F15-Ubuntu安装开源杀软ClamAV

# 系统准备
首先准备一台Ubuntu机器：
https://wiki.bafangwy.com/doc/599/

clamav官网：
https://www.clamav.net/

# <font color="red">以下全部用root用户演示</font>

# 更新系统
`apt update && apt upgrade`

提示：
```
After this operation, 304 MB of additional disk space will be used.
Do you want to continue? [Y/n]
```
需要304MB的磁盘空间，输入`Y`按回车

如果进度卡住了，显示需要几个小时，按Ctrl+C中断，重新运行更新命令。

# 安装clamav
使用APT进行安装
`apt install clamav clamav-daemon`

提示
```
After this operation, 56.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
```

输入`Y`确认。
安装完成后，通过以下命令验证：
`clamscan --version`

![](/media/202503/2025-03-26_193807_2630340.6597369724570247.png)

# 安装 ClamTK 图形界面（可选）

ClamTK 提供了一个直观的用户界面，方便你配置 ClamAV 并执行扫描操作

`apt install clamtk`

提示：
```
After this operation, 28.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]
```

输入`Y`确认。

# 更新病毒数据库

停止 ClamAV 服务
`systemctl stop clamav-freshclam`

更新数据库
`freshclam`

更新结果：
```
Wed Mar 26 19:38:48 2025 -> daily.cvd database is up-to-date (version: 27589, sigs: 2074285, f-level: 90, builder: raynman)
Wed Mar 26 19:38:48 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Mar 26 19:38:48 2025 -> bytecode.cvd database is up-to-date (version: 336, sigs: 83, f-level: 90, builder: nrandolp)
```

启动数据库
`systemctl enable clamav-freshclam --now`

# ClamAV使用
`-l`选项非必需
扫描特定文件并记录结果
`/path/to/file`是需要扫描的文件，`/path/to/logfile`是日志目录，下同
`clamscan /path/to/file -l /path/to/logfile`

扫描特定目录并记录结果
`clamscan -r /path/to/directory -l /path/to/logfile`

# ClamAV定时自动扫描
```
cd
vim clamscan.sh
```

按`i`进入编辑模式，粘贴内容：
```
#!/bin/bash
clamscan -r /home >> /var/log/clamscan.log 2>&1
```
按Esc，输入`:wq`保存

增加可执行权限：
`chmod +x clamscan.sh`

`crontab -e`

选择编辑器，输入2按回车：

![](/media/202503/2025-03-26_194433_2222900.6040570892000553.png)

按`i`进入编辑模式，粘贴内容：
`0 3 * * * /root/clamscan.sh`

![](/media/202503/2025-03-26_194513_1935190.8811245744476859.png)

按Esc，输入`:wq`保存

0 3 * * * 表示每天凌晨 3 点执行任务

查看定时任务：
`crontab -l`

# Linux挖矿病毒样本测试
样本下载：
[【附件】20210821085613.zip](/media/attachment/2025/03/20210821085613.zip)

把zip文件传到`root`目录下，然后解压到test目录

```
cd
mkdir test
mv 20210821085613.zip test/
cd test
unzip 20210821085613.zip
```

指定目录扫描：
`clamscan -r /root/test`

扫描结果（发现7个感染文件）：
```
/root/test/b.sh: Unix.Downloader.Rocke-6826000-0 FOUND
/root/test/pnscan.tar.gz: OK
/root/test/newinit.sh: Unix.Downloader.Rocke-6826000-0 FOUND
/root/test/rs.sh: OK
/root/test/s174Mosd9oZ9: OK
/root/test/uninstall.sh: OK
/root/test/quartz_uninstall.sh: OK
/root/test/init 2.sh: Unix.Downloader.Rocke-6826000-0 FOUND
/root/test/call.txt: OK
/root/test/20210821085613.zip: Multios.Coinminer.Miner-6781728-2 FOUND
/root/test/is.sh: Unix.Downloader.Rocke-6826000-0 FOUND
/root/test/zzh: Multios.Coinminer.Miner-6781728-2 FOUND
/root/test/init.sh: Unix.Downloader.Rocke-6826000-0 FOUND
/root/test/1.0.4.tar.gz: OK
/root/test/s1707e4H9zXf: OK

----------- SCAN SUMMARY -----------
Known viruses: 8706061
Engine version: 1.0.8
Scanned directories: 1
Scanned files: 15
Infected files: 7
Data scanned: 18.11 MB
Data read: 12.03 MB (ratio 1.51:1)
Time: 20.406 sec (0 m 20 s)
Start Date: 2025:03:26 20:11:43
End Date:   2025:03:26 20:12:03

```

# 图形化界面

默认是bafang用户，先切换到root用户

![](/media/202503/2025-03-26_203324_6835180.39562192498257276.png)

Log Out —— Not listed —— 用root登录，密码是123456

点左下角图标打开ClamTK

![](/media/202503/2025-03-26_203110_9666240.6953306032523104.png)

![](/media/202503/2025-03-26_203045_9883250.03452114657895633.png)

# 当不再需要ClamAV时
停止 ClamAV 服务：
`systemctl stop clamav-freshclam`

禁用 ClamAV 服务：
`systemctl disable clamav-freshclam --now`

（如果有需要）卸载 ClamAV 及其守护进程：
`apt remove clamav clamav-daemon`

（如果有需要）卸载 ClamAV 图形界面（可选）：
`apt remove clamtk`

# 开源安全产品全系列
F12-Linux安装雷池WAF
https://wiki.bafangwy.com/doc/704/

F13-Ubuntu安装开源堡垒机JumpServer
https://wiki.bafangwy.com/doc/820/

F14-Ubuntu安装开源蜜罐HFish
https://wiki.bafangwy.com/doc/821/

F15-Ubuntu安装开源杀软ClamAV
https://wiki.bafangwy.com/doc/822/

F16-开源态势感知系统liuying单机版使用方法
https://wiki.bafangwy.com/doc/823/

F17-Ubuntu安装开源IDS/IPS系统Suricata
https://wiki.bafangwy.com/doc/825/

D14-Windows虚拟机安装OpenEDR
https://wiki.bafangwy.com/doc/826/