有尝试过静态编译clamd 吗?
1 前言
– ClamAV是用于检测木马,病毒,恶意软件和其他恶意威胁的一个开源杀毒引擎。
– 由于CentOS提供的不是最新版本,于是笔者决定自行编译安装。
2 最佳实践
2.1 安装前的准备
2.1.1 系统环境
OS = CentOS 6.x x86_64
IP Address = any
Host Name = any.cmdschool.org
2.1.2 准备编译环境
yum groupinstall -y "Development Tools"
2.1.3 下载软件包
cd ~ wget http://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz
注,另外其他版本请从以下链接下载(含二进制安装包,如rpm包),
http://www.clamav.net/download/
2.1.4 解压软件包
cd ~ tar -xf clamav-0.102.3.tar.gz
2.2 编译安装clamav
2.2.1 预编译软件包
cd ~/clamav-0.102.3 ./configure '--build=x86_64-redhat-linux-gnu' \ '--host=x86_64-redhat-linux-gnu' \ '--target=x86_64-redhat-linux-gnu' \ '--prefix=/usr' \ '--bindir=/usr/bin' \ '--sbindir=/usr/sbin' \ '--libexecdir=/usr/libexec' \ '--sysconfdir=/etc' \ '--localstatedir=/var' \ '--libdir=/usr/lib64' \ '--includedir=/usr/include' \ '--datadir=/usr/share' \ '--infodir=/usr/share/info' \ '--localedir=/usr/share/locale' \ '--mandir=/usr/share/man' \ '--docdir=/usr/share/doc/clamav-0.102.3' \ '--exec-prefix=/usr' \ '--sharedstatedir=/var/lib' \ '--program-prefix=' \ '--enable-milter' \ '--disable-clamav' \ '--disable-static' \ '--disable-zlib-vcheck' \ '--disable-unrar' \ '--enable-id-check' \ '--enable-dns' \ '--with-dbdir=/var/lib/clamav' \ '--with-group=clamav' \ '--with-user=clamav' \ '--with-zlib=/usr' \ '--enable-ltdl-convenience' \ '--enable-check' \ '--with-systemdsystemunitdir=no' \ 'build_alias=x86_64-redhat-linux-gnu' \ 'host_alias=x86_64-redhat-linux-gnu' \ 'target_alias=x86_64-redhat-linux-gnu' \ 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \ 'LDFLAGS= -Wl,-z,relro' \ 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \ 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
如果遇到以下提示,
configure: error: OpenSSL not found.
可参阅如下命令解决依赖关系,
yum install -y openssl-devel
如果遇到以下提示,
configure: error: Cannot find libmilter
可参阅如下命令解决依赖关系,
yum install -y sendmail-devel
如果遇到以下提示,
checking for libcurl installation... configure: error: libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.
可参阅如下命令解决依赖关系,
yum install -y libcurl-devel
如果遇到以下提示,
configure: error: ERROR! Check was configured, but not found. Get it from http://check.sf.net/
可参阅如下命令解决依赖关系,
yum install -y check-devel
如果遇到以下提示,
configure: error: Your libcurl (e.g. libcurl-devel) is too old. Installing ClamAV with clamonacc requires libcurl 7.45 or higher. For a quick fix, run ./configure again with --disable-clamonacc if you do not wish to use on-access scanning features. For more information on ClamAV's on-access scanner, please read our documentation: https://www.clamav.net/documents/on-access-scanning#on-access-scanning
可参阅如下文档解决依赖关系,
如果安装后错误提示仍存在,你可以增加参数“-with-libcurl”手动指定libcurl的位置,
cd ~/clamav-0.102.3 ./configure '--build=x86_64-redhat-linux-gnu' \ '--host=x86_64-redhat-linux-gnu' \ '--target=x86_64-redhat-linux-gnu' \ '--prefix=/usr' \ '--bindir=/usr/bin' \ '--sbindir=/usr/sbin' \ '--libexecdir=/usr/libexec' \ '--sysconfdir=/etc' \ '--localstatedir=/var' \ '--libdir=/usr/lib64' \ '--includedir=/usr/include' \ '--datadir=/usr/share' \ '--infodir=/usr/share/info' \ '--localedir=/usr/share/locale' \ '--mandir=/usr/share/man' \ '--docdir=/usr/share/doc/clamav-0.102.3' \ '--exec-prefix=/usr' \ '--sharedstatedir=/var/lib' \ '--program-prefix=' \ '--enable-milter' \ '--disable-clamav' \ '--disable-static' \ '--disable-zlib-vcheck' \ '--disable-unrar' \ '--enable-id-check' \ '--enable-dns' \ '--with-dbdir=/var/lib/clamav' \ '--with-group=clamav' \ '--with-user=clamav' \ '--with-zlib=/usr' \ '--enable-ltdl-convenience' \ '--enable-check' \ '--with-systemdsystemunitdir=no' \ 'build_alias=x86_64-redhat-linux-gnu' \ 'host_alias=x86_64-redhat-linux-gnu' \ 'target_alias=x86_64-redhat-linux-gnu' \ 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \ 'LDFLAGS= -Wl,-z,relro' \ 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \ 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \ '--with-libcurl=/usr/local/curl-7.65.3'
2.2.2 编译软件包
make
2.2.3 安装软件包
make install
2.3 配置数据库更新工具
2.3.1 部署配置文件
cp /etc/freshclam.conf.sample /etc/freshclam.conf
使用如下命令编辑配置文件,
vim /etc/freshclam.conf
修改如下参数,
# Example DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner clamav DatabaseMirror database.clamav.net
根据配置创建所需的运行用户
groupadd -g 498 clamav useradd -u 498 -g 498 -d /var/lib/clamav -s /sbin/nologin -c "Clam Anti Virus Checker" clamav
根据配置创建所需的目录或修改已有目录的权限,
mkdir /var/log/clamav chown clamav:clamav /var/lib/clamav/ /var/log/clamav chmod 775 -R /var/lib/clamav/ /var/log/clamav
2.3.2 设置selinux
setsebool -P antivirus_can_scan_system 1
2.3.3 测试更新
freshclam
2.3.4 配置自动更新
crontab -e
加入如下配置,
47 * * * * /usr/bin/freshclam --quiet
2.3.5 手动测试扫描
clamscan ~
2.4 配置ClamAV守护进程
2.4.1 部署配置文件
cp /etc/clamd.conf.sample /etc/clamd.conf
使用如下命令编辑配置文件,
vim /etc/clamd.conf
修改如下参数,
# Example LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime yes LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd.sock FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 30 MaxThreads 50 ReadTimeout 300 User clamav ScanPE yes ScanELF yes ScanOLE2 yes ScanMail yes ScanArchive yes ArchiveBlockEncrypted no
然后,我们需要根据配置文件创建所需的文件夹,
mkdir /var/run/clamav chown clamav:clamav /var/run/clamav
2.4.2 部署服务控制脚本
vim /etc/init.d/clamd
加入如下配置,
#!/bin/sh # # Startup script for the Clam AntiVirus Daemon # # chkconfig: - 61 39 # description: Clam AntiVirus Daemon is a TCP/IP or socket protocol \ # server. # processname: clamd # pidfile: /var/run/clamav/clamd.pid # config: /etc/clamd.conf pidfile=/var/run/clamav/clamd.pid sockfile=/var/run/clamav/clamd.pid lockfile=/var/lock/subsys/clamd config=/etc/clamd.conf user=clamav group=clamav # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network [ -x /usr/sbin/clamd ] || exit 0 # Local clamd config test -f /etc/sysconfig/clamd && . /etc/sysconfig/clamd # See how we were called. case "$1" in start) echo -n "Starting Clam AntiVirus Daemon: " piddir=`dirname $pidfile` if [ ! -d $piddir ]; then mkdir -p $piddir chown $user:$group $piddir fi sleep 1 daemon clamd -c $config RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile ;; stop) echo -n "Stopping Clam AntiVirus Daemon: " killproc clamd rm -f $sockfile rm -f $pidfile RETVAL=$? echo ### heres the fix... we gotta remove the stale files on restart [ $RETVAL -eq 0 ] && rm -f $lockfile ;; status) status clamd RETVAL=$? ;; restart|reload) $0 stop $0 start RETVAL=$? ;; condrestart) [ -e $lockfile ] && $0 restart RETVAL=$? ;; *) echo "Usage: clamd {start|stop|status|restart|reload|condrestart}" exit 1 esac exit $RETVAL
编辑完成后,使用如下命令增加执行权限,
chmod +x /etc/init.d/clamd
然后,我们使用脚本启动服务并设置自启动,
/etc/init.d/clamd start chkconfig clamd on
另外,如果遇到SELinux无法启动问题,可以使用如下命令反复调试,
ausearch -c 'clamd' --raw | audit2allow -M my-clamd semodule -X 300 -i my-clamd.pp
或者,你可以选择关闭SELinux,
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
参阅文档
===================
官方主页
———–
http://www.clamav.net/
官方github
————–
https://github.com/Cisco-Talos/clamav-devel
下载页面
————
http://www.clamav.net/downloads
编译安装
————-
https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions
https://www.clamav.net/documents/installing-clamav-on-unix-linux-macos-from-source
应用场景参考
————
https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/antivirus_configuration.html
测试病毒码下载地址
—————-
https://www.eicar.org/?page_id=3950
非官方教程参考
————-
https://blog.csdn.net/zwjzqqb/article/details/80204676