logs/clamd.log
PidFile /opt/clamav/updata/clamd.pid
DatabaseDirectory /opt/clamav/updata/
cp /opt/clamav/etc/freshclam.conf.sample /opt/clamav/etc/freshclam.conf
#修改: freshclam.conf
#Example 注释掉这一行
3.下载或更新病毒库
# 会有点慢,多台机器的话,可以一台下载之后再拷贝,下载的文件在 /opt/clamav/share/clamav 目录
/opt/clamav/bin/freshclam
4.使用Clamav
#常用方法:
## 扫描病毒
/opt/clamav/bin/clamscan -r --bell -i ${路径}
#例如:
[root@centos7 clamav]# ./bin/clamscan -r --bell -i /home/
----------- SCAN SUMMARY -----------
Known viruses: 6526435 ## 病毒库
Engine version: 0.100.0 ## 引擎版本
Scanned directories: 2 ## 扫描的目录
Scanned files: 3 ## 扫描的文件
Infected files: 0 ## 感染的文件数
Data scanned: 0.00 MB ## 扫描文件的大小
Data read: 0.00 MB (ratio 0.00:1)
Time: 20.303 sec (0 m 20 s) ## 扫描花费的时间
## 扫描并清除
clamscan -r –remove ${路径}
## 扫描并移动病毒和感染文件到指定目录
clamscan -r --move=/home/bill/my_virus_collection ${路径}
#### clamscan -h 查看帮助
5.安装脚本
#!/bin/bash
# USAGE: install clamav
### Install
yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel llvm-devel libxml2 libxml2-devel libcurl-devel
tar zxf clamav-0.100.0.tar.gz
cd clamav-0.100.0
./configure --prefix=/opt/clamav
make && make install
### Setting
groupadd clamav
useradd clamav -g clamav -s /sbin/nologin
mkdir /opt/clamav/logs
mkdir /opt/clamav/share/clamav
touch /opt/clamav/logs/freshclam.log
touch /opt/clamav/logs/clamd.log
chown -R clamav.clamav /opt/clamav/logs
chown clamav.clamav /opt/clamav/share/clamav
cp /opt/clamav/etc/clamd.conf.sample /opt/clamav/etc/clamd.conf
cp /opt/clamav/etc/freshclam.conf.sample /opt/clamav/etc/freshclam.conf
sed -i 's/^Example/\#Example/g' /opt/clamav/etc/freshclam.conf
sed -i 's/^Example/\#Example/g' /opt/clamav/etc/clamd.conf
sed -i 's/^#LogFile\ \/tmp\/clamd.log/LogFile\ \/opt\/clamav\/logs\/clamd.log/g' /opt/clamav/etc/clamd.conf
sed -i 's/^#PidFile\ \/var\/run\/clamd.pid/PidFile\ \/opt\/clamav\/updata\/clamd.pid/g' /opt/clamav/etc/clamd.conf
sed -i 's/^#DatabaseDirectory\ \/var\/lib\/clamav/DatabaseDirectory\ \/opt\/clamav\/updata/g' /opt/clamav/etc/clamd.conf
cd ..
## 病毒库的压缩包clamav.virus_data.tar.gz,解压这个压缩包后,得到一个calmav目录,目录里面是官网上下载的病毒库
tar zxf clamav.virus_data.tar.gz
cp clamav/* /opt/clamav/share/clamav/
### 添加定时扫描任务
mkdir /tmp/virus_collection
echo "#scan virus" >>/etc/crontab
echo '30 4 5 * * /opt/clamav/bin/clamscan -r --move=/tmp/virus_collection / >/dev/null 2>&1' >>/etc/crontab
