¥¦¥£¥ë¥¹ÂÐºö(Clam Antivirus)

2010, 04, 02

Clam Antivirus¤ÏGPL¥é¥¤¥»¥ó¥¹¤Ë½¾¤Ã¤ÆÍøÍÑ¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¥ª¡¼¥×¥ó¥½¡¼¥¹¤Î¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¢¤ê¡¢Linux¤äBSD¡¢Mac OS X¤Ê¤É³Æ¼ïUNIX·Ï¤Î¥·¥¹¥Æ¥à¤ÇÆ°ºî¤¹¤ë¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¡£¤·¤«¤·yum¤Ç¤Ï¤Ê¤«¤Ê¤«ºÇ¿·ÈÇ¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤µ¤ì¤Ê¤¤¤Î¤Çwget¤Ç¥½¡¼¥¹¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Ë¤¹¤ë¡£

¢£¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Îclamav¤¬¤¢¤ë¾ì¹ç¤Ï¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ª¤¯

¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ëÍÑ¤Ë¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Æ¤¢¤Ã¤¿¥â¥¸¥å¡¼¥ë¤òÅ¸³«¡£
[root@server ~]# tar zxvf clamav-0.95.3_self.tar.gz

clamav-0.95.3¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ø°ÜÆ°
[root@server ~]# cd clamav-0.95.3

clamav-0.95.3¤Î¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë
[root@server clamav-0.95.3]# make uninstall

clamav-0.95.3¤Î¥Õ¥¡¥¤¥ë¤È¥Ç¥£¥ì¥¯¥È¥ê¡¼¤òºï½ü
[root@server clamav-0.95.3]# cd
[root@server ~]# rm -f clamav-0.95.3_self.tar.gz
[root@server ~]# rm -rf clamav-0.95.3

¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Î¥Ç¥£¥ì¥¯¥È¥ê¡¼¤Îºï½ü
[root@server ~]# rm -rf /usr/local/clamav

¢£¥æ¡¼¥¶¤È¥°¥ë¡¼¥×¤ÎºîÀ®

clamav¤Ï¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëÁ°¤Ë
¡Öclamav¡×¤È¤¤¤¦Ì¾Á°¤Î¥æ¡¼¥¶¤È¥°¥ë¡¼¥×¤òºîÀ®¤·¤Æ¤ª¤¯É¬Í×¤¬¤¢¤ë¡£
[root@linux ~]# groupadd clamav
[root@linux ~]# useradd -g clamav -s /bin/false clamav

¢£ºÇ¿·ÈÇ¤ÎClamAV¤ò¥À¥¦¥ó¥í¡¼¥É¡¡¡ÊºÇ¿·ÈÇ¤Ï¸ø¼°¥µ¥¤¥È¤Ç³ÎÇ§¤Ç¤¤ë¡Ë

[root@server ~]# wget http://downloads.sourceforge.net/clamav/clamav-0.96.tar.gz
--2010-04-02 06:55:13--  http://downloads.sourceforge.net/clamav/clamav-0.96.tar.gz
downloads.sourceforge.net ¤òDNS¤ËÌä¤¤¤¢¤ï¤»¤Æ¤¤¤Þ¤¹... 216.34.181.59
downloads.sourceforge.net|216.34.181.59|:80 ¤ËÀÜÂ³¤·¤Æ¤¤¤Þ¤¹... ÀÜÂ³¤·¤Þ¤·¤¿¡£
HTTP ¤Ë¤è¤ëÀÜÂ³Í×µá¤òÁ÷¿®¤·¤Þ¤·¤¿¡¢±þÅú¤òÂÔ¤Ã¤Æ¤¤¤Þ¤¹... 302 Found
¾ì½ê: http://jaist.dl.sourceforge.net/project/clamav/clamav/0.96/clamav-0.96.tar.gz [Â³¤¯]
--2010-04-02 06:55:14--  http://jaist.dl.sourceforge.net/project/clamav/clamav/0.96/clamav-0.96.tar.gz
jaist.dl.sourceforge.net ¤òDNS¤ËÌä¤¤¤¢¤ï¤»¤Æ¤¤¤Þ¤¹... 150.65.7.130
jaist.dl.sourceforge.net|150.65.7.130|:80 ¤ËÀÜÂ³¤·¤Æ¤¤¤Þ¤¹... ÀÜÂ³¤·¤Þ¤·¤¿¡£
HTTP ¤Ë¤è¤ëÀÜÂ³Í×µá¤òÁ÷¿®¤·¤Þ¤·¤¿¡¢±þÅú¤òÂÔ¤Ã¤Æ¤¤¤Þ¤¹... 200 OK
Ä¹¤µ: 39792593 (38M) [application/x-gzip]
`clamav-0.96.tar.gz' ¤ËÊÝÂ¸Ãæ

100%[==========================================================>] 39,792,593  4.76M/s »þ´Ö 9.4s

2010-04-02 06:55:23 (4.05 MB/s) - `clamav-0.96.tar.gz' ¤ØÊÝÂ¸´°Î» [39792593/39792593]

clamav-0.96¤òÅ¸³«
[root@server ~]# tar zxvf clamav-0.96.tar.gz

¥À¥¦¥ó¥í¡¼¥É¤·¤¿¥Õ¥¡¥¤¥ë¤òºï½ü
[root@server ~]# rm -f clamav-0.96.tar.gz

clamav-0.96¥Ç¥£¥ì¥¯¥È¥ê¡¼¤Ø°ÜÆ°
[root@server ~]# cd clamav-0.96

Makefile¤ò¼«Æ°ºîÀ®¤¹¤ë¤¿¤á¤Î¥Ä¡¼¥ë¡Öconfigure¡×¤ò¼Â¹Ô¡£
[root@server clamav-0.96]# ./configure --prefix=/usr/local/clamav

make¤ò¼Â¹Ô¤·¡¢clamav¤ò¥¤¥ó¥¹¥È¡¼¥ë
[root@server clamav-0.96]# make
[root@server clamav-0.96]# make install

¢£¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ëÍÑ¤Ë¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Æ¤ª¤¯

[root@server clamav-0.96]# cd
[root@server ~]# tar cvf clamav-0.96_self.tar ./clamav-0.96
[root@server ~]# gzip clamav-0.96_self.tar

¢£ÀßÄê¥Õ¥¡¥¤¥ëÊÑ¹¹
¥¤¥ó¥¹¥È¡¼¥ë¤¬Àµ¾ï¤Ë´°Î»¤·¤¿¤é¤Þ¤º¡¢Æó¤Ä¤ÎÀßÄê¥Õ¥¡¥¤¥ë
/usr/local/clamav/etc/freshclam.conf
/usr/local/clamav/etc/clamd.conf
¤ò¥¨¥Ç¥£¥¿¤Ç³«¤Example¤È½ñ¤«¤ì¤¿¹Ô¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤·¡¢ÊÝÂ¸¡£

[root@server ~]# vi /usr/local/clamav/etc/freshclam.conf

# Comment or remove the line below.
Example
¢
#Example

[root@server ~]# vi /usr/local/clamav/etc/clamd.conf

# Comment or remove the line below.
Example
¢
#Example

¢£¡Öfreshclam¡×¤ò»ÈÍÑ¤·¤ÆVirusDB¤ò¥¢¥Ã¥×¥Ç¡¼¥È

[root@server ~]# /usr/local/clamav/bin/freshclam
ClamAV update process started at Fri Apr  2 07:16:41 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
Downloading daily-10678.cdiff [100%]
Downloading daily-10679.cdiff [100%]
Downloading daily-10680.cdiff [100%]
Downloading daily-10681.cdiff [100%]
Downloading daily-10682.cdiff [100%]
Downloading daily-10683.cdiff [100%]
Downloading daily-10684.cdiff [100%]
Downloading daily-10685.cdiff [100%]
Downloading daily-10686.cdiff [100%]
Downloading daily-10687.cdiff [100%]
Downloading daily-10688.cdiff [100%]
Downloading daily-10689.cdiff [100%]
Downloading daily-10690.cdiff [100%]
Downloading daily-10691.cdiff [100%]
daily.cld updated (version: 10691, sigs: 49537, f-level: 44, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 5, sigs: 2, f-level: 44, builder: nervous)
Database updated (754266 signatures) from database.clamav.net (IP: 193.1.193.64)

¢£¥¦¥£¥ë¥¹¥¹¥¥ã¥ó³ÎÇ§¡Ê/etc/passwd¤ò¥¹¥¥ã¥ó¤·¤Æ¤ß¤ë¡Ë

[root@server ~]# /usr/local/clamav/bin/clamscan --infected --remove --recursive /etc/passwd

----------- SCAN SUMMARY -----------
Known viruses: 753570
Engine version: 0.96
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 3.654 sec (0 m 3 s)

version: 0.96¤Ç¥¹¥¥ã¥ó¤µ¤ì¤Æ¤ë¤³¤È¤ò³ÎÇ§

¢£Clam AntiVirus¤ÎÄê´ü¼«Æ°¼Â¹ÔÀßÄê

ËèÆü¼«Æ°Åª¤Ë¥¦¥£¥ë¥¹ÄêµÁ¥Õ¥¡¥¤¥ëºÇ¿·²½¤·¤Æ¡¢Á´¤Æ¤Î¥Õ¥¡¥¤¥ë¤Î¥¦¥£¥ë¥¹¥¹¥¥ã¥ó¤ò¹Ô¤¦¥¹¥×¥ê¥¯¥È¤ÎºîÀ® 
[root@linux ~]# vi clamav.sh
#!/bin/bash

PATH=/usr/bin:/bin
# excludelist
excludelist=/root/clamscan.exclude

if [ -s $excludelist ]; then
    for i in `cat $excludelist`
    do
        if [ $(echo "$i"|grep \/$) ]; then
            i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
            excludeopt="${excludeopt} --exclude-dir=$i"
        else
            excludeopt="${excludeopt} --exclude=$i"
        fi
    done
fi
CLAMSCANTMP=`mktemp`
/usr/local/clamav/bin/freshclam > /dev/null
/usr/local/clamav/bin/clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
rm -f $CLAMSCANTMP

¢£Clam AntiVirusÄê´ü¼«Æ°¼Â¹Ô¥¹¥¯¥ê¥×¥È¤Ë¼Â¹Ô¸¢¸ÂÉÕ²Ã

[root@linux ~]# chmod 700 clamav.sh

¢£cronÊÔ½¸

[root@linux ~]# crontab -e
00 03 * * * /root/clamav.sh¡¡¢«¡¡ÄÉ²Ã(ËèÆü3:00¤ËClam AntiVirus¤ÎÄê´ü¼«Æ°¼Â¹Ô)

¢£¥¹¥¥ã¥ó½ü³°ÀßÄê

backup¥Ç¥£¥ì¥¯¥È¥ê¤ò¥¹¥¥ã¥óÂÐ¾Ý³°¤Ë¤¹¤ë¤è¤¦¤ËÀßÄê
[root@linux ~]# echo "/backup/" >> clamscan.exclude

¢¥ ¥Ú¡¼¥¸¥È¥Ã¥×¤Ø

« Prev item - Next item »
-------------------

Comments

No comments yet. You can be the first!

Leave comment

¤¢¤Ë¤ç¤Î¼«Âð¥µ¡¼¥Ð¹½ÃÛ¥á¥â¡ÊCentOS¡Ë

Search

Categories

Links

¥¦¥£¥ë¥¹ÂÐºö(Clam Antivirus)

Comments

Leave comment