在線檢測木馬病毒的網址:https://www.virustotal.com/gui/home/upload
一、簡介
ClamAV(Clam AntiVirus)是Linux平台上的開源病毒掃描程序,主要應用於郵件服務器,采用多線程后台操作,可以自動升級病毒庫。
二、安裝
安裝epel軟件源
# 安裝
[root@localhost ~]# yum install -y epel-release
# 緩存
[root@localhost ~]# yum clean all && yum makecache
安裝clamav程序
[root@localhost ~]# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
三、配置SELinux
配置ClamAV權限
[root@localhost ~]# setsebool -P antivirus_can_scan_system 1
[root@localhost ~]# setsebool -P clamd_use_jit 1
查看設置結果
[root@localhost ~]# getsebool -a | grep antivirus
antivirus_can_scan_system --> on
antivirus_use_jit --> on
四、配置ClamAV
1.刪除示列
[root@localhost ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
[root@localhost ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
2.編輯配置文件
[root@localhost ~]# vim /etc/clamd.d/scan.conf
3.找到以下行
#LocalSocket /var/run/clamd.scan/clamd.sock
刪除#符號並保存您的更改
五、更新病毒庫
[root@localhost ~]# freshclam
病毒庫保存位置:
/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd
設置定期更新病毒庫(可選)
crontab -e
00 01,13 * * * /usr/bin/freshclam --quiet
因為freshclam不是系統服務,可新建如下
# vim /usr/lib/systemd/system/freshclam.service
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 2 #一天更新兩次
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
systemctl enable freshclam.service
systemctl start freshclam.service
systemctl status freshclam.service
六、啟動Clamd服務
[root@localhost ~]# sudo systemctl start clamd@scan [root@localhost ~]# sudo systemctl enable clamd@scan
七、掃描病毒
clamscan 可用以掃描文件, 用戶目錄亦或是整個系統:
##掃描文件
[root@localhost ~]# clamscan targetfile
##遞歸掃描home目錄,並且記錄日志
[root@localhost ~]# clamscan -r -i /home -l /var/log/clamav.log
##遞歸掃描home目錄,將病毒文件刪除,並且記錄日志
[root@localhost ~]# clamscan -r -i /home --remove -l /var/log/clamav.log
##掃描指定目錄,然后將感染文件移動到指定目錄,並記錄日志
[root@localhost ~]# clamscan -r -i /home --move=/tmp/clamav -l /var/log/clamav.log
說明:
-r -i 遞歸掃描目錄
-l 指定記錄日志文件
--remove 刪除病毒文件
--move 移動病毒到指定目錄
1.重點掃描目錄
clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log
clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log
clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log
clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log
2.掃描報告說明
----------- SCAN SUMMARY -----------
Known viruses: 9141451 #已知病毒
Engine version: 0.102.4 #軟件版本
Scanned directories: 498 #掃描目錄
Scanned files: 738 #掃描文件
Infected files: 4 #感染文件!!!
Data scanned: 530.25 MB #掃描數據
Data read: 14131.60 MB (ratio 0.04:1) #數據讀取
Time: 203.805 sec (3 m 23 s) #掃描用時
3.查看病毒文件
cat /var/log/clamav-bin.log | grep "FOUND"
安裝腳本
#!/bin/bash
echo "安裝epel-release,yum緩存"
yum install -y epel-release && yum clean all && yum makecache
echo "安裝clamav"
yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
echo "配置SELinux中的ClamAV權限"
setsebool -P antivirus_can_scan_system 1 && setsebool -P clamd_use_jit 1 && getsebool -a | grep antivirus
echo "備份配置文件"
cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.bak
echo "刪除示列"
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
echo "配置文件添加內容"
echo "LocalSocket /run/clamd.scan/clamd.sock" >> /etc/clamd.d/scan.conf
echo "手動更新病毒庫"
freshclam
echo "一天兩次自動更新病毒庫"
cat >> /usr/lib/systemd/system/freshclam.service << "EOF"
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 2
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
EOF
echo "freshclam開機啟動,啟動服務,查看狀態"
systemctl enable freshclam.service && systemctl start freshclam.service && systemctl status freshclam.service
echo "clamd@scan開機啟動,啟動服務,查看狀態"
systemctl start clamd@scan && systemctl enable clamd@scan && systemctl status clamd@scan
echo "重點掃描目錄"
clamscan -r -i /etc --max-dir-recursion=5 -l /var/log/clamav-etc.log
clamscan -r -i /bin --max-dir-recursion=5 -l /var/log/clamav-bin.log
clamscan -r -i /usr --max-dir-recursion=5 -l /var/log/clamav-usr.log
clamscan -r -i /var --max-dir-recursion=5 -l /var/log/clamav-var.log