Linux杀毒软件-ClamAV

发表于 | 分类于

第一篇 Install ClamAV

此处输入图片的描述

ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.

1. Install and Configure ClamAV on CentOS 7

yum install epel-release

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

2. Disable SELinux for ClamAV

[root@ct7 system]# more /etc/selinux/config
SELINUX=disabled

3. Configuration of Clam daemon

cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
sed -i ‘/^Example/d’ /etc/clamd.d/clamd.conf

mkdir -p /var/run/clamd.servce/
chown clamscan:clamscan clamd.service

vi /etc/clamd.d/clamd.conf
User clamscan
LocalSocket /var/run/clamd.servce/clamd.sock

4. Configuration of Clam scan daemon

cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.backup
sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

vi /etc/clamd.d/scan.conf
User clamscan
LocalSocket /var/run/clamd.scan/clamd.sock

5. Enable Freshclam

Freshclam helps with keeping the database of ClamAV up-to-date. First delete the related “Example” line from /etc/freshclam.conf.

cp /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i ‘/^Example/d’ /etc/freshclam.conf

6. Missing systemd service file

We didn’t get a systemd service file, so creating a quick file here. The process should be forking itself and start freshclam in daemon mode. In this case we configure it to check 4 times a day for new files.

Create a new file /usr/lib/systemd/system/clam-freshclam.service

# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

Now enable and start the service.

systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service

[root@ct7 system]# systemctl status clam-freshclam.service
● clam-freshclam.service - freshclam scanner
   Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-11-08 02:31:36 GMT; 3h 33min ago
 Main PID: 26033 (freshclam)
   Memory: 1.3M
   CGroup: /system.slice/clam-freshclam.service
           └─26033 /usr/bin/freshclam -d -c 4

Nov 08 02:31:36 ct7.qa.webex.com systemd[1]: Starting freshclam scanner...
Nov 08 02:31:36 ct7.qa.webex.com freshclam[26033]: freshclam daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Nov 08 02:31:36 ct7.qa.webex.com freshclam[26033]: ClamAV update process started at Wed Nov  8 02:31:36 2017
Nov 08 02:31:36 ct7.qa.webex.com systemd[1]: Started freshclam scanner.
Nov 08 02:31:37 ct7.qa.webex.com freshclam[26033]: main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Nov 08 02:31:37 ct7.qa.webex.com freshclam[26033]: daily.cvd is up to date (version: 24023, sigs: 1774015, f-level: 63, builder: neo)
Nov 08 02:31:37 ct7.qa.webex.com freshclam[26033]: bytecode.cld is up to date (version: 318, sigs: 75, f-level: 63, builder: raynman)
Nov 08 02:31:37 ct7.qa.webex.com freshclam[26033]: --------------------------------------

7. Missing systemd service file

By default, the service files seem to be messy and not working.

#These are the files bundled:

[root@centos7 system]# ls -l /usr/lib/systemd/system/clam*
-rw-r--r--. 1 root root 136 Apr 29 20:38 /usr/lib/systemd/system/clamd@scan.service
-rw-r--r--. 1 root root 231 Apr 29 20:38 /usr/lib/systemd/system/clamd@.service

#When enabling the clamd service, we would see something like this:

[root@centos7 system]# systemctl enable /usr/lib/systemd/system/clamd@.service
 Failed to issue method call: Unit /usr/lib/systemd/system/clamd@.service does not exist.

#So let’s fix it. First rename the /usr/lib/systemd/system/clamd@.service file.
#Rename the clamd@ file.

mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

#Now we have to change the clamd@scan service as well, as it refers to a non-existing file now. Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign.
[root@ct7 system]# more  /usr/lib/systemd/system/clamd@scan.service
.include /lib/systemd/system/clamd.service

#Next step is changing the clamd service file /usr/lib/systemd/system/clamd.service
[root@ct7 system]# more  /usr/lib/systemd/system/clamd@scan.service
.include /lib/systemd/system/clamd.service

[Unit]
Description = Generic clamav scanner daemon

[Install]
WantedBy = multi-user.target
[root@ct7 system]# more /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target

[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

#Start all services.
cd /usr/lib/systemd/system
[root@centos7 system]# systemctl enable clamd.service
[root@centos7 system]# systemctl enable clamd@scan.service
[root@centos7 system]# systemctl start clamd.service
[root@centos7 system]# systemctl start clamd@scan.service

#Check the status
[root@ct7 system]# systemctl status clamd.service
● clamd.service - clamd scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-11-08 05:31:45 GMT; 38min ago
 Main PID: 32202 (clamd)
   Memory: 510.1M
   CGroup: /system.slice/clamd.service
           └─32202 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes

Nov 08 05:31:58 ct7.qa.webex.com clamd[32202]: HTML support enabled.
Nov 08 05:31:58 ct7.qa.webex.com clamd[32202]: XMLDOCS support enabled.
Nov 08 05:31:58 ct7.qa.webex.com clamd[32202]: HWP3 support enabled.
Nov 08 05:31:58 ct7.qa.webex.com clamd[32202]: Self checking every 600 seconds.
Nov 08 05:42:00 ct7.qa.webex.com clamd[32202]: SelfCheck: Database status OK.
Nov 08 05:42:00 ct7.qa.webex.com clamd[32202]: SelfCheck: Database status OK.
Nov 08 05:52:03 ct7.qa.webex.com clamd[32202]: SelfCheck: Database status OK.
Nov 08 05:52:03 ct7.qa.webex.com clamd[32202]: SelfCheck: Database status OK.
Nov 08 06:02:11 ct7.qa.webex.com clamd[32202]: SelfCheck: Database status OK.
Nov 08 06:02:11 ct7.qa.webex.com clamd[32202]: SelfCheck: Database status OK.

[root@ct7 system]# systemctl status clamd@scan.service
● clamd@scan.service - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-11-08 06:11:17 GMT; 4s ago
 Main PID: 1622 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─1622 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes

Nov 08 06:11:17 ct7.qa.webex.com systemd[1]: Started Generic clamav scanner daemon.
Nov 08 06:11:17 ct7.qa.webex.com systemd[1]: Starting Generic clamav scanner daemon...
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: Received 0 file descriptor(s) from systemd.
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: Running as user clamscan (UID 387, GID 386)
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: Log file size limited to 1048576 bytes.
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: Reading databases from /var/lib/clamav
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: Not loading PUA signatures.
Nov 08 06:11:17 ct7.qa.webex.com clamd[1622]: Bytecode: Security mode set to "TrustSigned".

8. if not work, check this log

[root@ct7 clamd.service]# tail -f /var/log/messages
Nov  8 06:13:22 ct7 systemd: clamd@scan.service holdoff time over, scheduling restart.
Nov  8 06:13:22 ct7 systemd: Started Generic clamav scanner daemon.
Nov  8 06:13:22 ct7 systemd: Starting Generic clamav scanner daemon...
Nov  8 06:13:22 ct7 clamd[1721]: Received 0 file descriptor(s) from systemd.
Nov  8 06:13:22 ct7 clamd[1721]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Nov  8 06:13:22 ct7 clamd[1721]: Running as user clamscan (UID 387, GID 386)
Nov  8 06:13:22 ct7 clamd[1721]: Log file size limited to 1048576 bytes.
Nov  8 06:13:22 ct7 clamd[1721]: Reading databases from /var/lib/clamav
Nov  8 06:13:22 ct7 clamd[1721]: Not loading PUA signatures.
Nov  8 06:13:22 ct7 clamd[1721]: Bytecode: Security mode set to "TrustSigned".
Nov  8 06:13:33 ct7 clamd[1721]: Loaded 6335039 signatures.