background knowledge:

As an open source anti-virus program, clamav can directly perform regular anti-virus scans on local files, or start anti-virus services. The remote program calls the service to transfer the files and returns whether they are viruses after scanning. It can be used after files are uploaded in the business system. Call up remote scanning to achieve the purpose of embedding in the business system.

clamav installation:

1. Download the program

The version used here is 0.102.3

download link:

#Create program directory
mkdir /usr/local/clamav
cd /usr/local/clamav
 #Upload the downloaded program file to /usr/local/clamav

2、Installation dependencies

yum install gcc openssl openssl-devel  -y
yum install gcc gcc++ 
yum install gcc gcc-c++ gcc-g77 
yum install curl-devel

3. Upgrade libcurl

I encountered the following error during the installation process: Your libcurl (e.g. libcurl-devel) is too old. Installing ClamAV with clamonacc requires libcurl 7.45 or higher. Need to upgrade libcurl.

#Install repo
rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-1.rhel7.noarch.rpm
 #View the curl version contained in the repo
yum --showduplicates list curl --disablerepo="*" --enablerepo="city*"
 #Modify the enable of the repo to 1
vi /etc/yum.repos.d/city-fan.org.repo
 #enabled=0 Change to enabled=1
 #Install the latest curl
yum install curl
yum install epel-release -y
yum --enablerepo=epel install libnghttp2 -y && yum install libcurl -y

4. Compile and install

#clamavUsers and user groups
groupadd clamav && useradd -g clamav clamav && id clamav

 #Log storage directory
mkdir -p /usr/local/clamav/logs     
touch /usr/local/clamav/logs/clamd.log
touch /usr/local/clamav/logs/freshclam.log
chown clamav.clamav /usr/local/clamav/logs/clamd.log
chown clamav.clamav /usr/local/clamav/logs/freshclam.log

 #Virus inventory list
mkdir -p /usr/local/clamav/updata
chown -R root.clamav /usr/local/clamav/
chown -R clamav.clamav /usr/local/clamav/updata/

 #Unzip the installation package
tar xf clamav-0.102.3.tar.gz

 #Compile and install
cd clamav-0.102.3
./configure --prefix=/usr/local/clamav  --with-pcre
make && make install

5. Configure clamav

cd /usr/local/clamav/etc
cp clamd.conf.sample clamd.conf
cp freshclam.conf.sample freshclam.conf

vi freshclam.conf
 #Example Comment out this line. 
 # Add the following configuration
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid

vi clamd.conf
 #Example Comment out this line. 
 # Add the following configuration
DatabaseDirectory /usr/local/clamav/updata
UpdateLogFile /usr/local/clamav/logs/freshclam.log
PidFile /usr/local/clamav/updata/freshclam.pid
TCPSocket 3310
TCPAddr 192.168.31.193
 #TCPAddr is the address of the listening service

6. Download (update) virus database file

#Direct update
/usr/local/clamav/bin/freshcla

 #Manual download
cd /usr/local/clamav/updata/
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/bytecode.cvd

7. Start the clamav-daemon service

#Permission
chown -R clamav.clamav /usr/local/clamav/

 #Start clamav-freshclam service
systemctl start clamav-freshclam.service
systemctl enable clamav-freshclam.service 
systemctl status clamav-freshclam.service
systemctl stop clamav-freshclam.service 


 #Need to place the virus database file in the /usr/local/clamav/share/clamav directory
 #Start remote service
systemctl start clamav-daemon.service
systemctl enable clamav-daemon.service

 #View status
systemctl status clamav-daemon.service

 #stop 
systemctl stop clamav-daemon.service 


 #Check if port 3310 is listening
netstat -tunlp | grep 3310

 #Scan individual files command
/usr/local/clamav/bin/clamscan file.zip

8. Start the clamav-rest service

download link:

Modify the program entry configuration

Test after starting the service:

Virus file:

Non-virus files: