为了在linux环境下扫描出windows下的病毒***文件,使用clamav工具可以做到.clamav病毒库可以免费升级,但只能查毒不能杀毒。
1、安装clamav
下载clamav-0.94.2.tar.gz
http://www.sfr-fresh.com/unix/misc/clamav-0.94.2.tar.gz
tar -zxvf clamav-0.94.2.tar.gz
cd clamav-0.94.2
groupadd clamav
useradd -g clamav -s /bin/false -d /dev/null clamav
./configure
make && make install
2、创建日志目录
mkdir -p /var/log/clamav
chown -R clamav.clamav /var/log/clamav
3、修改配置文件clamd.conf:
vi /usr/local/etc/clamd.conf
#Example 注释掉Example
LogFile /var/log/clamav/clamd.log
LogTime yes
LogVerbose yes
PidFile /var/run/clamd.pid
TemporaryDirectory /var/tmp
LocalSocket /tmp/clamd.socket
默认安装病毒库在此目录:
MaxDirectoryRecursion 15
User clamav
ScanMail yes
ScanArchive yes
修改配置文件:freshclam.conf
vi /usr/local/etc/freshclam.conf
#Example 注释掉Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 10M
LogTime yes
LogVerbose yes
LogSyslog yes
PidFile /var/run/freshclam.pid
DatabaseOwner clamav
DatabaseMirror database.clamav.net
4、启动clamav 、freshclam
编写脚本:vi clamav
#!/bin/sh
#
# Startup / shutdown script for Clam Antivirus
case "$1" in
start)
/usr/local/sbin/clamd && echo -n 'Clamd started'
/usr/local/bin/freshclam -d -c 2 -l /var/log/freshclam.log
echo -n ' freshclam started'
;;
stop)
/usr/bin/killall clamd > /dev/null 2>&1 && echo -n 'Clamd stoped'
/usr/bin/killall freshclam > /dev/null 2>&1 && echo -n ' freshclam Stoped'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
把clamav脚本放在/etc/init.d/clamav
修改访问权限:chmod 755 /etc/init.d/clamav
创建freshclam.log文件:touch /var/log/freshclam.log
chown clamav.clamav /var/log/freshclam.log
touch /var/run/clamd.pid
chown clamav.clamav /var/run/clamd.pid
touch /var/run/freshclam.pid
chown clamav.clamav /var/run/freshclam.pid
5、计划任务定时升级病毒库和定期扫描某个目录:
#crontab -e
0 1 * * * freshclam --quiet
0 6 * * * /usr/local/bin/clamscan --recursive --infected --exclude /usr/local/share/clamav/viruses.db --exclude /usr/local/share/clamav/viruses.db2 /home
6、扫描目录、文件
clamscan -r /tmp
clamscan data.tar.gz
http://blog.chinaunix.net/uid-20653538-id-66668.html
转载于:https://blog.51cto.com/mcmvp/1256118