|
Clam AntiVirusインストール [root@falcon21 ~]# yum -y install clamd ClamAV update process started at Sat Jun 17 15:12:08 2017 main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.local.clamav.net (IP: 27.96.54.66) Downloading daily-23480.cdiff [100%] Downloading daily-23481.cdiff [100%] daily.cld updated (version: 23481, sigs: 1736841, f-level: 63, builder: neo) bytecode.cld is up to date (version: 303, sigs: 59, f-level: 63, builder: anvilleg) Database updated (6303149 signatures) from db.local.clamav.net (IP: 203.212.42.128) WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
195行目 #User clamav ← 行頭に#を追加 Known viruses: 6297601 Engine version: 0.99.2 Scanned directories: 1422 Scanned files: 19386 Infected files: 0 Data scanned: 733.59 MB Data read: 604.12 MB (ratio 1.21:1) Time: 524.534 sec (8 m 44 s)
# 設定ファイル CONFIG=/etc/clamd.conf
# スキャン実行 # ※ウイルス検知時は隔離ディレクトリへ隔離 CLAMSCANLOG=`mktemp` QUARANTINEDIR=/tmp/clamdscan-quarantinedir-$(date +%Y%m%d) mkdir -p ${QUARANTINEDIR} clamdscan -c ${CONFIG} --move=${QUARANTINEDIR} / > ${CLAMSCANLOG} 2>&1
# ウイルス検知時のみroot宛にメール通知 if [ -z "$(grep FOUND$ ${CLAMSCANLOG})" ]; then rm -rf ${QUARANTINEDIR} else grep -A 1 FOUND$ ${CLAMSCANLOG} | mail -s "Virus Found in `hostname` => ${QUARANTINEDIR}" root fi
# スキャンログをシスログに出力 cat ${CLAMSCANLOG} | logger -t $(basename ${0}) rm -f ${CLAMSCANLOG} [root@falcon21 ~]# /etc/rc.d/init.d/clamd restart Stopping Clam AntiVirus Daemon: [ OK ] Starting Clam AntiVirus Daemon: |