clamavインストール

[root@falcon21 ~]# yum install --enablerepo=epel clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

インストール:
  clamav-devel.x86_64 0:0.99.4-1.el7                                           

完了しました!

----------------------------

[root@falcon21 ~]# cd /etc/clamd.d/
[root@falcon21 clamd.d]# cp -p scan.conf scan.conf_yyyymmdd
[root@falcon21 clamd.d]# vi scan.conf
     14 LogFile /var/log/clamd.scan
     31 LogFileMaxSize 2M
     35 LogTime yes
     57 LogRotate yes
     97 FixStaleSocket yes
    165 ExcludePath ^/proc/
    166 ExcludePath ^/sys/
    167 ExcludePath ^/dev/
    196 User root

----------------------------------
clamd@scanを起動
[root@falcon21 clamd.d]# systemctl start clamd@scan
[root@falcon21 clamd.d]# systemctl enable clamd@scan
[root@falcon21 clamd.d]# systemctl status clamd@scan
● clamd@scan.service - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabl[root@falcon21 ~]# ed)
   Active: active (running) since 火 2018-05-01 23:06:02 JST; 2 days ago
 Main PID: 1755 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─1755 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

 5月 04 08:53:23 falcon21.space clamd[1755]: SelfCheck: Database status OK.
 5月 04 09:03:23 falcon21.space clamd[1755]: SelfCheck: Database status OK.
 5月 04 09:13:23 falcon21.space clamd[1755]: SelfCheck: Database status OK.
 5月 04 09:23:23 falcon21.space clamd[1755]: SelfCheck: Database status OK.
 5月 04 09:33:23 falcon21.space clamd[1755]: SelfCheck: Database status OK.
 5月 04 09:43:23 falcon21.space clamd[1755]: SelfCheck: Database status OK.
 5月 04 09:53:23 falcon21.space clamd[1755]: SelfCheck: Database modificati....
 5月 04 09:53:25 falcon21.space clamd[1755]: Reading databases from /var/li...v
 5月 04 09:53:55 falcon21.space clamd[1755]: Database correctly reloaded (6...)
 5月 04 10:03:55 falcon21.space clamd[1755]: SelfCheck: Database status OK.
Hint: Some lines were ellipsized, use -l to show in full.

-----------------------------------
「/etc/freshclam.conf」を編集
[root@falcon21 ~]# vi /etc/freshclam.conf

    25 LogFileMaxSize 2M
    29 LogTime yes
    46 LogRotate yes
    56 DatabaseOwner root

--------------------------------------- 
手動で「freshclam」を実行してウイルスデータベースが更新できることを確認

[root@falcon21 ~]# freshclam -u root
ClamAV update process started at Fri May  4 10:24:53 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.4 Recommended version: 0.100.0
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cld is up to date (version: 24537, sigs: 1932498, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)

-------------------------------
[root@falcon21 ~]# clamdscan
ERROR: Can't parse clamd configuration file /etc/clamd.conf

[root@falcon21 ~]# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

clamdscan実行   ーーーー 時間がかかる
[root@falcon21 ~]# clamdscan
/root: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 770.877 sec (12 m 50 s)

----------------------------
clamdscanオプション

オプション 説明
--remove 検出したウイルスデータを削除する
(注意して使用してください)
--move=ディレクトリ 検出したウイルスデータを設定したディレクトリに移動する
ディレクトリは事前に作成すること
--log=ログファイル スキャン結果を設定したログファイルに記録する
--config-file=コンフィグファイル コンフィグファイルを指定してclamdscanを実行する


ディレクトリを指定して、ウイルススキャン
[root@falcon21 ~]# clamdscan /home
/home: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 790.635 sec (13 m 10 s)

--------------------------------------------
定期実行 ウイルススキャンスクリプトを作成
[root@falcon21 ~]# vi virus_scan.sh
#!/bin/bash
 
SCANDIR=/
VIRUS_MVDIR=/root/virus
MAILADDR=root@falcon21.space

CLAMDSCAN=/bin/clamdscan
HOSTNAME=`hostname`
RUNDATE=`date +%Y%m%d-%H%M%S`
SCANTMP=/tmp/clamdscan_$RUNDATE

CLAMUPDATE="clamav-server \
clamav-data \
clamav-update \
clamav-filesystem \
clamav \
clamav-scanner \
clamav-scanner-systemd \
clamav-devel \
clamav-lib \
clamav-server-systemd"
 
-------------------------------
[root@falcon21 ~]# chmod 744 /root/virus_scan.sh

スクリプト動作テスト
[root@falcon21 ~]# sh -x virus_scan.sh
+ SCANDIR=/
+ VIRUS_MVDIR=/root/virus
+ MAILADDR=root@falcon21.space
+ CLAMDSCAN=/bin/clamdscan
++ hostname
+ HOSTNAME=falcon21.space
++ date +%Y%m%d-%H%M%S
+ RUNDATE=20180504-114534
+ SCANTMP=/tmp/clamdscan_20180504-114534
+ CLAMUPDATE='clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd'
+ yum -y update --enablerepo=epel clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
読み込んだプラグイン:fastestmirror, langpacks, priorities
milter-manager_repos/x86_64/signature                    |  836 B     00:00    
milter-manager_repos/x86_64/signature                    | 1.0 kB     00:00 !!!
milter-manager_repos-source/signature                    |  836 B     00:00    
milter-manager_repos-source/signature                    | 1.0 kB     00:00 !!!
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * remi-safe: mirrors.tuna.tsinghua.edu.cn
 * updates: ftp.iij.ad.jp
156 packages excluded due to repository priority protections
No packages marked for update
+ /bin/clamdscan /
++ grep 'FOUND$' /tmp/clamdscan_20180504-114534
+ '[' '!' -z '' ']'
++ grep 'FOUND$' /tmp/clamdscan_20180504-114534
+ '[' -z '' ']'
+ cat /tmp/clamdscan_20180504-114534
+ mail -s '[Virus Not Found] falcon21.space 20180504-114534' root@falcon21.space
+ rm -f /tmp/clamdscan_20180504-114534


--------------------------------------

投票数:22 平均点:10.00
この記事の1行目に飛ぶ
 
Back to Top