Shulou(Shulou.com)06/01 Report--

I. brief introduction:

ClamAV is an open source antivirus engine developed by the Sourcefire organization. ClamAV provides a faster and more flexible framework for detecting malicious code and software products. ClamAV can be used as a supplementary tool or alternative to existing desktops, file servers, mail servers and other antivirus scanning software scenarios that require antivirus scanning software. In addition, the ClamAV package also includes libclamav library and command line executable file interface, and also provides freshclam command line tools to ensure the update of the feature library.

2. Install and configure ClamAV:

1. Install the epel source

2. # yum-y install zlib-devel openssl-devel clamav* clamd*

/ / or rpm installs clamd-0.99.2-1.el6.x86_64.rpm, clamav-0.99.2-1.el6.x86_64.rpm, clamav-db-0.99.2-1.el6.x86_64.rpm

3. View the list of files generated after the package is installed: # rpm-ql clamd # rpm-ql clamav

4. Confirm the content of configuration file / etc/freshclam.conf:

(1) the line at the beginning of Example has been commented

(2) DatabaseDirectory/var/lib/clamav

(3) UpdateLogFile/var/log/clamav/freshclam.log

5. Confirm the content of configuration file / etc/clamd.conf:

(1) the line at the beginning of Example has been commented

(2) LogFile/var/log/clamav/clamd.log

(3) PidFile/var/run/clamav/clamd.pid

6. Confirm whether the system time is correct: # date032312162017.34 # date

Start the service and update the virus database manually:

1. Enable the service:

# service clamd start

# netstat-lntup | grep clamd

# chkconfig clamd on

2. Update the virus database manually:

# freshclam / / long execution time

Update the virus database again after adjusting the system time:

Fourth, antivirus and other common operations:

1. Full scan: # clamscan-r /

2. Delete the virus immediately after scanning (use with caution): # clamscan-r /-- remove

3. Move to the / tmp directory immediately after scanning the virus: # clamscan-r /-- move=/tmp

4. Generate scan log file: # clamscan/tmp/1.txt-l / var/log/clamscan.log

5. Common options:

(1)-- quiet: only print error messages

(2)-I |-- infected: print only infected files

(3)-- remove [= yes/no (*)]: remove infected files

(4)-- move=DIRECTORY: move the infected files to the specified directory

(5)-- copy=DIRECTORY: copy the infected files to the specified directory

(6)-- exclude=REGEX: do not scan files that match regular expressions

(7)-- exclude-dir=REGEX: do not scan directories that match regular expressions

(8)-- include=REGEX: scan only files that match regular expressions

(9)-- include-dir=REGEX: scan only directories that match regular expressions

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.