能去特意找这种查杀软件,我想都应该懂的。肯定都是发现服务器不正常才会特意去收集这方面资料。
ClamAV介绍
ClamAV是一个在命令行下查毒软件,因为它不将杀毒作为主要功能,默认只能查出您计算机内的病毒,但是无法清除,至多删除文件。ClamAV可以工作很多的平台上,但是有少数无法支持,这就要取决您所使用的平台的流行程度了。另外它主要是来防护一些WINDOWS病毒和木马程序。另外,这是一个面向服务端的软件。
下载
安装配置
|
1 2 |
tar -zxvf clamav-0.98.7.tar.gz mkdir -p /opt/webserver/clamav/ |
创建存储日志及更新文件存放位置
|
1 2 3 4 |
mkdir /opt/webserver/clamav/{logs,update} cd clamav-0.98.7 ./configure --profix=/opt/webserver/clamav/ make && make install |
安装成功后处理配置文件
|
1 2 3 |
cd etc/ cp clamd.conf.sample clamd.conf cp freshclam.conf.sample freshclam.conf |
clamd.conf配置文件
|
1 2 3 4 5 6 7 8 9 10 |
shell->$# cat clamd.conf|grep '^[^$|#]' LogFile /opt/webserver/clamav/logs/clamav.log LogFileMaxSize 4M LogTime yes LogSyslog yes LogVerbose yes PidFile /var/run/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /opt/webserver/clamav/update/ LocalSocket /tmp/clamd.socket |
freshclam配置文件
|
1 2 3 4 5 6 7 8 9 |
shell>$# cat freshclam.conf|grep '^[^$|#]' DatabaseDirectory /opt/webserver/clamav/update/ UpdateLogFile /opt/webserver/clamav/update/freshclam.log LogFileMaxSize 2M LogTime yes LogVerbose yes LogSyslog yes PidFile /opt/webserver/clamav/update/freshclam.pid DatabaseMirror database.clamav.net |
创建日志文件
|
1 |
touch /opt/webserver/clamav/logs/{freshclam.log,clamav.log} |
授权权限
|
1 2 3 |
groupadd clamav useradd -g clamav clamav chown clamav:clamav -R /opt/webserver/clamav/{logs/,update/} |
更新病毒库,第一次的时候更新时间稍微有点长10分钟左右吧
|
1 2 3 4 5 6 7 8 9 10 11 |
cd /opt/webserver/clamav/bin/ ./freshclam ClamAV update process started at Wed Jun 3 15:48:58 2015 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Downloading daily-20543.cdiff [100%] Downloading daily-20544.cdiff [100%] Downloading daily-20545.cdiff [100%] Downloading daily-20546.cdiff [100%] daily.cld updated (version: 20546, sigs: 1412096, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 256, sigs: 45, f-level: 63, builder: dgoddard) Database updated (3836366 signatures) from database.clamav.net (IP: 207.57.106.31) |
更新完毕
|
1 2 3 4 5 6 7 8 9 10 11 |
#$ 扫描所有文件 ./clamscan -r /* #$ 扫描后直接清楚 ./clamscan -r /* --remove #$ 免打扰模式,只输出错误信息 ./clamscan -r /* --quiet #$ 将日志输出到文件内 ./clamscan -r /* >> /tmp/clamAv.log |
然后定时更新扫描什么的很简单了
命令参数
[root@borew bin]# ./clamscan -h
–help -h Print this help screen
–version -V Print version number
–verbose -v Be verbose
–archive-verbose -a Show filenames inside scanned archives
–debug Enable libclamav’s debug messages
–quiet Only output error messages
–stdout Write to stdout instead of stderr
–no-summary Disable summary at end of scanning
–infected -i Only print infected files
–suppress-ok-results -o Skip printing OK files
–bell Sound bell on virus detection
参考资料
https://securelist.com/analysis/publications/64361/versatile-ddos-trojan-for-linux/
http://www.clamav.net/index.html
http://www.oicqzone.com/pc/2014110420119.html
* 谁在说linux没毒我跟谁翻脸(只能说敛财数额没有在windows容易).埋下伏笔,下月装逼
玩趣儿
0 条评论。