Installation and use of anti-virus software ClamAV under Linux

• posted on: June 30, 2017
• Category: Linux/unix

Recently found a server poisoning, manual to Avira will always be missing, finally installed the Linux antivirus software ClamAV, the use is good.

Environment:
Linux 6.8
Version:
Clamav-0.99.2.tar.gz
Dependency Relationship:
Yum install pcre* zlib zlib-devel libssl-devel Libssl
OpenSSL version 0.9.8 or higher

I. Installation CLAMAV
There are two ways of installing:
1.yum Installation
With Epel source for installation, but need to network to line (but can be poisoned also generally have outside network)
After installation, the service files are generated automatically, and after starting the service, you can use the CLAMDSACN command to scan faster.
When the service is started, the scan connection is monitored in real time, although security is high, but may have an impact on server performance.

Download Install Epel.repo file
Linux6 and 7 general, 6 will be prompted to find some components

1	#yum install clamav  clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

After this method is installed, the default address of the virus library is/var/lib/clamav

2. Source code Installation
Need to manually compile the installation, although the installation does not need to network, but update the virus database or need networking
Do not start the service after installation, you cannot use the CLAMDSACN command, you can use the Clamscan command, the scanning speed is relatively slow

Official website Download ClamAV

123456

#tar zxvf clamav-0.99.2.tar.gz#cd clamav-0.99.2#要带pcre，要不然执行clamscan会报错#./configure --prefix=/usr/local/clamav  --with-pcre#make#make install

Configuration file (Yum installs most of the steps can be omitted, will be created automatically)

12345

#cd /usr/local/clamav/etc/#cp clamd.conf.sample clamd.conf#cp freshclam.conf.sample freshclam.conf注释掉clamd.conf和freshclam.conf中的# Example 注释掉这一行. 第8 行

#创建用户, create a directory where the virus library is stored

123	# useradd clamav -s /sbin/nologin# mkdir-p /usr/local/clamav/share/clamav# chownclamav:clamav /usr/local/clamav/share/clamav

Second, update the virus database
Perform the update command to download the virus database
#/opt/clamav/bin/freshclam

It's generally not downloaded.
You can wget to the local.

123456

#cd /usr/local/clamav/share/clamav#wget http://database.clamav.net/main.cvd#wget http://database.clamav.net/daily.cvd#wget http://database.clamav.net/bytecode.cvd# chownclamav:clamav  *

Third, the command scan
ClamAV has two commands: Clamdscan, Clamscan
Clamdscan commands are generally installed in Yum to use, need to start CLAMD service, fast execution speed
Clamscan commands are generic, do not rely on services, command parameters are more, execution speed is slightly slower

Clamdscan:

123	#service clamd start用clamdscan扫描，需要开始服务才能使用。速度快，不用带-r，默认会递归扫描子目录#clamdscan /usr

Clamscan:
With Clamscan scanning, you do not need to start the service to be able to use. Slow, with-R to recursively scan subdirectories

12	#clamscan -r /usr这个命令不仅会显示找到的病毒，正常的扫描文件也会显示出来。

You can use the following command to display only the virus information found

1234	# clamscan --no-summary -ri /tmp-r 递归扫描子目录-i 只显示发现的病毒文件--no-summary 不显示统计信息

You can write a script that uses this command to scan periodically, with a return value triggering an alarm.

Installation and use of anti-virus software ClamAV under Linux