Linux 의 소프트웨어 ClamAV


 
  ClamAV 는 광범 위 하고 GPL License 를 기반 으로 하 는 소스 코드 를 사용 하 는 전형 적 인 백신 소프트웨어 로 windows, Liux, Unix 등 운영 체 제 를 지원 하고 메 일 클 라 이언 트 서버, HTTP 바이러스 스 캔 에이전트 등 다른 응용 프로그램 에 널리 응용 된다.
다음 설치 시작
[root@nsh ~]# yum install -y epel-release
[root@nsh ~]# yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

프로필 수정
[root@nsh ~]# sed -i '/^Example/d' /etc/clamd.d/scan.conf
[root@nsh ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

프로필 편집
[root@nsh ~]# vim /etc/clamd.d/scan.conf
User clamscan LocalSocket /var/run/clamd.scan/clamd.sock

바이러스 라 이브 러 리 업데이트
[root@nsh ~]# freshclam
ClamAV update process started at Tue Oct 29 13:43:11 2019
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25551.cdiff [100%]
Downloading daily-25552.cdiff [100%]
Downloading daily-25553.cdiff [100%]
Downloading daily-25554.cdiff [100%]
Downloading daily-25555.cdiff [100%]
Downloading daily-25556.cdiff [100%]
Downloading daily-25557.cdiff [100%]
Downloading daily-25558.cdiff [100%]
Downloading daily-25559.cdiff [100%]
Downloading daily-25560.cdiff [100%]
Downloading daily-25561.cdiff [100%]
...............................................................
Downloading daily-25614.cdiff [100%]
Downloading daily-25615.cdiff [100%]
Downloading daily-25616.cdiff [100%]
daily.cld updated (version: 25616, sigs: 1960147, f-level: 63, builder: raynman)
Downloading bytecode-331.cdiff [100%]
bytecode.cld updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Database updated (6526490 signatures) from database.clamav.net (IP: 104.16.219.84)

 
정기 업데이트 바이러스 라 이브 러 리 설정 (선택 가능)
crontab -e


00 01,13 * * * /usr/bin/freshclam --quiet

freshclam 은 시스템 서비스 가 아니 기 때문에 다음 과 같이 새로 만 들 수 있 습 니 다.
vim /usr/lib/systemd/system/freshclam.service
[Unit]
Description = freshclam scanner
After = network.target
 
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 2   #      
Restart = on-failure
PrivateTmp = true
 
[Install]
WantedBy=multi-user.target
 
systemctl enable freshclam.service
systemctl start freshclam.service
systemctl status freshclam.service

살 처분 서비스 시작
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]

clamAV 설정 정보 보기:
[root@nsh ~]# clamconf
Checking configuration files in /etc

Config file: clamd.d/scan.conf
------------------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogClean disabled
....................................................................................
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamd.d/scan.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"

mail/clamav-milter.conf not found

Software settings
-----------------
Version: 0.101.4
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 58, sigs: 4566249, built on Thu Jun  8 05:38:10 2017
daily.cld: version 25616, sigs: 1960147, built on Mon Oct 28 16:57:02 2019
bytecode.cld: version 331, sigs: 94, built on Fri Sep 20 00:12:33 2019
Total number of signatures: 6526490

Platform information
--------------------
uname: Linux 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a2169690800000000040805

Build information
-----------------
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-39) (4.8.5)
CPPFLAGS:
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic -fno-strict-aliasing   -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 105, dconf: 105

테스트 해 보기: 바이러스 가 함 유 된 파일 을 다운로드 하고 죽 입 니 다.
[root@nsh ~]# wget http://www.eicar.org/download/eicar_com.zip
--2019-10-29 14:32:00--  http://www.eicar.org/download/eicar_com.zip
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 184 [application/octet-stream]
Saving to: ‘eicar_com.zip’

100%[=================================================================================================================================>] 184         --.-K/s   in 0s

2019-10-29 14:32:07 (34.2 MB/s) - ‘eicar_com.zip’ saved [184/184]

[root@nsh ~]# clamscan --infected --remove --recursive .
./eicar_com.zip: Eicar-Test-Signature FOUND
./eicar_com.zip: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 6515529
Engine version: 0.101.4
Scanned directories: 3
Scanned files: 9
Infected files: 1
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 103.178 sec (1 m 43 s)

두 개의 목록 을 조사 하여 죽이다.
[root@nsh ~]# clamscan --infected --remove --recursive /home /root

----------- SCAN SUMMARY -----------
Known viruses: 6515529
Engine version: 0.101.4
Scanned directories: 4
Scanned files: 8
Infected files: 0
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 96.905 sec (1 m 36 s)

전체 시스템 검색
[root@nsh ~]# clamscan --infected --recursive --exclude-dir="^/sys" /
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes

----------- SCAN SUMMARY -----------
Known viruses: 6515529
Engine version: 0.101.4
Scanned directories: 13069
Scanned files: 61419
Infected files: 0
Data scanned: 2688.47 MB
Data read: 2923.47 MB (ratio 0.92:1)
Time: 1150.914 sec (19 m 10 s)

완성 하 다.
결론: 간단 하고 머리 가 없 지만 연구 가 필요 하 다.
  
  

좋은 웹페이지 즐겨찾기