有尝试过静态编译clamd 吗?
编译安装
2
1 前言
– ClamAV是用于检测木马,病毒,恶意软件和其他恶意威胁的一个开源杀毒引擎。
– 由于CentOS提供的不是最新版本,于是笔者决定自行编译安装。
2 最佳实践
2.1 安装前的准备
2.1.1 系统环境
OS = CentOS 6.x x86_64
IP Address = any
Host Name = any.cmdschool.org
2.1.2 准备编译环境
yum groupinstall -y "Development Tools"
2.1.3 下载软件包
cd ~ wget http://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz
注,另外其他版本请从以下链接下载(含二进制安装包,如rpm包),
http://www.clamav.net/download/
2.1.4 解压软件包
cd ~ tar -xf clamav-0.102.3.tar.gz
2.2 编译安装clamav
2.2.1 预编译软件包
cd ~/clamav-0.102.3
./configure '--build=x86_64-redhat-linux-gnu' \
'--host=x86_64-redhat-linux-gnu' \
'--target=x86_64-redhat-linux-gnu' \
'--prefix=/usr' \
'--bindir=/usr/bin' \
'--sbindir=/usr/sbin' \
'--libexecdir=/usr/libexec' \
'--sysconfdir=/etc' \
'--localstatedir=/var' \
'--libdir=/usr/lib64' \
'--includedir=/usr/include' \
'--datadir=/usr/share' \
'--infodir=/usr/share/info' \
'--localedir=/usr/share/locale' \
'--mandir=/usr/share/man' \
'--docdir=/usr/share/doc/clamav-0.102.3' \
'--exec-prefix=/usr' \
'--sharedstatedir=/var/lib' \
'--program-prefix=' \
'--enable-milter' \
'--disable-clamav' \
'--disable-static' \
'--disable-zlib-vcheck' \
'--disable-unrar' \
'--enable-id-check' \
'--enable-dns' \
'--with-dbdir=/var/lib/clamav' \
'--with-group=clamav' \
'--with-user=clamav' \
'--with-zlib=/usr' \
'--enable-ltdl-convenience' \
'--enable-check' \
'--with-systemdsystemunitdir=no' \
'build_alias=x86_64-redhat-linux-gnu' \
'host_alias=x86_64-redhat-linux-gnu' \
'target_alias=x86_64-redhat-linux-gnu' \
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
'LDFLAGS= -Wl,-z,relro' \
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
如果遇到以下提示,
configure: error: OpenSSL not found.
可参阅如下命令解决依赖关系,
yum install -y openssl-devel
如果遇到以下提示,
configure: error: Cannot find libmilter
可参阅如下命令解决依赖关系,
yum install -y sendmail-devel
如果遇到以下提示,
checking for libcurl installation... configure: error: libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.
可参阅如下命令解决依赖关系,
yum install -y libcurl-devel
如果遇到以下提示,
configure: error: ERROR! Check was configured, but not found. Get it from http://check.sf.net/
可参阅如下命令解决依赖关系,
yum install -y check-devel
如果遇到以下提示,
configure: error: Your libcurl (e.g. libcurl-devel) is too old. Installing ClamAV with clamonacc requires libcurl 7.45 or higher. For a quick fix, run ./configure again with --disable-clamonacc if you do not wish to use on-access scanning features. For more information on ClamAV's on-access scanner, please read our documentation: https://www.clamav.net/documents/on-access-scanning#on-access-scanning
可参阅如下文档解决依赖关系,
如果安装后错误提示仍存在,你可以增加参数“-with-libcurl”手动指定libcurl的位置,
cd ~/clamav-0.102.3
./configure '--build=x86_64-redhat-linux-gnu' \
'--host=x86_64-redhat-linux-gnu' \
'--target=x86_64-redhat-linux-gnu' \
'--prefix=/usr' \
'--bindir=/usr/bin' \
'--sbindir=/usr/sbin' \
'--libexecdir=/usr/libexec' \
'--sysconfdir=/etc' \
'--localstatedir=/var' \
'--libdir=/usr/lib64' \
'--includedir=/usr/include' \
'--datadir=/usr/share' \
'--infodir=/usr/share/info' \
'--localedir=/usr/share/locale' \
'--mandir=/usr/share/man' \
'--docdir=/usr/share/doc/clamav-0.102.3' \
'--exec-prefix=/usr' \
'--sharedstatedir=/var/lib' \
'--program-prefix=' \
'--enable-milter' \
'--disable-clamav' \
'--disable-static' \
'--disable-zlib-vcheck' \
'--disable-unrar' \
'--enable-id-check' \
'--enable-dns' \
'--with-dbdir=/var/lib/clamav' \
'--with-group=clamav' \
'--with-user=clamav' \
'--with-zlib=/usr' \
'--enable-ltdl-convenience' \
'--enable-check' \
'--with-systemdsystemunitdir=no' \
'build_alias=x86_64-redhat-linux-gnu' \
'host_alias=x86_64-redhat-linux-gnu' \
'target_alias=x86_64-redhat-linux-gnu' \
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
'LDFLAGS= -Wl,-z,relro' \
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \
'--with-libcurl=/usr/local/curl-7.65.3'
2.2.2 编译软件包
make
2.2.3 安装软件包
make install
2.3 配置数据库更新工具
2.3.1 部署配置文件
cp /etc/freshclam.conf.sample /etc/freshclam.conf
使用如下命令编辑配置文件,
vim /etc/freshclam.conf
修改如下参数,
# Example DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner clamav DatabaseMirror database.clamav.net
根据配置创建所需的运行用户
groupadd -g 498 clamav useradd -u 498 -g 498 -d /var/lib/clamav -s /sbin/nologin -c "Clam Anti Virus Checker" clamav
根据配置创建所需的目录或修改已有目录的权限,
mkdir /var/log/clamav chown clamav:clamav /var/lib/clamav/ /var/log/clamav chmod 775 -R /var/lib/clamav/ /var/log/clamav
2.3.2 设置selinux
setsebool -P antivirus_can_scan_system 1
2.3.3 测试更新
freshclam
2.3.4 配置自动更新
crontab -e
加入如下配置,
47 * * * * /usr/bin/freshclam --quiet
2.3.5 手动测试扫描
clamscan ~
2.4 配置ClamAV守护进程
2.4.1 部署配置文件
cp /etc/clamd.conf.sample /etc/clamd.conf
使用如下命令编辑配置文件,
vim /etc/clamd.conf
修改如下参数,
# Example LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime yes LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd.sock FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 30 MaxThreads 50 ReadTimeout 300 User clamav ScanPE yes ScanELF yes ScanOLE2 yes ScanMail yes ScanArchive yes ArchiveBlockEncrypted no
然后,我们需要根据配置文件创建所需的文件夹,
mkdir /var/run/clamav chown clamav:clamav /var/run/clamav
2.4.2 部署服务控制脚本
vim /etc/init.d/clamd
加入如下配置,
#!/bin/sh
#
# Startup script for the Clam AntiVirus Daemon
#
# chkconfig: - 61 39
# description: Clam AntiVirus Daemon is a TCP/IP or socket protocol \
# server.
# processname: clamd
# pidfile: /var/run/clamav/clamd.pid
# config: /etc/clamd.conf
pidfile=/var/run/clamav/clamd.pid
sockfile=/var/run/clamav/clamd.pid
lockfile=/var/lock/subsys/clamd
config=/etc/clamd.conf
user=clamav
group=clamav
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
[ -x /usr/sbin/clamd ] || exit 0
# Local clamd config
test -f /etc/sysconfig/clamd && . /etc/sysconfig/clamd
# See how we were called.
case "$1" in
start)
echo -n "Starting Clam AntiVirus Daemon: "
piddir=`dirname $pidfile`
if [ ! -d $piddir ]; then
mkdir -p $piddir
chown $user:$group $piddir
fi
sleep 1
daemon clamd -c $config
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
;;
stop)
echo -n "Stopping Clam AntiVirus Daemon: "
killproc clamd
rm -f $sockfile
rm -f $pidfile
RETVAL=$?
echo
### heres the fix... we gotta remove the stale files on restart
[ $RETVAL -eq 0 ] && rm -f $lockfile
;;
status)
status clamd
RETVAL=$?
;;
restart|reload)
$0 stop
$0 start
RETVAL=$?
;;
condrestart)
[ -e $lockfile ] && $0 restart
RETVAL=$?
;;
*)
echo "Usage: clamd {start|stop|status|restart|reload|condrestart}"
exit 1
esac
exit $RETVAL
编辑完成后,使用如下命令增加执行权限,
chmod +x /etc/init.d/clamd
然后,我们使用脚本启动服务并设置自启动,
/etc/init.d/clamd start chkconfig clamd on
另外,如果遇到SELinux无法启动问题,可以使用如下命令反复调试,
ausearch -c 'clamd' --raw | audit2allow -M my-clamd semodule -X 300 -i my-clamd.pp
或者,你可以选择关闭SELinux,
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
参阅文档
===================
官方主页
———–
http://www.clamav.net/
官方github
————–
https://github.com/Cisco-Talos/clamav-devel
下载页面
————
http://www.clamav.net/downloads
编译安装
————-
https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions
https://www.clamav.net/documents/installing-clamav-on-unix-linux-macos-from-source
应用场景参考
————
https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/antivirus_configuration.html
测试病毒码下载地址
—————-
https://www.eicar.org/?page_id=3950
非官方教程参考
————-
https://blog.csdn.net/zwjzqqb/article/details/80204676
