Clam AntiVirus(ClamAV)是免費而且開放原始碼的防毒軟體,軟體與病毒碼的更新皆由社群免費發布。目前ClamAV主要是使用在由Linux、FreeBSD等Unix-like系統架設的郵件伺服器上,提供電子郵件的病毒掃描服務。
安裝 Clam AntiVirus
由於Clam Antivirus不存在於CentOS中yum的官方庫中,所以用yum安裝Clam Antivirus需要定義非官方的庫。請先確認相應非官方庫檔案的存在。
[root@sample ~]# ls -l /etc/yum.repos.d/dag.repo ← 確認相應庫檔案的存在性
-rw-r--r-- 1 root root 143 Oct 1 21:33 /etc/yum.repos.d/dag.repo ← 確認其存在(否則不能通過yum安裝Clamd)
如果以上,dag.repo檔案不存在,則不能通過yum安裝Clam Antivirus,需要定義非官方庫。定義非官方庫的方法請見 “CentOS的下載、安裝及初始環境設定”一節中yum的相關設定。而且,在此前提下也要保證所定義的dag.repo檔案的文法的正確性。
然後,通過yum來線上安裝 Clam Antivirus 。
[root@sample ~]# yum -y install clamd ← 線上安裝 Clam AntiVirus
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 1.6 MB 00:08
dag : ################################################## 4610/4610
Added 4610 new packages, deleted 0 old in 94.91 seconds
primary.xml.gz 100% |=========================| 103 kB 00:05
update : ################################################## 256/256
Added 56 new packages, deleted 0 old in 4.25 seconds
Reducing Dag RPM Repository for Red Hat Enterprise Linux to included packages only
Finished
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamd to pack into transaction set.
clamd-0.88.4-1.el4.rf.i38 100% |=========================| 5.3 kB 00:00
---> Package clamd.i386 0:0.88.4-1.el4.rf set to be updated
--> Running transaction check
--> Processing Dependency: clamav = 0.88.4-1.el4.rf for package: clamd
--> Processing Dependency: libclamav.so.1 for package: clamd
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav to pack into transaction set.
clamav-0.88.4-1.el4.rf.i3 100% |=========================| 8.1 kB 00:00
---> Package clamav.i386 0:0.88.4-1.el4.rf set to be updated
--> Running transaction check
--> Processing Dependency: clamav-db = 0.88.4-1.el4.rf for package: clamav
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav-db to pack into transaction set.
clamav-db-0.88.4-1.el4.rf 100% |=========================| 3.2 kB 00:00
---> Package clamav-db.i386 0:0.88.4-1.el4.rf set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
clamd i386 0.88.4-1.el4.rf dag 64 k
Installing for dependencies:
clamav i386 0.88.4-1.el4.rf dag 724 k
clamav-db i386 0.88.4-1.el4.rf dag 5.6 M
Transaction Summary
=============================================================================
Install 3 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 6.4 M
Downloading Packages:
(1/3): clamd-0.88.4-1.el4 100% |=========================| 64 kB 00:01
(2/3): clamav-0.88.4-1.el 100% |=========================| 724 kB 00:04
(3/3): clamav-db-0.88.4-1 100% |=========================| 5.6 MB 00:25
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav-db ######################### [1/3]
Installing: clamav ######################### [2/3]
Installing: clamd ######################### [3/3]
Installed: clamd.i386 0:0.88.4-1.el4.rf
Dependency Installed: clamav.i386 0:0.88.4-1.el4.rf clamav-db.i386 0:0.88.4-1.el4.rf
Complete! ← 安裝完畢!
配置 Clam AntiVirus
接下來配置 Clam Antivirus 。
[root@sample ~]# vi /etc/clamd.conf ← 修改clamd的設定檔
ArchiveBlockMax ← 找到這一行,在行首加上“#”(不把大容量的壓縮檔看作被感染病毒的檔案)
↓
#ArchiveBlockMax ← 變為此狀態
User clamav ← 找到這一行,在行首加上“#”(不允許一般使用者控制)
↓
#User clamav ← 變為此狀態
運行 Clam AntiVirus
讓 Clam Antivirus 開始運行,並設定其為自啟動。
[root@sample ~]# chkconfig clamd on ← 將其設定為自系統啟動後啟動
[root@sample ~]# chkconfig --list clamd
clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 確認2--5為on的狀態就OK
[root@sample ~]# /etc/rc.d/init.d/clamd start ← 啟動clamd服務(運行Clam AntiVirus)
Starting Clam AntiVirus Daemon: [ OK ] ← 啟動成功
更新 Clam AntiVirus 的病毒庫
安裝後建議立即更新病毒庫,以保證最新病毒的查殺。
[root@sample ~]# freshclam ← 更新clam的病毒庫
ClamAV update process started at Fri Aug 25 18:39:26 2006
Downloading main.cvd [*]
main.cvd updated (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
Downloading daily.cvd [*]
daily.cvd updated (version: 1728, sigs: 2565, f-level: 8, builder: ccordes)
Database updated (66703 signatures) from db.cn.clamav.net (IP: 58.221.253.171)
Clamd successfully notified about the update.
病毒掃描
然後進行病毒掃描的測試,在這裡,我們首先下載測試用的病毒檔案。
[root@sample ~]# clamdscan ← 進行病毒掃描
/root: OK
----------- SCAN SUMMARY -----------
Infected files: 0 ← 沒有發現病毒
Time: 5.074 sec (0 m 5 s)
[root@sample ~]# wget http://www.eicar.org/download/eicar.com ← 下載帶毒檔案
[root@sample ~]# wget http://www.eicar.org/download/eicar_com.zip ← 下載帶毒檔案
然後,再次進行病毒到描。附加“remove”選項後,會在查出病毒後自動刪除染毒檔案。
[root@sample ~]# clamdscan --remove ← 再次進行病毒掃描,並附加刪除選項
/root/eicar.com: Eicar-Test-Signature FOUND ← 發現被病毒感染的檔案
/root/eicar.com: Removed. ← 刪除被病毒感染的檔案
/root/eicar_com.zip: Eicar-Test-Signature FOUND ← 發現被病毒感染的檔案
/root/eicar_com.zip: Removed. ← 刪除被病毒感染的檔案 ----------- SCAN SUMMARY -----------
Infected files: 2
Time: 2.201 sec (0 m 2 s)
讓病毒掃描定期運行
[root@sample ~]# vi scan.sh ← 建立自動掃描指令碼,如下:
#!/bin/bash
PATH=/usr/bin:/bin
CLAMSCANTMP=`mktemp`
clamdscan --recursive --remove / > $CLAMSCANTMP
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] &&
grep FOUND $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
rm -f $CLAMSCANTMP
[root@sample ~]# chmod 700 scan.sh ← 賦予指令碼可被執行的許可權
[root@sample ~]# crontab -e ← 編輯計劃任務,添加如下行
00 03 * * * /root/scan.sh ← 添加這一行,讓其在每天3點鐘執行掃描
有了免費開源的Clam AntiVirus,又為我們的免費Linux增加了不少安全系統,而且不要花錢購買,是不是一個很爽的事情。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
