如何编译安装clamav?

编译安装
2

1 前言

– ClamAV是用于检测木马,病毒,恶意软件和其他恶意威胁的一个开源杀毒引擎。
– 由于CentOS提供的不是最新版本,于是笔者决定自行编译安装。

2 最佳实践

2.1 安装前的准备

2.1.1 系统环境

OS = CentOS 6.x x86_64
IP Address = any
Host Name = any.cmdschool.org

2.1.2 准备编译环境

yum groupinstall -y "Development Tools"

2.1.3 下载软件包

cd ~
wget http://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz

注,另外其他版本请从以下链接下载(含二进制安装包,如rpm包),
http://www.clamav.net/download/

2.1.4 解压软件包

cd ~
tar -xf clamav-0.102.3.tar.gz

2.2 编译安装clamav

2.2.1 预编译软件包

cd ~/clamav-0.102.3
./configure '--build=x86_64-redhat-linux-gnu' \
            '--host=x86_64-redhat-linux-gnu' \
            '--target=x86_64-redhat-linux-gnu' \
            '--prefix=/usr' \
            '--bindir=/usr/bin' \
            '--sbindir=/usr/sbin' \
            '--libexecdir=/usr/libexec' \
            '--sysconfdir=/etc' \
            '--localstatedir=/var' \
            '--libdir=/usr/lib64' \
            '--includedir=/usr/include' \
            '--datadir=/usr/share' \
            '--infodir=/usr/share/info' \
            '--localedir=/usr/share/locale' \
            '--mandir=/usr/share/man' \
            '--docdir=/usr/share/doc/clamav-0.102.3' \
            '--exec-prefix=/usr' \
            '--sharedstatedir=/var/lib' \
            '--program-prefix=' \
            '--enable-milter' \
            '--disable-clamav' \
            '--disable-static' \
            '--disable-zlib-vcheck' \
            '--disable-unrar' \
            '--enable-id-check' \
            '--enable-dns' \
            '--with-dbdir=/var/lib/clamav' \
            '--with-group=clamav' \
            '--with-user=clamav' \
            '--with-zlib=/usr' \
            '--enable-ltdl-convenience' \
            '--enable-check' \
            '--with-systemdsystemunitdir=no' \
            'build_alias=x86_64-redhat-linux-gnu' \
            'host_alias=x86_64-redhat-linux-gnu' \
            'target_alias=x86_64-redhat-linux-gnu' \
            'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
            'LDFLAGS= -Wl,-z,relro' \
            'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \
            'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'

如果遇到以下提示,

configure: error: OpenSSL not found.

可参阅如下命令解决依赖关系,

yum install -y openssl-devel

如果遇到以下提示,

configure: error: Cannot find libmilter

可参阅如下命令解决依赖关系,

yum install -y sendmail-devel

如果遇到以下提示,

checking for libcurl installation... configure: error: libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.

可参阅如下命令解决依赖关系,

yum install -y libcurl-devel

如果遇到以下提示,

configure: error:

ERROR!  Check was configured, but not found.  Get it from http://check.sf.net/

可参阅如下命令解决依赖关系,

yum install -y check-devel

如果遇到以下提示,

configure: error: Your libcurl (e.g. libcurl-devel) is too old. Installing ClamAV with clamonacc requires libcurl 7.45 or higher. For a quick fix, run ./configure again with --disable-clamonacc if you do not wish to use on-access scanning features. For more information on ClamAV's on-access scanner, please read our documentation: https://www.clamav.net/documents/on-access-scanning#on-access-scanning

可参阅如下文档解决依赖关系,

如何编译安装libcurl-devel?


如果安装后错误提示仍存在,你可以增加参数“-with-libcurl”手动指定libcurl的位置,

cd ~/clamav-0.102.3
./configure '--build=x86_64-redhat-linux-gnu' \
            '--host=x86_64-redhat-linux-gnu' \
            '--target=x86_64-redhat-linux-gnu' \
            '--prefix=/usr' \
            '--bindir=/usr/bin' \
            '--sbindir=/usr/sbin' \
            '--libexecdir=/usr/libexec' \
            '--sysconfdir=/etc' \
            '--localstatedir=/var' \
            '--libdir=/usr/lib64' \
            '--includedir=/usr/include' \
            '--datadir=/usr/share' \
            '--infodir=/usr/share/info' \
            '--localedir=/usr/share/locale' \
            '--mandir=/usr/share/man' \
            '--docdir=/usr/share/doc/clamav-0.102.3' \
            '--exec-prefix=/usr' \
            '--sharedstatedir=/var/lib' \
            '--program-prefix=' \
            '--enable-milter' \
            '--disable-clamav' \
            '--disable-static' \
            '--disable-zlib-vcheck' \
            '--disable-unrar' \
            '--enable-id-check' \
            '--enable-dns' \
            '--with-dbdir=/var/lib/clamav' \
            '--with-group=clamav' \
            '--with-user=clamav' \
            '--with-zlib=/usr' \
            '--enable-ltdl-convenience' \
            '--enable-check' \
            '--with-systemdsystemunitdir=no' \
            'build_alias=x86_64-redhat-linux-gnu' \
            'host_alias=x86_64-redhat-linux-gnu' \
            'target_alias=x86_64-redhat-linux-gnu' \
            'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
            'LDFLAGS= -Wl,-z,relro' \
            'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \
            'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \
            '--with-libcurl=/usr/local/curl-7.65.3'

2.2.2 编译软件包

make

2.2.3 安装软件包

make install

2.3 配置数据库更新工具

2.3.1 部署配置文件

cp /etc/freshclam.conf.sample /etc/freshclam.conf

使用如下命令编辑配置文件,

vim /etc/freshclam.conf

修改如下参数,

# Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner clamav
DatabaseMirror database.clamav.net

根据配置创建所需的运行用户

groupadd  -g 498 clamav
useradd -u 498 -g 498 -d /var/lib/clamav -s /sbin/nologin -c "Clam Anti Virus Checker" clamav

根据配置创建所需的目录或修改已有目录的权限,

mkdir /var/log/clamav
chown clamav:clamav /var/lib/clamav/ /var/log/clamav
chmod 775 -R /var/lib/clamav/ /var/log/clamav

2.3.2 设置selinux

setsebool -P antivirus_can_scan_system 1

2.3.3 测试更新

freshclam

2.3.4 配置自动更新

crontab -e

加入如下配置,

47  *  *   *    *  /usr/bin/freshclam --quiet

2.3.5 手动测试扫描

clamscan ~

2.4 配置ClamAV守护进程

2.4.1 部署配置文件

cp /etc/clamd.conf.sample /etc/clamd.conf

使用如下命令编辑配置文件,

vim /etc/clamd.conf

修改如下参数,

# Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
User clamav
ScanPE yes
ScanELF yes
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ArchiveBlockEncrypted no

然后,我们需要根据配置文件创建所需的文件夹,

mkdir /var/run/clamav
chown clamav:clamav /var/run/clamav

2.4.2 部署服务控制脚本

vim /etc/init.d/clamd

加入如下配置,

#!/bin/sh
#
# Startup script for the Clam AntiVirus Daemon
#
# chkconfig: - 61 39
# description: Clam AntiVirus Daemon is a TCP/IP or socket protocol \
#              server.
# processname: clamd
# pidfile: /var/run/clamav/clamd.pid
# config: /etc/clamd.conf

pidfile=/var/run/clamav/clamd.pid
sockfile=/var/run/clamav/clamd.pid
lockfile=/var/lock/subsys/clamd
config=/etc/clamd.conf
user=clamav
group=clamav

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

[ -x /usr/sbin/clamd ] || exit 0

# Local clamd config
test -f /etc/sysconfig/clamd && . /etc/sysconfig/clamd

# See how we were called.
case "$1" in
  start)
        echo -n "Starting Clam AntiVirus Daemon: "
        piddir=`dirname $pidfile`
        if [ ! -d $piddir ]; then
          mkdir -p $piddir
          chown $user:$group $piddir
        fi
        sleep 1
        daemon clamd -c $config
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch $lockfile
        ;;
  stop)
        echo -n "Stopping Clam AntiVirus Daemon: "
        killproc clamd
        rm -f $sockfile
        rm -f $pidfile
        RETVAL=$?
        echo
### heres the fix... we gotta remove the stale files on restart
        [ $RETVAL -eq 0 ] && rm -f $lockfile
        ;;
  status)
        status clamd
        RETVAL=$?
        ;;
  restart|reload)
        $0 stop
        $0 start
        RETVAL=$?
        ;;
  condrestart)
        [ -e $lockfile ] && $0 restart
        RETVAL=$?
        ;;
  *)
        echo "Usage: clamd {start|stop|status|restart|reload|condrestart}"
        exit 1
esac

exit $RETVAL

编辑完成后,使用如下命令增加执行权限,

chmod +x /etc/init.d/clamd

然后,我们使用脚本启动服务并设置自启动,

/etc/init.d/clamd start
chkconfig clamd on

另外,如果遇到SELinux无法启动问题,可以使用如下命令反复调试,

ausearch -c 'clamd' --raw | audit2allow -M my-clamd
semodule -X 300 -i my-clamd.pp

或者,你可以选择关闭SELinux,

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

参阅文档
===================

官方主页
———–
http://www.clamav.net/

官方github
————–
https://github.com/Cisco-Talos/clamav-devel

下载页面
————
http://www.clamav.net/downloads

编译安装
————-
https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions
https://www.clamav.net/documents/installing-clamav-on-unix-linux-macos-from-source

应用场景参考
————
https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/antivirus_configuration.html

测试病毒码下载地址
—————-
https://www.eicar.org/?page_id=3950

非官方教程参考
————-
https://blog.csdn.net/zwjzqqb/article/details/80204676

2 条评论

发表回复

PHP
如何编译安装php-fpm的模块?

1 前言 一个问题,一篇文章,一出故事。 笔者最新部署了一个PHP-FPM的环境,本章将整理如何部署 …

PHP
如何基于Oracle Linux 9.x编译安装PHP-FPM 8.x?

1 前言 一个问题,一篇文章,一出故事。 PHP-FPM可以跟Nginx配合使Nginx环境具备运行 …

Tomcat
如何编译安装Tomcat的Native库?

1 基础知识 Tomcat的Native库允许Tomcat使用OpenSSL作为JSSE的替代品来支 …