CentOS7 安裝防毒軟體 ClamAV

 出處：https://blog.xuite.net/tolarku/blog/543961253-CentOS7+%E5%AE%89%E8%A3%9D%E9%98%B2%E6%AF%92%E8%BB%9F%E9%AB%94+ClamAV

雖然我感覺不出來在 Linux 一般系統裡安裝防毒軟體的作用，但在某些應用有可能被外部使用者更改檔案，且資安要求需要安裝所以就會在 CentOS 裡安裝 ClamAV ，之前寫過一篇「Linux 系統安裝防毒 - ClamAV」但後來在套用指令發現綴詞太多，於是再寫一篇快速應用，只要簡單貼上下面指令，就能在 CentOS 裡配置防毒軟體 ClamAV。

 安裝套件庫 EPEL Repository
sudo yum install epel-release -y

安裝防毒軟體
sudo yum install clamav clamd -y
會安裝：clamav、clamd 及 clamav-db

設定 selinux
sudo setsebool -P antivirus_can_scan_system 1

啟動服務 clamd
（CentOS 6） sudo chkconfig clamd on; sudo service clamd start
（CentOS 7 ）sudo systemctl start clamd 

若病毒碼未更新會跳出這個警告訊息
Starting Clam AntiVirus Daemon:
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days!                         ***
LibClamAV Warning: *** Please update it as soon as possible.                              ***
LibClamAV Warning: **************************************************

增加台灣病毒碼更新資料庫 - 不增加也可以，但速度會差很多
sudo vi /etc/freshclam.conf
DatabaseMirror clamav.stu.edu.tw
DatabaseMirror db.tw.clamav.net

更新病毒碼
sudo freshclam

ClamAV update process started at Mon Nov 6 11:54:40 2017
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK
Downloading main-58.cdiff [100%]
main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Reading CVD header (daily.cvd): OK
WARNING: getfile: daily-21724.cdiff not found on clamav.stu.edu.tw (IP: 2001:e10:c41:eeee::1)
WARNING: getpatch: Can't download daily-21724.cdiff from clamav.stu.edu.tw
Trying host clamav.stu.edu.tw (120.119.118.1)...
WARNING: getfile: daily-21724.cdiff not found on clamav.stu.edu.tw (IP: 120.119.118.1)
WARNING: getpatch: Can't download daily-21724.cdiff from clamav.stu.edu.tw
WARNING: getpatch: Can't download daily-21724.cdiff from clamav.stu.edu.tw
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 24010, sigs: 1769510, f-level: 63, builder: neo)
Reading CVD header (bytecode.cvd): OK
Downloading bytecode-279.cdiff [100%]
（略）
Downloading bytecode-315.cdiff [100%]
bytecode.cld updated (version: 315, sigs: 75, f-level: 63, builder: raynman)
Database updated (6335834 signatures) from clamav.stu.edu.tw (IP: 120.119.118.1)

 

設定每日排程更新病毒碼 與 掃描特定目錄，當然也可以針對 root /
sudo vi /etc/crontab
# 1 1 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log
# 以 yum 套件方式安裝，不需要額外設定每日更新事件，他會自動在 /etc/cron.daily/freshclam 排程更新
1 2 * * * root /usr/bin/clamscan -r /target_directory

即時掃描某目錄，若掃描正常會在檔名後面顯示OK
sudo  clamscan -r  /www/webroot

最後會產出掃描結果
----------- SCAN SUMMARY -----------
Known viruses: 6330125
Engine version: 0.99.2
Scanned directories: 39
Scanned files: 2196
Infected files: 0
Data scanned: 2860.51 MB
Data read: 12931.74 MB (ratio 0.22:1)
Time: 629.235 sec (10 m 29 s)