系统rhel7.5
clamav-0.100.2.tar.gz 官网下载clamav:http://www.clamav.net
开始安装:
根据自己的系统版本下载相应的epel安装文件
#wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
#wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
安装epel:
rpm -ivh epel-release-latest-7.noarch.rpm
#yum install clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
这种方法安装后,病毒库默认地址是/var/lib/clamav
#tar zxvf clamav-0.99.2.tar.gz
#cd clamav-0.99.2
#要带pcre,要不然执行clamscan会报错
#./configure --prefix=/usr/local/clamav --with-pcre
#make
#make install
#cd /usr/local/clamav/etc/
#cp clamd.conf.sample clamd.conf
#cp freshclam.conf.sample freshclam.conf
注释掉clamd.conf和freshclam.conf中的
Example 注释掉这一行. 第8 行
useradd clamav -s /sbin/nologin
mkdir -p /usr/local/clamav/share/clamav
chown clamav:clamav /usr/local/clamav/share/clamav
二、更新病毒库
#cd /usr/local/clamav/share/clamav
#wget http://database.clamav.net/main.cvd
#wget http://database.clamav.net/daily.cvd
#wget http://database.clamav.net/bytecode.cvd
chown clamav:clamav *
clamscan:
用clamscan扫描,不需要开始服务就能使用。速度慢,要带-r,才会递归扫描子目录
#clamscan -r /usr
这个命令不仅会显示找到的病毒,正常的扫描文件也会显示出来。
可以用下面这个命令,只显示找到的病毒信息
clamscan --no-summary -ri /tmp
-r 递归扫描子目录
-i 只显示发现的病毒文件
--no-summary 不显示统计信息
[[email protected] clamav]# clamscan /var/
LibClamAV Warning: **
LibClamAV Warning: The virus database is older than 7 days!
LibClamAV Warning: Please update it as soon as possible.
LibClamAV Warning: **
/var/run: Symbolic link
/var/lock: Symbolic link
/var/mail: Symbolic link
/var/.updated: OK
----------- SCAN SUMMARY -----------
Known viruses: 6668589
Engine version: 0.100.2
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 10.251 sec (0 m 10 s)
[[email protected] clamav]# clamscan --no-summary -ri /tmp
使用–remove选项,会直接删除检测出来的文件。
clamscan --remove /root
原文地址:http://blog.51cto.com/13810716/2324044