参考文章:centos7 安装clamav 进行病毒扫描查杀
linux系统常作为服务器系统,已安全著称,但是随着市场占有量的增大,慢慢的linux病毒也还是增多,而对于病毒,一般都是管理员手动分析进行查杀,除了手动分析查杀病毒外,还可以借助杀毒软件进行查杀,就像windows都有杀毒软件一样,liunx的杀毒软件也是有的,但基本上都是开源的小工具,由于本身linux服务器的病毒就较少,且相对windows更难以入侵,所以专门的Linux杀毒软件较少,专门研发linux杀毒软件或病毒的人就更少了,所以,linux上通常杀毒手段就是一个精通linux安全的系统管理员。
但是,随着linux服务器在市场上的占用率的飙升,正对linux系统的病毒也开始增加了,所以,我们还是使用更为专业的杀毒软件,这里选择开源的ClamAV 杀毒软件。
” ClamAV “
安装部署与使用:
# 更新epel仓库源,yum下载clamav
yum -y install epel-release
yum install –y clamav clamav-update# 更新病毒库
freshclam# 扫描病毒
clamscan -r -i / -l /home/clamscan.log –remove # 这里递归扫描根目录 / ,发现感染文件立即删除
# -r 递归扫面子文件
# –i 只显示被感染的文件
# -l 指定日志文件
# --remove 删除被感染文件
# --move隔离被感染文件# 在扫描完成后,会打印出扫描结果,如:
----------- SCAN SUMMARY -----------
Known viruses: 6490986
Engine version: 0.99.4
Scanned directories: 20172
Scanned files: 72378
Infected files: 0 # 被感染的文件数
Total errors: 23809
Data scanned: 4067.18 MB
Data read: 4244.65 MB (ratio 0.96:1)
Time: 1343.190 sec (22 m 23 s)这样一次病毒扫描就完成了,然后我们可以将其作为计划任务,每天深夜进行病毒扫描,并打印日志,然后如果扫描到了病毒,就发送邮件给管理员,然后管理员手动进行一定的病毒分析然后再杀毒。
将扫描程序写成脚本
import smtplib
from email.mime.text import MIMEText
from email.header import Header
import socket
import os
import re
class ClamAV(object):
## 这里填入自己的远程smtp服务。利用第三方smtp服务进行邮件发送。
def __init__(self):
self.HOST = "smtp.exmail.qq.com"
self.PORT = "465"
self.USER = 'xxx@xxxx.com'
self.PASSWD = 'xxxxxx'
self.TO = "xxxxxxxxx@xx.com"
def clamscan(self):
os.system('freshclam')
os.system('clamscan -ri /tmp > /tmp/clamscan.log')
with open('/tmp/clamscan.log', 'r', encoding='utf-8') as f:
a = f.read()
result = re.findall('Infected files:.*', a)
if result:
number = result[0].split(':')[1].strip()
if number != '0':
self.sendmail('Infected files:%s。有文件感染,请手动检查,查杀病毒。' %number)
else:
self.sendmail('扫描脚本有误,请检查')
def sendmail(self,content):
ipaddr = socket.gethostbyname(socket.gethostname())
smtp = smtplib.SMTP_SSL(self.HOST, self.PORT)
smtp.ehlo()
smtp.login(self.USER, self.PASSWD)
TEXT = """IP: %s\nContent: %s""" %(ipaddr,content)
message = MIMEText(TEXT, 'plain', 'utf-8')
message['From'] = self.USER
message['To'] = self.TO
message['Subject'] = Header('Clamscan Result Warning', 'utf-8')
smtp.sendmail(self.USER, self.TO, message.as_string())
smtp.quit()
clam = ClamAV()
clam.clamscan()设为定时任务,每天凌晨4点执行扫描。
vim /etc/crontab
00 4 * * * root {local-path}/clamsacn.pyOK。 到此就完成了。
以上为参考其他文章的安装全过程,大部分机器是可以正常安装的,但是部分机器安装过程中可能会出现一些问题。
1、epel-release 无法下载
解决:Linux centos7 安装 yum install epel-release 出现 无需任何处理 提示
2、执行yum install –y clamav clamavd clamav-update提示:
[root@qy-app3 opt]# yum install –y clamav clamavd clamav-update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.bfsu.edu.cn
* epel: mirrors.bfsu.edu.cn
* extras: mirrors.bfsu.edu.cn
* updates: mirrors.bupt.edu.cn
No package clamavd available.
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.103.3-5.el7 will be installed
--> Processing Dependency: clamav-filesystem = 0.103.3-5.el7 for package: clamav-0.103.3-5.el7.x86_64
--> Processing Dependency: clamav-lib = 0.103.3-5.el7 for package: clamav-0.103.3-5.el7.x86_64
--> Processing Dependency: libclamav.so.9(CLAMAV_PRIVATE)(64bit) for package: clamav-0.103.3-5.el7.x86_64
--> Processing Dependency: libclamav.so.9(CLAMAV_PUBLIC)(64bit) for package: clamav-0.103.3-5.el7.x86_64
--> Processing Dependency: libclamav.so.9()(64bit) for package: clamav-0.103.3-5.el7.x86_64
---> Package clamav-update.x86_64 0:0.103.3-5.el7 will be installed
--> Processing Dependency: libprelude.so.28()(64bit) for package: clamav-update-0.103.3-5.el7.x86_64
--> Running transaction check
---> Package clamav-filesystem.noarch 0:0.103.3-5.el7 will be installed
---> Package clamav-lib.x86_64 0:0.103.3-5.el7 will be installed
--> Processing Dependency: libpcre2-8.so.0()(64bit) for package: clamav-lib-0.103.3-5.el7.x86_64
---> Package libprelude.x86_64 0:5.2.0-2.el7 will be installed
--> Running transaction check
---> Package pcre2.x86_64 0:10.23-2.el7 will be installed
--> Processing Conflict: clamav-filesystem-0.103.3-5.el7.noarch conflicts clamav > 0.103.3-5.el7
--> Finished Dependency Resolution
Error: clamav-filesystem conflicts with clamav-0.104.0-1.i686
You could try using --skip-broken to work around the problem
** Found 11 pre-existing rpmdb problem(s), 'yum check' output follows:
audit-libs-2.8.5-4.el7.x86_64 is a duplicate with audit-libs-2.7.6-3.el7.x86_64
libselinux-2.5-14.1.el7.x86_64 is a duplicate with libselinux-2.5-11.el7.x86_64
libselinux-utils-2.5-14.1.el7.x86_64 is a duplicate with libselinux-utils-2.5-11.el7.x86_64
libsemanage-2.5-14.el7.x86_64 is a duplicate with libsemanage-2.5-8.el7.x86_64
libsepol-2.5-10.el7.x86_64 is a duplicate with libsepol-2.5-6.el7.x86_64
1:net-snmp-5.7.2-28.el7.x86_64 has missing requires of libmysqlclient.so.18()(64bit)
policycoreutils-2.5-33.el7.x86_64 is a duplicate with policycoreutils-2.5-17.1.el7.x86_64
2:postfix-2.10.1-6.el7.x86_64 has missing requires of libmysqlclient.so.18()(64bit)
2:postfix-2.10.1-6.el7.x86_64 has missing requires of libmysqlclient.so.18(libmysqlclient_18)(64bit)
selinux-policy-3.13.1-252.el7.1.noarch is a duplicate with selinux-policy-3.13.1-166.el7.noarch
selinux-policy-targeted-3.13.1-252.el7.1.noarch is a duplicate with selinux-policy-targeted-3.13.1-166.el7.noarch解决:可能存在旧版本,卸载旧版本。
[root@qy-app3 yum.repos.d]# yum remove clamav
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package clamav.i686 0:0.104.0-1 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================================
Removing:
clamav i686 0.104.0-1 installed 27 M
Transaction Summary
======================================================================================================================================================================
Remove 1 Package
Installed size: 27 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : clamav-0.104.0-1.i686 1/1
warning: file /usr/local/lib/libfreshclam.so.2.0.2: remove failed: No such file or directory
warning: file /usr/local/lib/libfreshclam.so.2: remove failed: No such file or directory
warning: file /usr/local/lib/libfreshclam.so: remove failed: No such file or directory
warning: file /usr/local/lib/libclamunrar_iface.so.9.1.0: remove failed: No such file or directory
warning: file /usr/local/lib/libclamunrar_iface.so.9: remove failed: No such file or directory
warning: file /usr/local/lib/libclamunrar_iface.so: remove failed: No such file or directory
warning: file /usr/local/lib/libclamunrar.so.9.1.0: remove failed: No such file or directory
warning: file /usr/local/lib/libclamunrar.so.9: remove failed: No such file or directory
warning: file /usr/local/lib/libclamunrar.so: remove failed: No such file or directory
warning: file /usr/local/lib/libclammspack.so.0.8.0: remove failed: No such file or directory
warning: file /usr/local/lib/libclammspack.so.0: remove failed: No such file or directory
warning: file /usr/local/lib/libclammspack.so: remove failed: No such file or directory
warning: file /usr/local/lib/libclamav.so.9.1.0: remove failed: No such file or directory
warning: file /usr/local/lib/libclamav.so.9: remove failed: No such file or directory
warning: file /usr/local/lib/libclamav.so: remove failed: No such file or directory
Verifying : clamav-0.104.0-1.i686 1/1
Removed:
clamav.i686 0:0.104.0-1
Complete!3、查杀常见错误:LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap_readpage: pread error: Input/output error
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4084 bytes @ offset 12, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4096 bytes @ offset 0, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4085 bytes @ offset 11, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4080 bytes @ offset 16, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4087 bytes @ offset 9, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4087 bytes @ offset 9, got 0
LibClamAV Warning: fmap: failed to get MD5
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap: failed to get MD5解决:
扫描/sys/会产生大量报错,跳过此文件夹即可
-i 代表只报出infected的文件
-r 代表子文件夹也要扫描,/就是根目录了
#clamscan --exclude-dir=/sys/ -i -r /本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
