开源的ClamAV 杀毒软件
在网上的文档,总是各种步骤一大堆,又要改配置这的那的,其实没必要那么麻烦,直接用yum安装的话,会自动创建很多东西,而我们只是利用其扫描功能,只要可以更新病毒库,可以进行扫描就可以了。下面就是最简单,最小化的使用。不开启clamavd放病毒服务,而是只是当作病毒扫描工具来使用。
安装部署与使用:
# 更新epel仓库源,yum下载clamav
yum -y install epel-release
yum install –y clamav clamav-update
# 更新病毒库
freshclam
# 扫描病毒
$ clamscan –ri / -l clamscan.log –remove # 这里递归扫描根目录 / ,发现感染文件立即删除
# -r 递归扫面子文件
# –i 只显示被感染的文件
# -l 指定日志文件
# –remove 删除被感染文件
# –move隔离被感染文件
# 在扫描完成后,我们可以将其作为计划任务,每天深夜进行病毒扫描,如果扫描到了病毒,就发送邮件给管理员,然后管理员手动进行一定的病毒分析然后再杀毒。
# 将扫描程序写成脚本
import smtplib
from email.mime.text import MIMEText
from email.header import Header
import socket
import os
import re
class ClamAV(object):
## 这里填入自己的远程smtp服务。利用第三方smtp服务进行邮件发送。
def __init__(self):
self.HOST = "smtp.exmail.qq.com"
self.PORT = "465"
self.USER = '[email protected]'
self.PASSWD = 'xxxxxx'
self.TO = "[email protected]"
def clamscan(self):
os.system('freshclam')
os.system('clamscan -ri /tmp > /tmp/clamscan.log')
with open('/tmp/clamscan.log', 'r', encoding='utf-8') as f:
a = f.read()
result = re.findall('Infected files:.*', a)
if result:
number = result[0].split(':')[1].strip()
if number != '0':
self.sendmail('Infected files:%s。有文件感染,请手动检查,查杀病毒。' %number)
else:
self.sendmail('扫描脚本有误,请检查')
def sendmail(self,content):
ipaddr = socket.gethostbyname(socket.gethostname())
smtp = smtplib.SMTP_SSL(self.HOST, self.PORT)
smtp.ehlo()
smtp.login(self.USER, self.PASSWD)
TEXT = """IP: %s\nContent: %s""" %(ipaddr,content)
message = MIMEText(TEXT, 'plain', 'utf-8')
message['From'] = self.USER
message['To'] = self.TO
message['Subject'] = Header('Clamscan Result Warning', 'utf-8')
smtp.sendmail(self.USER, self.TO, message.as_string())
smtp.quit()
clam = ClamAV()
clam.clamscan()
# 设为定时任务,每天凌晨4点执行扫描
$ vim /etc/crontab
00 4 * * * root {local-path}/clamsacn.py
安装EPEL源
(http://www.cyberciti.biz/faq/installing-rhel-epel-repo-on-centos-redhat-7-x/)
Clamav可以通过EPEL源来安装,所以要首先安装EPEL,可以采用两种方法来安装:
第一种,通过命令行安装
[root@server_for_product ~]# yum install epel-release
第二种,使用下载好的安装包进行安装
[root@server_for_product ~]# cd /tmp
[root@server_for_product tmp]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
ls *.rpm
[root@server_for_product tmp]# yum install epel-release-7.noarch.rpm
刷新安装源并查看是否已经安装
[root@server_for_product ~]# yum repolist
看到以下字样就代表安装完成
epel/x86_64 Extra Packages for Enterprise Linux 7 – x86_64
查看EPEL源含有的安装包
[root@server_for_product ~]# yum –disablerepo=”*” –enablerepo=”epel” list available | less
安装ClamAV
在安装了EPEL源后,运行下面的命令安装ClamAV
[root@server_for_product ~]# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
在两个配置文件/etc/freshclam.conf和/etc/clamd.d/scan.conf中移除“Example”字符
[root@server_for_product ~]#sed -i -e “s/^Example/#Example/” /etc/freshclam.conf
[root@server_for_product ~]#sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf
手动更新病毒库
[root@server_for_product ~]# freshclam
顺便一提,freshclam命令通过文件/etc/cron.d/clamav-update来自动运行,该文件的内容
| ## Adjust this line…
MAILTO=root ## It is ok to execute it as root; freshclam drops privileges and becomes ## user ‘clamupdate’ as soon as possible 0 */3 * * * root /usr/share/clamav/freshclam-sleep |
但默认情况下是禁止了自动更新功能,需要移除文件/etc/sysconfig/freshclam最后一行的配置才能启用
| ## Adjust this line…
MAILTO=root ## It is ok to execute it as root; freshclam drops privileges and becomes ## user ‘clamupdate’ as soon as possible 0 */3 * * * root /usr/share/clamav/freshclam-sleep [root@server_for_product kylin]# ^C [root@server_for_product kylin]# tail /etc/sysconfig/freshclam ## This option accepts two special values: ## ‘disabled-warn’ … disables the automatic freshclam update and ## gives out a warning ## ‘disabled’ … disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation FRESHCLAM_DELAY=disabled-warn # REMOVE ME |
记得移除上面红色字体
定义服务器类型(本地或者TCP),在这里定义为使用本地socket,将文件/etc/clam.d/scan.conf中的这一行前面的注释符号去掉:
#LocalSocket /var/run/clamd.scan/clamd.sock
配置开机启动
[root@server_for_product ~]# systemctl enable clamd@scan
[root@server_for_product ~]# ln -s ‘/usr/lib/systemd/system/[email protected]’ ‘/etc/systemd/system/multi-user.target.wants/[email protected]’
启动并检查服务状态
[root@server_for_product ~]# systemctl start clamd@scan
[root@server_for_product ~]# systemctl status clamd@scan
看到active字样就表示安装成功
备注
如果在手动更新病毒库的时候遇到错误:Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.
此时就要删除掉旧的镜像地址文件
[root@server_for_product ~]# rm -f /var/lib/clamav/mirrors.dat
再手动更新一次病毒库
[root@server_for_product ~]# freshclam
