---------------------


 必要なパッケージインストール
[root@falcon21 ~]# yum -y install clamav clamav-server clamav-server-systemd clamav-update clamav-scanner-systemd
インストール済み:
  clamav-0.102.4-1.el8.x86_64        clamav-filesystem-0.102.4-1.el8.noarch clamav-lib-0.102.4-1.el8.x86_64
  clamav-update-0.102.4-1.el8.x86_64 clamd-0.102.4-1.el8.x86_64             libprelude-5.2.0-1.el8.x86_64

完了しました!


---------------------

 ウイルス定義ファイル更新設定ファイル編集
[root@falcon21 ~]# vi /etc/freshclam.conf
    145 #NotifyClamd /path/to/clamd.conf
    146 NotifyClamd /etc/clamd.d/scan.conf



 ウイルス定義ファイル最新化
[root@falcon21 ~]# freshclam
ClamAV update process started at Sat Nov 21 13:51:21 2020
daily database available for download (remote version: 25994)
Time: 1.9s, ETA: 0.0s [=============================>] 109.31MiB/109.31MiB
Testing database: '/var/lib/clamav/tmp.103c4/clamav-ce1d8f95e4293982e12f6d78c1f9d09e.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 25994, sigs: 4347226, f-level: 63, builder: raynman)
main database available for download (remote version: 59)
Time: 1.3s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB
Testing database: '/var/lib/clamav/tmp.103c4/clamav-879b2e74e68ce3385dbae1e5989543c7.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode database available for download (remote version: 331)
Time: 0.1s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB
Testing database: '/var/lib/clamav/tmp.103c4/clamav-3d7bfb8ad370caf0ce5d1e4e4b740a90.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
ERROR: NotifyClamd: No communication socket specified in /etc/clamd.d/scan.conf
ERROR: Can't send to clamd: Socket operation on non-socket


   ----- No communication socket specified in /etc/clamd.d/scan.conf -----
   
  [root@falcon21 ~]# vi /etc/clamd.d/scan.conf
     91 # Path to a local socket file the daemon will listen on.
     92 # Default: disabled (must be specified by a user)
     93 #LocalSocket /run/clamd.scan/clamd.sock
     94 LocalSocket /var/run/clamd.scan/clamd.sock

    205 # Run as another user (clamd must be started by root for this option to work)
    206 # Default: don't drop privileges
    207 #User clamscan


  Clam AntiVirus起動
[root@falcon21 ~]# systemctl start clamd@scan
[root@falcon21 ~]# systemctl enable clamd@scan
Created symlink /etc/systemd/system/multi-user.target.wants/clamd@scan.service → /usr/lib/systemd/system/clamd@.service.

 Clam AntiVirus起動状況確認
[root@falcon21 ~]# systemctl status clamd@scan
 clamd@scan.service - clamd scanner (scan) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-11-21 14:22:49 JST; 1min 19s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
 Main PID: 11548 (clamd)
    Tasks: 2 (limit: 48971)
   Memory: 1.1G
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─11548 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

11月 21 14:22:47 falcon21.space clamd[11548]: ELF support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: Mail files support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: OLE2 support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: PDF support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: SWF support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: HTML support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: XMLDOCS support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: HWP3 support enabled.
11月 21 14:22:47 falcon21.space clamd[11548]: Self checking every 600 seconds.
11月 21 14:22:49 falcon21.space systemd[1]: Started clamd scanner (scan) daemon.



 ウイルススキャンテスト
[root@falcon21 ~]# clamdscan -c /etc/clamd.d/scan.conf --remove
/root: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 91.315 sec (1 m 31 s)


-------------------------------------------------

  ウイルススキャン日次実行スクリプト作成
[root@falcon21 ~]# vi /etc/cron.daily/clamdscan
#!/bin/sh

# 設定ファイル
CONFIG=/etc/clamd.d/scan.conf

# スキャン実行
# ※ウイルス検知時は隔離ディレクトリへ隔離
CLAMSCANLOG=`mktemp`
QUARANTINEDIR=/tmp/clamdscan-quarantinedir-$(date +%Y%m%d)
mkdir -p ${QUARANTINEDIR}
clamdscan -c ${CONFIG} --move=${QUARANTINEDIR} / > ${CLAMSCANLOG} 2>&1

# ウイルス検知時のみroot宛にメール通知
if [ -z "$(grep FOUND$ ${CLAMSCANLOG})" ]; then

rm -rf ${QUARANTINEDIR}
else

grep -A 1 FOUND$ ${CLAMSCANLOG} | mail -s "Virus Found in `hostname` => ${QUARANTINEDIR}" root
fi

# スキャンログをシスログに出力
cat ${CLAMSCANLOG} | logger -t $(basename ${0})
rm -f ${CLAMSCANLOG}


-------------------

  スキャン対象外設定
[root@falcon21 ~]# echo ExcludePath ^/proc/ >> /etc/clamd.d/scan.conf
[root@falcon21 ~]# echo ExcludePath ^/sys/ >> /etc/clamd.d/scan.conf


 Clam AntiVirus再起動
[root@falcon21 ~]# systemctl restart clamd@scan

***********************************************************************
投票数:2 平均点:10.00
この記事の1行目に飛ぶ
 
Back to Top