Clam AntiVirus(ClamAV)是免費而且開放源代碼的防毒軟件,軟件與病毒碼的更新皆由社群免費發布。目前ClamAV主要是使用在Linux、FreeBSD等Unix-like系統架設的郵件服務器上,提供電子郵件的病毒掃描服務.
安裝EPEL源
(http://www.cyberciti.biz/faq/installing-rhel-epel-repo-on-centos-redhat-7-x/)
Clamav可以通過EPEL源來安裝,所以要首先安裝EPEL,可以采用兩種方法來安裝:
第一種,通過命令行安裝
[root@server_for_product ~]# yum install epel-release
第二種,使用下載好的安裝包進行安裝
[root@server_for_product ~]# cd /tmp
[root@server_for_product tmp]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
ls *.rpm
[root@server_for_product tmp]# yum install epel-release-7.noarch.rpm
刷新安裝源並查看是否已經安裝
[root@server_for_product ~]# yum repolist
看到以下字樣就代表安裝完成
epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64
查看EPEL源含有的安裝包
[root@server_for_product ~]# yum --disablerepo="*" --enablerepo="epel" list available | less
安裝ClamAV
在安裝了EPEL源后,運行下面的命令安裝ClamAV
[root@server_for_product ~]# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
在兩個配置文件/etc/freshclam.conf和/etc/clamd.d/scan.conf中移除“Example”字符
[root@server_for_product ~]#sed -i -e “s/^Example/#Example/” /etc/freshclam.conf
[root@server_for_product ~]#sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf
手動更新病毒庫
[root@server_for_product ~]# freshclam
順便一提,freshclam命令通過文件/etc/cron.d/clamav-update來自動運行,該文件的內容
## Adjust this line...
MAILTO=root
## It is ok to execute it as root; freshclam drops privileges and becomes
## user 'clamupdate' as soon as possible
0 */3 * * * root /usr/share/clamav/freshclam-sleep
但默認情況下是禁止了自動更新功能,需要移除文件/etc/sysconfig/freshclam最后一行的配置才能啟用
## Adjust this line...
MAILTO=root
## It is ok to execute it as root; freshclam drops privileges and becomes
## user 'clamupdate' as soon as possible
0 */3 * * * root /usr/share/clamav/freshclam-sleep
[root@server_for_product kylin]# ^C
[root@server_for_product kylin]# tail /etc/sysconfig/freshclam
## This option accepts two special values:
## 'disabled-warn' ... disables the automatic freshclam update and
## gives out a warning
## 'disabled' ... disables the automatic freshclam silently
# FRESHCLAM_DELAY=
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn # REMOVE ME
記得移除上面紅色字體。
定義服務器類型(本地或者TCP),在這里定義為使用本地socket,將文件/etc/clam.d/scan.conf中的這一行前面的注釋符號去掉:
#LocalSocket /var/run/clamd.scan/clamd.sock
配置開機啟動
[root@server_for_product ~]# systemctl enable clamd@scan
[root@server_for_product ~]# ln -s ‘/usr/lib/systemd/system/clamd@scan.service’ ‘/etc/systemd/system/multi-user.target.wants/clamd@scan.service’
啟動並檢查服務狀態
[root@server_for_product ~]# systemctl start clamd@scan
[root@server_for_product ~]# systemctl status clamd@scan
看到active字樣就表示安裝成功。
備注
如果在手動更新病毒庫的時候遇到錯誤:Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.
此時就要刪除掉舊的鏡像地址文件
[root@server_for_product ~]# rm -f /var/lib/clamav/mirrors.dat
再手動更新一次病毒庫
[root@server_for_product ~]# freshclam