操作步骤

1. 安装zlib包

yuminstall zlib zlib-devel -y

2. 下载并安装clamav源码包

到官网上(http://www.clamav.net/downloads)下载源码包(本文以clamav-0.99.2.tar.gz为例），解压到 /usr/local 目录下，并且重名为 clamav。

mkdir /usr/local/clamav

注：如果没有创建clamav，之后无法编译

useradd clamav -s /sbin/nologin -M

id clamav

grep clamav /etc/passwd

wget http://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz

tar xf clamav-0.99.2.tar.gz

cd clamav-0.99.2

./configure --prefix=/usr/local/clamav

注：如果这一步没有加参数 --prefix ，默认配置文件会安装到 /usr/local/etc 目录下

make && make install （此处安装特别耗费时间）

3. 修改配置文件

先创建日志目录和病毒库目录

mkdir /usr/local/clamav/logs (日志存放目录)

mkdir /usr/local/clamav/updata (clanav 病毒库目录)

修改配置文件

vim /usr/local/clamav/etc/clamd.conf

# Example 注释掉这一行. 第8 行

LogFile/usr/local/clamav/logs/clamd.log 删掉前面的注释目录改为logs下面 第14行

PidFile /usr/local/clamav/updata/clamd.pid 删掉前面的注释路径改一下 第57行

DatabaseDirectory/usr/local/clamav/updata 同上 第65行

4.下面创建日志文件

touch/usr/local/clamav/logs/freshclam.log

chownclamav:clamav/usr/local/clamav/logs/freshclam.log

touch/usr/local/clamav/logs/clamd.log

chownclamav:clamav/usr/local/clamav/logs/clamd.log

chownclamav:clamav/usr/local/clamav/updata

/usr/local/clamav/bin/freshclam (升级病毒库) 请确保服务器可以访问外网

/usr/local/clamav/bin/clamscan --remove (查杀当前目录并删除感染的文件)

实际生产环境应用

一般使用计划任务，让服务器每天晚上定时跟新和定时杀毒。保存杀毒日志，我的crontab文件如下

13 * * * /usr/local/clamav/bin/freshclam

20 3* * */usr/local/clamav/bin/clamscan -r/home --remove -l /var/log/clamscan.log

5.常见问题

问题一：启动clamav失败，报错需要修改/usr/local/etc/clamd.conf 和/usr/local/etc/freshclam.conf 。

解决办法：原因可能是在运行 ./configure 的时候没有加参数 --prefix=/usr/local/clamav 来指定安装路径，导致默认安装到/usr/local/etc路径中。

6.演示：

[root@reserve sync]# clamscan -r drcron_cpv

LibClamAV Warning:**************************************************

LibClamAV Warning: *** The virus database is older than 7 days! ***

LibClamAV Warning: *** Please update it as soon as possible. ***

LibClamAV Warning:**************************************************

drcron_cpv/ptask/countjs_syc.PHP: OK

drcron_cpv/ptask/countjs_syc_del-2017-7-24.PHP: OK

drcron_cpv/ptask/countjs_syc_defile.PHP: OK

drcron_cpv/ptask/defile.PHP: OK

drcron_cpv/ptask/defile-2017-7-24-1.PHP: OK

drcron_cpv/ptask/countjs_syc_browser-b.PHP: OK

drcron_cpv/ptask/countjs_syc_plan_h.PHP: OK

drcron_cpv/ptask/countjs_syc_plan.PHP: OK

drcron_cpv/ptask/countjs_img.PHP: OK

drcron_cpv/ptask/countjs_syc_site.PHP: OK

drcron_cpv/ptask/countjs_syc_del.PHP: OK

drcron_cpv/ptask/countjs_syc_site_h.PHP: OK

drcron_cpv/ptask/setcache.PHP: OK

drcron_cpv/ptask/countjs_browser.PHP: OK

drcron_cpv/ptask/setcache-2017-7-21.PHP: OK

drcron_cpv/ptask/setcity.PHP: OK

drcron_cpv/ptask/countjs_syc_img.PHP: OK

drcron_cpv/chksh/check_syc_site.sh: OK

----------- SCAN SUMMARY -----------

KNown viruses: 4490129

Engine version: 0.99.2

Scanned directories: 3

Scanned files: 18

Infected files: 0

Data scanned: 0.05 MB

Data read: 0.03 MB (ratio 1.71:1)

Time: 14.412 sec (0 m 14 s)

[root@reserve sync]#

参考资料：http://linuxguest.blog.51cto.com/195664/199632/

http://www.linuxidc.com/Linux/2017-03/141437.htm

http://www.cnblogs.com/reblue520/p/6555908.html