If you are installing ClamAV for the first time, you have to add a new user and group to your system:
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
1.建立源,epel-release
yum install -y epel-release (這是一個源)
yum -y update
2.安裝clamav包
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
3.設定clamav守護進程(Configuration of Clam daemon)
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
vim /etc/clamd.d/clamd.conf
Example改為#Example
sed -i -e 's/^Example/#Example/' /etc/clamd.d/clamd.conf(這是用命令行來為Example加#)
Configure SELinux for ClamAV.You had to write this command to get it working with SELinux:
setsebool -P antivirus_can_scan_system 1 (實際操作並沒有用到此行)
4.1修改freshclam配置(Enable Freshclam)
cp /etc/freshclam.conf /etc/freshclam.conf.bak
vim /etc/freshclam.conf
Example改為#Example
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf (這是用命令行來為Example加#)
4.2 啟用每日自動更新病毒庫
freshclam通過/etc/cron.d/clamav-update來運行,默認情況下是禁止的,
vim /etc/sysconfig/freshclam
FRESHCLAM_DELAY=disabled-warn # REMOVE ME改為#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
4.3配置掃描文件
Edit the configuration installed by the clamd-scanner package:
vim /etc/clamd.d/scan.conf
Example改為#Example sed -i -e 's/^Example/#Example/' /etc/clamd.d/scan.conf (這是用命令行來為Example加#)
#LocalSocket /var/run/clamd.scan/clamd.sock改為LocalSocket /var/run/clamd.scan/clamd.sock (85行)
資料:https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/
4.4建立“clam-freshclam.service”服務
vim /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
4.5啟動更新病毒庫服務
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
systemctl status clam-freshclam.service
看到active字樣,就表示clam-freshclam.service安裝成功。
4.6 手動更新病毒庫:
freshclam
*******************************************************************************************************************************
*******************************************************************************************************************************
*******************************************************************************************************************************
5.啟動服務
cd /usr/lib/systemd/system
systemctl enable clamd@scan.service
會顯示Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@scan.service.
systemctl start clamd@scan.service
systemctl status clamd@scan.service
7.掃描home,-r選項表示包含子目錄
# clamscan --infected --remove --recursive /home
備注
如果在手動更新病毒庫的時候遇到錯誤,此時就要刪除掉舊的鏡像地址文件#rm -f /var/lib/clamav/mirrors.dat
再手動更新一次病毒庫,#freshclam