本文基于官方编译的版本部署
一、Clamav支持周期
https://docs.clamav.net/faq/faq-eol.html?highlight=LTS#version-support-matrix
二、下载安装
注意:clamav-1.4.0.linux.x86_64 以上的 RPM 包需要 glibc 版本为 2.28或更新版本才可以安装,DEB 包需要 glibc 版本为2.27或更新版本才可以安装。
具体可参考官方说明:https://docs.clamav.net/manual/Installing.html
Bash
wget https://www.clamav.net/downloads/production/clamav-1.5.1.linux.x86_64.rpm
yum -y localinstall --disablerepo=\* clamav-1.5.1.linux.x86_64.rpm
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
# 默认病毒特征库文件位置 /usr/local/share/clamav/
mkdir -p /usr/local/share/clamav
sudo chown -R clamav:clamav /usr/local/share/clamav
#RedHat 类的系统且开了 selinux 的需要执行一下下边命令:
setsebool -P antivirus_can_scan_system 1
###############################
#默认配置文件位置 /usr/local/etc/
#cd /usr/local/etc/
#cp freshclam.conf.sample freshclam.conf
#cp clamd.conf.sample clamd.conf三、配置
1、创建新特征库和socket文件位置
Bash
mkdir -p /usr/local/clamav/{data,socket}
sudo chown -R clamav:clamav /usr/local/clamav
cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
touch /var/log/freshclam.log
chmod 600 /var/log/freshclam.log
chown clamav:clamav /var/log/freshclam.log2、修改配置文件
Bash
sed -i -e "s/^Example/#Example/" /usr/local/etc/freshclam.conf
sed -i -e "s|#DatabaseDirectory /var/lib/clamav|DatabaseDirectory /usr/local/clamav/data|" /usr/local/etc/freshclam.conf
sed -i -e "s/^#UpdateLogFile/UpdateLogFile/" /usr/local/etc/freshclam.conf
sed -i -e "s/^Example/#Example/" /usr/local/etc/clamd.conf
sed -i -e "s/^#LogSyslog yes/LogSyslog yes/" /usr/local/etc/clamd.conf
sed -i -e "s/^#TCPSocket 3310/TCPSocket 3310/" /usr/local/etc/clamd.conf
sed -i -e "s|#DatabaseDirectory /var/lib/clamav|DatabaseDirectory /usr/local/clamav/data|" /usr/local/etc/clamd.conf
sed -i -e "s|^#LocalSocket /run/clamav/clamd.sock|LocalSocket /usr/local/clamav/socket/clamd.sock|" /usr/local/etc/clamd.conf
sed -i -e "s/^#User clamav/User clamav/" /usr/local/etc/clamd.conf
sed -i -e "s|^#PidFile /run/clamav/clamd.pid|PidFile /usr/local/clamav/socket/clamd.pid|" /usr/local/etc/clamd.conf
sed -i -e "s|^#PidFile /run/clamav/freshclam.pid|PidFile /usr/local/clamav/socket/freshclam.pid|" /usr/local/etc/freshclam.conf
sed -i -e "s|^#NotifyClamd /path/to/clamd.conf|NotifyClamd /usr/local/etc/clamd.conf|" /usr/local/etc/freshclam.conf3、其它可选配置项
Bash
#一些大小限制设置:
sed -i -e "s/^#StreamMaxLength .*$/StreamMaxLength 1024M/g" /usr/local/etc/clamd.conf
sed -i -e "s/^#ReadTimeout.*$/ReadTimeout 600/g" /usr/local/etc/clamd.conf
sed -i -e "s/^#MaxScanTime.*$/MaxScanTime 600000/g" /usr/local/etc/clamd.conf
#注意:禁用此限制或设置过高可能会导致系统严重损坏。
sed -i -e "s/^#MaxScanSize 1000M/MaxScanSize 1000M/g" /usr/local/etc/clamd.conf
#大于此限制的文件将不会被扫描。影响输入文件本身以及其中包含的文件(当输入文件是存档、文档或其他类型的容器时)。
#注意:禁用此限制或设置过高可能会导致系统严重损坏。
#由于技术设计上的限制,ClamAV 目前无法扫描超过 2 GB 的文件。
sed -i -e "s/^#MaxFileSize 400M/MaxFileSize 1000M/g" /usr/local/etc/clamd.conf4、手动更新病毒特征库
Bash
#freshclam --config-file=/usr/local/etc/freshclam.conf
freshclam5、定时更新病毒特征库服务
Bash
cat <<- "EOF" > /usr/lib/systemd/system/clamav-freshclam.service
[Unit]
Description=ClamAV virus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/
# If user wants it run from cron, don't start the daemon.
# ConditionPathExists=!/etc/cron.d/clamav-update
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf -d --foreground=true
[Install]
WantedBy=multi-user.target
EOF启用服务
Bash
systemctl start clamav-freshclam
systemctl enable clamav-freshclam6、设置clamd查毒服务
Bash
cat <<- "EOF" > /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = always
TimeoutStartSec=420
[Install]
WantedBy = multi-user.target
EOF启用服务
Bash
systemctl start clamd
systemctl enable clamd四、病毒查杀测试
1、下载测试病毒
Bash
#curl -O http://www.eicar.org/download/eicar.com
curl -O https://secure.eicar.org/eicar.com.txt
#尝试查杀
clamscan --infected --remove --recursive .
clamdscan --infected --remove .
# 如果文件是非 clamav 所有,用下边的命令测试,或者 # clamdscan --stream --remove .
clamdscan --fdpass --remove .2、文件大小限制扫描测试记录和命令
Bash
#设置最大扫描 441 MB ( 462422016 B),不报毒
[root@c7 tmp]# clamscan --max-scansize=462422016 --max-filesize=0 TestVirus.tar
Loading: 20s, ETA: 0s [========================>] 8.71M/8.71M sigs
Compiling: 4s, ETA: 0s [========================>] 41/41 tasks
/tmp/TestVirus.tar: OK
----------- SCAN SUMMARY -----------
Known viruses: 8706130
Engine version: 1.3.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 441.90 MB (ratio 0.00:1)
Time: 26.458 sec (0 m 26 s)
Start Date: 2025:04:03 23:29:45
End Date: 2025:04:03 23:30:12
[root@c7 tmp]#
#设置最大扫描 512 MB ( 536870912 B),报毒
[root@c7 tmp]# clamscan --max-scansize=536870912 --max-filesize=0 TestVirus.tar
Loading: 20s, ETA: 0s [========================>] 8.71M/8.71M sigs
Compiling: 4s, ETA: 0s [========================>] 41/41 tasks
/tmp/TestVirus.tar: Win.Test.EICAR_HDB-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8706130
Engine version: 1.3.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 441.90 MB (ratio 0.00:1)
Time: 27.548 sec (0 m 27 s)
Start Date: 2025:04:03 23:30:40
End Date: 2025:04:03 23:31:07
[root@c7 tmp]#
#设置最大扫描 为不限制 ( 0 B),报毒
[root@c7 tmp]# clamscan --max-scansize=0 --max-filesize=0 TestVirus.tar
Loading: 20s, ETA: 0s [========================>] 8.71M/8.71M sigs
Compiling: 4s, ETA: 0s [========================>] 41/41 tasks
/tmp/TestVirus.tar: Win.Test.EICAR_HDB-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8706130
Engine version: 1.3.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 441.90 MB (ratio 0.00:1)
Time: 27.619 sec (0 m 27 s)
Start Date: 2025:04:03 23:31:16
End Date: 2025:04:03 23:31:44
[root@c7 tmp]#