#clamav安装与使用
###第一步:Clamav下载
http://www.clamav.net/downloads wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz###第二步:创建clamav用户和组
groupadd clamav (创建clamav组)useradd -g clamav clamav(创建clamav用户并加入clamav组)###第三步:编译安装
```shelltar xfclamav-0.99.2.tar.gzcd clamav-0.99.2安装依赖包
yum install gcc openssl openssl-devel -y./configure--prefix=/usr/local/clamav
make&&make install```###第四步:配置
```shellmkdir /usr/local/clamav/logs #(日志存放目录)touch /usr/local/clamav/logs/clamd.logtouch /usr/local/clamav/logs/freshclam.logmkdir /usr/local/clamav/updata #(clanav 病毒库目录)chown -R root.clamav /usr/local/clamav/chown -R clamav.clamav /usr/local/clamav/updata/chown clamav.clamav /usr/local/clamav/logs/clamd.logchown clamav.clamav /usr/local/clamav/logs/freshclam.logcd /usr/local/clamav/etc
cp clamd.conf.sample clamd.confcp freshclam.conf.sample freshclam.confvim clamd.conf
#Example 注释掉这一行.LogFile /usr/local/clamav/logs/clamd.log PidFile /usr/local/clamav/updata/clamd.pid DatabaseDirectory /usr/local/clamav/updatavim freshclam.conf
#Example 注释掉这一行. DatabaseDirectory /usr/local/clamav/updataUpdateLogFile /usr/local/clamav/logs/freshclam.logPidFile /usr/local/clamav/updata/freshclam.pid```###第五步:升级病毒库
/usr/local/clamav/bin/freshclamPS:这个过程很久,大概半个小时。确保网络正常
```shell
--help / -h show help--version / -V print version number and exit--verbose / -v be verbose--debug enable debug messages--quiet only output error messages--no-warnings don't print and log warnings--stdout write to stdout instead of stderr--show-progress show download progress percentage--config-file=FILE read configuration from FILE.--log=FILE / -l FILE log into FILE--daemon / -d run in daemon mode--pid=FILE / -p FILE save daemon's pid in FILE--user=USER / -u USER run as USER--no-dns force old non-DNS verification method--checks=#n / -c #n number of checks per day, 1 <= n <= 50--datadir=DIRECTORY download new databases into DIRECTORY--daemon-notify[=/path/clamd.conf] send RELOAD command to clamd--local-address=IP / -a IP bind to IP for HTTP downloads--on-update-execute=COMMAND execute COMMAND after successful update--on-error-execute=COMMAND execute COMMAND if errors occured--on-outdated-execute=COMMAND execute COMMAND when software is outdated--list-mirrors print mirrors from mirrors.dat--enable-stats enable statistical information reporting--stats-host-id=UUID HostID in the form of an UUID to use when submitting statistical information--update-db=DBNAME only update database DBNAME```
###第六步:杀毒
/usr/local/clamav/bin/clamscan -r --remove (查杀当前目录并删除感染的文件)/usr/local/clamav/bin/clamscan -r --bell -i / (扫描所有文件并且显示有问题的文件的扫描结果)>其他参数
>```shell> -r/--recursive[=yes/no] 所有文件> --log=FILE/-l FILE 增加扫描报告> # clamscan -l /var/log/clamscan.log /> --move [路径] 移动病毒文件至..> --remove [路径] 删除病毒文件> --quiet 只输出错误消息> --infected/-i 只输出感染文件> --suppress-ok-results/-o 跳过扫描OK的文件> --bell 扫描到病毒文件发出警报声音> --unzip(unrar) 解压压缩文件扫描>```###第七步:计划任务
实际生产环境应用一般使用计划任务,让服务器每天晚上定时跟新和定时杀毒。保存杀毒日志,我的crontab文件如下16 4 * * * /usr/local/clamav/bin/freshclam16 5 * * * /usr/local/clamav/bin/clamscan --infected -r / --remove -l /var/log/clamscan.log
>返回值
>0 : 无病毒>1 : 发现病毒>40: 已经通过的未知选项>50: 数据库初始化错误>52: 不支持的文件格式>53: 无法打开目录>54: 不能打开文件(ofm)>55: 读文件错误(ofm)>56: Can't stat input file / directory.>57: Can't get absolute path name of current working directory.>58: I/O 错误, 请检查文件系统>59: 无法在/etc/passwd获得当前用户的信息>60: 无法在/etc/passwd获得'clamav'(默认名)用户的信息>61: Can't fork.>63: 不能创建临时文件/目录(检查权限).>64: 无法对临时目录进行写操作 (请指定另一个目录).>70: 无法分配或释放内存 (calloc).>71: 无法分配内存 (malloc).
```shellNOTE:Problem:"Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons."
Resolve:
from freshclam.conf file find the line#DatabaseMirror db.XY.clamav.net and uncomment it out toDatabaseMirror db.us.clamav.net#or DatabaseMirror db.ac.clamav.net