# Linux下怎么安裝Clam AntiVirus
## 一、ClamAV簡介
Clam AntiVirus(簡稱ClamAV)是一款開源的跨平臺反病毒工具包,專為郵件網關掃描、文件系統保護等場景設計。作為Linux系統中最流行的殺毒軟件之一,它具有以下核心特性:
- **開源免費**:遵循GPL協議,可自由使用和修改
- **多平臺支持**:支持Linux/Unix、Windows和macOS
- **實時防護**:通過Clamuko/Clamd模塊實現
- **病毒庫豐富**:每日自動更新(約4-8次/天)
- **低資源占用**:適合服務器環境
## 二、安裝前準備
### 系統要求
- 最低配置:1GHz CPU/512MB RAM/2GB磁盤空間
- 推薦配置:x86_64架構/2核CPU/2GB RAM
### 依賴檢查
```bash
# 檢查系統版本
lsb_release -a
uname -m
# 安裝基礎依賴
sudo apt update # Debian/Ubuntu
sudo apt install -y build-essential libssl-dev libcurl4-openssl-dev libxml2-dev
# 標準安裝
sudo apt install -y clamav clamav-daemon
# 安裝圖形界面(可選)
sudo apt install -y clamtk
# 驗證安裝
clamscan --version
# 添加EPEL倉庫
sudo yum install -y epel-release
# 安裝ClamAV
sudo yum install -y clamav clamav-update clamd
# 啟用服務
sudo systemctl enable clamd@scan
sudo systemctl start clamd@scan
sudo pacman -S clamav
sudo freshclam # 更新病毒庫
wget https://www.clamav.net/downloads/production/clamav-1.0.1.tar.gz
tar -xzvf clamav-*.tar.gz
cd clamav-*
./configure --prefix=/usr/local/clamav \
--with-user=clamav \
--with-group=clamav \
--with-systemdsystemunitdir=/etc/systemd/system
make -j$(nproc)
sudo make install
# 創建系統用戶
sudo groupadd clamav
sudo useradd -g clamav -s /bin/false clamav
編輯/etc/clamav/freshclam.conf:
DatabaseMirror database.clamav.net
Checks 24
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogTime yes
LogRotate yes
/etc/clamav/clamd.conf關鍵配置:
LogFile /var/log/clamav/clamd.log
LogTime yes
LogRotate yes
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket yes
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
# 創建systemd定時任務
sudo systemctl enable clamav-freshclam
sudo systemctl start clamav-freshclam
# 手動立即更新
sudo freshclam --verbose
# 快速掃描當前用戶目錄
clamscan -r --bell -i /home/$USER
# 全盤掃描(排除/proc目錄)
sudo clamscan -r --exclude-dir="^/proc" /
# 僅顯示感染文件
clamscan -r --infected --no-summary /path
# 移動病毒文件到隔離區
clamscan -r --move=/var/quarantine /target_path
# 每天凌晨3點掃描
(crontab -l 2>/dev/null; echo "0 3 * * * /usr/bin/clamscan -r /home --log=/var/log/clamav/scan.log") | crontab -
# 每周全盤掃描
echo "0 5 * * 0 /usr/bin/clamscan -r / --exclude-dir=\"^/proc\" --log=/var/log/clamav/fullscan.log" | sudo tee /etc/cron.weekly/clamscan
創建/usr/local/bin/clam-alert.sh:
#!/bin/bash
LOG="/var/log/clamav/lastscan.log"
ADMIN_EML="admin@example.com"
clamscan -r / --exclude-dir="^/proc" --log="$LOG"
if grep -q "Infected files: [1-9]" "$LOG"; then
mail -s "ClamAV Alert: $(hostname)" "$ADMIN_EML" < "$LOG"
fi
# 安裝inotify工具
sudo apt install -y inotify-tools
# 創建監控腳本
cat > /usr/local/bin/clam-monitor.sh <<EOF
#!/bin/bash
MONITOR_DIR="/home /var/www"
inotifywait -m -r -e create,move,modify \$MONITOR_DIR --format "%w%f" | while read FILE
do
clamdscan --move=/var/quarantine "\$FILE"
done
EOF
# 設為系統服務
sudo systemctl enable clamd@scan
編輯/etc/samba/smb.conf:
[viruscheck]
path = /var/quarantine
browseable = yes
writable = no
public = yes
[global]
vfs object = clamav
clamav socket = /var/run/clamav/clamd.ctl
# 在clamd.conf中添加:
ScanPE yes
ScanELF yes
ScanOLE2 yes
ScanPDF yes
ScanSWF yes
ScanHTML yes
ScanArchive yes
ArchiveBlockEncrypted no
MaxScanSize 100M
MaxFileSize 25M
# 更換鏡像源
sudo sed -i 's/database.clamav.net/db.local.clamav.net/g' /etc/clamav/freshclam.conf
# 手動下載
wget http://database.clamav.net/main.cvd -P /var/lib/clamav/
wget http://database.clamav.net/daily.cvd -P /var/lib/clamav/
sudo chown -R clamav:clamav /var/lib/clamav
sudo chmod 755 /var/lib/clamav
# 查看掃描日志
tail -f /var/log/clamav/clamd.log
# 測試掃描速度
time clamscan -r --no-summary /usr/bin
# 調整線程數
sudo sed -i 's/MaxThreads.*/MaxThreads 20/' /etc/clamav/clamd.conf
freshclam每日自動更新rpm -V clamav # RHEL
debsums -s clamav # Debian
