◆Clam AntiVirus導入
アンチウイルスソフトを入れてみる。
以下、作業ログです。
[root@bobchan ~]# yum -y install clamd
Failed to set locale, defaulting to C
Loaded plugins: downloadonly, fastestmirror, priorities, versionlock
Loading mirror speeds from cached hostfile
* addons: ftp.tsukuba.wide.ad.jp
* base: ftp.tsukuba.wide.ad.jp
* extras: ftp.tsukuba.wide.ad.jp
* rpmforge: ftp-stud.fht-esslingen.de
* updates: ftp.tsukuba.wide.ad.jp
81 packages excluded due to repository priority protections
Reading version lock configuration
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package clamd.i386 0:0.96.5-1.el5.rf set to be updated
--> Processing Dependency: clamav = 0.96.5-1.el5.rf for package: clamd
--> Processing Dependency: libclamav.so.6(CLAMAV_PRIVATE) for package: clamd
--> Processing Dependency: libclamav.so.6(CLAMAV_PUBLIC) for package: clamd
--> Processing Dependency: libclamav.so.6 for package: clamd
--> Running transaction check
---> Package clamav.i386 0:0.96.5-1.el5.rf set to be updated
--> Processing Dependency: clamav-db for package: clamav
--> Running transaction check
---> Package clamav-db.i386 0:0.96.5-1.el5.rf set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================
Installing:
clamd i386 0.96.5-1.el5.rf rpmforge 236 k
Installing for dependencies:
clamav i386 0.96.5-1.el5.rf rpmforge 2.2 M
clamav-db i386 0.96.5-1.el5.rf rpmforge 25 M
Transaction Summary
======================================================================================================================================================
Install 3 Package(s)
Upgrade 0 Package(s)
Total download size: 28 M
Downloading Packages:
(1/3): clamd-0.96.5-1.el5.rf.i386.rpm | 236 kB 00:02
(2/3): clamav-0.96.5-1.el5.rf.i386.rpm | 2.2 MB 00:13
(3/3): clamav-db-0.96.5-1.el5.rf.i386.rpm | 25 MB 01:32
------------------------------------------------------------------------------------------------------------------------------------------------------
Total 256 kB/s | 28 MB 01:50
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : clamav-db 1/3
Installing : clamav 2/3
Installing : clamd 3/3
Installed:
clamd.i386 0:0.96.5-1.el5.rf
Dependency Installed:
clamav.i386 0:0.96.5-1.el5.rf clamav-db.i386 0:0.96.5-1.el5.rf
Complete!
[root@bobchan ~]# vi /etc/clamd.conf
変更前
User clamav
変更後
#User clamav
[root@bobchan ~]# /etc/rc.d/init.d/clamd start
Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
[ OK ]
[root@bobchan ~]# chkconfig clamd on
[root@bobchan ~]# chkconfig --list clamd
clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@bobchan ~]# sed -i 's/Example/#Example/g' /etc/freshclam.conf
[root@bobchan ~]# freshclam
ClamAV update process started at Thu Jan 20 23:41:11 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-12341.cdiff not found on remote server (IP: 211.10.155.48)
WARNING: getpatch: Can't download daily-12341.cdiff from db.jp.clamav.net
WARNING: getfile: daily-12341.cdiff not found on remote server (IP: 219.94.128.99)
WARNING: getpatch: Can't download daily-12341.cdiff from db.jp.clamav.net
WARNING: getfile: daily-12341.cdiff not found on remote server (IP: 219.106.242.51)
WARNING: getpatch: Can't download daily-12341.cdiff from db.jp.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 12551, sigs: 32850, f-level: 58, builder: ccordes)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 122, sigs: 30, f-level: 58, builder: edwin)
Database updated (879094 signatures) from db.jp.clamav.net (IP: 203.178.137.175)
Clamd successfully notified about the update.
[root@bobchan ~]# clamscan --infected --remove --recursive
----------- SCAN SUMMARY -----------
Known viruses: 877842
Engine version: 0.96.5
Scanned directories: 1
Scanned files: 13
Infected files: 0
Data scanned: 0.06 MB
Data read: 0.06 MB (ratio 1.07:1)
Time: 11.426 sec (0 m 11 s)
[root@bobchan ~]# wget http://www.eicar.org/download/eicar.com
--2011-01-20 23:44:26-- http://www.eicar.org/download/eicar.com
Resolving www.eicar.org
... 188.40.238.250
Connecting to www.eicar.org|188.40.238.250|:80
... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/x-msdos-program]
Saving to: `eicar.com'
100%[============================================================================================================>] 68 --.-K/s in 0s
2011-01-20 23:44:27 (3.05 MB/s) - `eicar.com' saved [68/68]
[root@bobchan ~]# wget http://www.eicar.org/download/eicar.com.txt
--2011-01-20 23:44:33-- http://www.eicar.org/download/eicar.com.txt
Resolving www.eicar.org
... 188.40.238.250
Connecting to www.eicar.org|188.40.238.250|:80
... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [text/plain]
Saving to: `eicar.com.txt'
100%[============================================================================================================>] 68 --.-K/s in 0s
2011-01-20 23:44:34 (3.11 MB/s) - `eicar.com.txt' saved [68/68]
[root@bobchan ~]# wget http://www.eicar.org/download/eicar_com.zip
--2011-01-20 23:44:39-- http://www.eicar.org/download/eicar_com.zip
Resolving www.eicar.org
... 188.40.238.250
Connecting to www.eicar.org|188.40.238.250|:80
... connected.
HTTP request sent, awaiting response... 200 OK
Length: 184 [application/zip]
Saving to: `eicar_com.zip'
100%[============================================================================================================>] 184 --.-K/s in 0s
2011-01-20 23:44:40 (5.72 MB/s) - `eicar_com.zip' saved [184/184]
[root@bobchan ~]# wget http://www.eicar.org/download/eicarcom2.zip
--2011-01-20 23:44:45-- http://www.eicar.org/download/eicarcom2.zip
Resolving www.eicar.org
... 188.40.238.250
Connecting to www.eicar.org|188.40.238.250|:80
... connected.
HTTP request sent, awaiting response... 200 OK
Length: 308 [application/zip]
Saving to: `eicarcom2.zip'
100%[============================================================================================================>] 308 --.-K/s in 0s
2011-01-20 23:44:46 (12.8 MB/s) - `eicarcom2.zip' saved [308/308]
[root@bobchan ~]# clamscan --infected --remove --recursive
/root/eicar.com.txt: Eicar-Test-Signature FOUND
/root/eicar.com.txt: Removed.
/root/eicar_com.zip: Eicar-Test-Signature FOUND
/root/eicar_com.zip: Removed.
/root/eicar.com: Eicar-Test-Signature FOUND
/root/eicar.com: Removed.
/root/eicarcom2.zip: Eicar-Test-Signature FOUND
/root/eicarcom2.zip: Removed.
----------- SCAN SUMMARY -----------
Known viruses: 877842
Engine version: 0.96.5
Scanned directories: 1
Scanned files: 21
Infected files: 4
Data scanned: 0.06 MB
Data read: 0.07 MB (ratio 0.84:1)
Time: 11.367 sec (0 m 11 s)
[root@bobchan ~]# vi clamscan
#!/bin/bash
PATH=/usr/bin:/bin
# clamd update
yum -y update clamd > /dev/null 2>&1
# excludeopt setup
excludelist=/root/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=$i"
else
excludeopt="${excludeopt} --exclude=$i"
fi
done
fi
# signature update
freshclam > /dev/null
# virus scan
CLAMSCANTMP=`mktemp`
clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
# report mail send
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
rm -f $CLAMSCANTMP
[root@bobchan ~]# chmod +x clamscan
[root@bobchan ~]# mv clamscan /etc/cron.daily/.