201711061209CentOS7 安裝防毒軟體 ClamAV

雖然我感覺不出來在 Linux 一般系統裡安裝防毒軟體的作用,但在某些應用有可能被外部使用者更改檔案,且資安要求需要安裝所以就會在 CentOS 裡安裝 ClamAV ,之前寫過一篇「Linux 系統安裝防毒 - ClamAV」但後來在套用指令發現綴詞太多,於是再寫一篇快速應用,只要簡單貼上下面指令,就能在 CentOS 裡配置防毒軟體 ClamAV。

 

安裝套件庫 EPEL Repository
sudo yum install epel-release -y

安裝防毒軟體
sudo yum install clamav clamd -y
會安裝:clamav、clamd 及 clamav-db

設定 selinux
sudo setsebool -P antivirus_can_scan_system 1

啟動服務 clamd
(CentOS 6) sudo chkconfig clamd on; sudo service clamd start
(CentOS 7 )sudo systemctl start clamd 

若病毒碼未更新會跳出這個警告訊息
Starting Clam AntiVirus Daemon:
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days!                         ***
LibClamAV Warning: *** Please update it as soon as possible.                              ***
LibClamAV Warning: **************************************************

增加台灣病毒碼更新資料庫 - 不增加也可以,但速度會差很多
sudo vi /etc/freshclam.conf
DatabaseMirror clamav.stu.edu.tw
DatabaseMirror db.tw.clamav.net

更新病毒碼
sudo freshclam

ClamAV update process started at Mon Nov 6 11:54:40 2017
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK
Downloading main-58.cdiff [100%]
main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Reading CVD header (daily.cvd): OK
WARNING: getfile: daily-21724.cdiff not found on clamav.stu.edu.tw (IP: 2001:e10:c41:eeee::1)
WARNING: getpatch: Can't download daily-21724.cdiff from clamav.stu.edu.tw
Trying host clamav.stu.edu.tw (120.119.118.1)...
WARNING: getfile: daily-21724.cdiff not found on clamav.stu.edu.tw (IP: 120.119.118.1)
WARNING: getpatch: Can't download daily-21724.cdiff from clamav.stu.edu.tw
WARNING: getpatch: Can't download daily-21724.cdiff from clamav.stu.edu.tw
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 24010, sigs: 1769510, f-level: 63, builder: neo)
Reading CVD header (bytecode.cvd): OK
Downloading bytecode-279.cdiff [100%]
(略)
Downloading bytecode-315.cdiff [100%]
bytecode.cld updated (version: 315, sigs: 75, f-level: 63, builder: raynman)
Database updated (6335834 signatures) from clamav.stu.edu.tw (IP: 120.119.118.1)

 

設定每日排程更新病毒碼 與 掃描特定目錄,當然也可以針對 root /
sudo vi /etc/crontab
# 1 1 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log
# 以 yum 套件方式安裝,不需要額外設定每日更新事件,他會自動在 /etc/cron.daily/freshclam 排程更新
1 2 * * * root /usr/bin/clamscan -r /target_directory

即時掃描某目錄,若掃描正常會在檔名後面顯示OK
sudo  clamscan -r  /www/webroot

最後會產出掃描結果
----------- SCAN SUMMARY -----------
Known viruses: 6330125
Engine version: 0.99.2
Scanned directories: 39
Scanned files: 2196
Infected files: 0
Data scanned: 2860.51 MB
Data read: 12931.74 MB (ratio 0.22:1)
Time: 629.235 sec (10 m 29 s)

 

套件說明:
clamd:The Clam AntiVirus Daemon
clamav:Anti-virus software
    Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning).  The package provides a flexible and scalable multi-threaded daemon, a  command line scanner, and a tool for automatic updating via Internet.
clamav-devel:Header files, libraries and development documentation for clamav
    This package contains the header files, static libraries and development documentation for clamav. If you like to develop programs using clamav, you will need to install clamav-devel.

~End

回應
關鍵字
Google Search
Google
累積 | 今日
loading......
平均分數:0 顆星
投票人數:0
我要評分:
Google