Author: JackTian
Public number: Jie Ge's IT journey
This article has a total of 4034 words, 10 pictures, and estimated reading time: 10 minutes.
At work, whether you are a system administrator or an ordinary user. Computers will have such a phenomenon, first: the computer system itself is a virus, and second: the computer of other people, and the destructiveness of the virus is large or small. For example: deleting data, stealing information, etc., no matter what, computer users will be affected to a certain extent. Then, we need to take some measures to protect;
Today I will introduce to you an anti-virus software under Linux environment: ClamAV
ClamAV introduces
ClamAV: It is the most popular antivirus software on Linux operating system. It is released for free under the GPL agreement, and is an open source antivirus engine used to detect viruses, viruses, malware and other malicious threats.
Features of
ClamAV
Official website address of ClamAV :
Source package download address:
https://www.clamav.net/downloads
Official website document manual address:
https://www.clamav.net/documents/clam-antivirus-0-101-0-user-manual
Official website introduction address:
https://www.clamav.net/documents/introduction
ClamAV environment building and installation
system environment: Centos 6.5
clamav version : clamav-0.101.2.tar.gz
1. First, write a YUM warehouse script, give 755 permissions, and then execute the .sh file. If you don’t know how to configure and use YUM warehouse, please refer to: Linux Yum warehouse configuration and use
sh yum_install.sh
2. There are two ways to install Clamav:
Install Clamav and some components through YUM;
To install with epel source, you need to be connected to the Internet. It should be noted that: but generally the Internet can be poisoned.
After the installation is complete, the service file will be automatically generated. After the service is started, you can use the clamdsacn command. The scanning speed is fast. Real-time monitoring and scanning connection status improves security, but it may have a certain impact on server performance.
yum install clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Source code installation: You need to compile and install manually, although the installation does not need to be connected to the Internet.
However, to update the virus database, you still need to start the service after network installation, and you cannot use the clamdsacn command. You can use the clamscan command. The scanning speed is relatively slow.
tar zxvf clamav-0.101.2.tar.gz
cd clamav-0.101.2
./configure --prefix=/usr/local/clamav --with-pcre
After executing the above ./configure --prefix=/usr/local/clamav --with-pcre command, the following error message will be prompted. The specific solutions are as follows:
configure: error: newly created file is older than distributed files!
Solution:
Analysis of the cause of the error:
Because the current clock is earlier than the file time, you need to set the current system time to exceed the file creation time;
The reference Linux configuration appears:
configure: error: newly created file is older than distributed files!
The commands executed are as follows:
hwclock --set --date="05/21/2019 13:14:52"
Set all files to current time
Refer to the modification of file creation time under Linux, which means modifying the file modification time;
The commands executed are as follows:
find . -name "*" -exec touch '{}' \;
After executing ./configure, a summary result will be output to verify whether the package you actually installed has been detected;
The output result is as follows:
make && make install
Modify the configuration file
Comment out Example on line 8 in the configuration files of clamd.conf and freshclam.conf
cd /usr/local/clamav/etc/
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf
vi clamd.conf
vi freshclam.conf
Create users and create directories for storing virus databases
useradd clamav -s /sbin/nologin
mkdir -p /usr/local/clamav/share/clamav
chown clamav:clamav /usr/local/clamav/share/clamav
Updating the virus database is
very important to keep updated and regularly inspect the virus database. clamAV provides an automatic update function. In fact, users can use the command line tool to manually update the virus database;
It should be noted that: Unicom external network is necessary to update the virus database;
/usr/local/clamav/bin/freshclam
Scanning for viruses After
updating the virus database, we can then scan the virus database to see which options can be scanned?
For example: the following command means to scan the file type whose suffix is .rar;
[root@localohost ~]# /usr/local/clamav/bin/clamscan --unrar
After the scan is completed, clamscan will display a table that will show the results of this scan.
==========扫描过程中之前的内容省略,下面是一部分扫描后的结果==========
/root/.gtk-bookmarks: OK
/root/.bash_logout: OK
/root/yum_install.sh: OK
/root/anaconda-ks.cfg: OK
/root/.pulse-cookie: OK
/root/.tcshrc: OK
/root/.bashrc: OK
/root/.esd_auth: OK
/root/.imsettings.log: OK
/root/.bash_history: OK
/root/.cshrc: OK
/root/.bash_profile: OK
/root/clamav-0.101.2.tar.gz: OK
/root/.ICEauthority: OK
/root/install.log.syslog: OK
/root/.viminfo: OK
----------- SCAN SUMMARY -----------
Known viruses: 6131551
Engine version: 0.101.2
Scanned directories: 1
Scanned files: 18
Infected files: 0
Data scanned: 21.02 MB
Data read: 20.78 MB (ratio 1.01:1)
Time: 74.598 sec (1 m 14 s)
The results of the scan are as follows:
Common parameter options for clamscan
Scheduled scanning
in addition to the virus scan, you may be provided to a timing task timings virus scanning;
[root@localhost ~]# crontab -e
50 21 * * * /usr/local/clamav/bin/clamscan --tgz