clamav install
ここの記事をほぼそのまま、実行してみました。
http://centossrv.com/clamav.shtml
ありがとう、いいサイトです。
[root@cent5-64b-40 ~]# cat /tmp/yumlist | grep clam clamav.i386 0.97.2-3.el5 epel clamav.x86_64 0.97.2-3.el5 epel clamav-db.x86_64 0.97.2-3.el5 epel clamav-devel.i386 0.97.2-3.el5 epel clamav-devel.x86_64 0.97.2-3.el5 epel clamav-milter.x86_64 0.97.2-3.el5 epel clamav-unofficial-sigs.noarch 3.7.1-6.el5 epel clamd.x86_64 0.97.2-3.el5 epel clamsmtp.x86_64 1.10-4.el5 epel clamtk.x86_64 3.09-1.el5.rf rpmforge clamtk.noarch 4.25-1.el5.rf rpmforge claws-mail-plugins-clamav.x86_64 3.0.2-1.el5.rf rpmforge fuse-clamfs.x86_64 0.9.1-2.el5.rf rpmforge [root@cent5-64b-40 ~]# yum install clamd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: www.ftp.ne.jp * epel: ftp.kddilabs.jp * extras: www.ftp.ne.jp * rpmforge: ftp-stud.fht-esslingen.de * updates: www.ftp.ne.jp Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package clamd.x86_64 0:0.97.2-3.el5 set to be updated --> Processing Dependency: clamav = 0.97.2-3.el5 for package: clamd --> Processing Dependency: libclamav.so.6(CLAMAV_PRIVATE)(64bit) for package: clamd --> Processing Dependency: libclamav.so.6(CLAMAV_PUBLIC)(64bit) for package: clamd --> Processing Dependency: libclamav.so.6()(64bit) for package: clamd --> Running transaction check ---> Package clamav.x86_64 0:0.97.2-3.el5 set to be updated --> Processing Dependency: clamav-db = 0.97.2-3.el5 for package: clamav --> Running transaction check ---> Package clamav-db.x86_64 0:0.97.2-3.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: clamd x86_64 0.97.2-3.el5 epel 182 k Installing for dependencies: clamav x86_64 0.97.2-3.el5 epel 11 M clamav-db x86_64 0.97.2-3.el5 epel 29 M Transaction Summary ================================================================================ Install 3 Package(s) Upgrade 0 Package(s) Total download size: 40 M Is this ok [y/N]: y Downloading Packages: (1/3): clamd-0.97.2-3.el5.x86_64.rpm | 182 kB 00:00 (2/3): clamav-0.97.2-3.el5.x86_64.rpm | 11 MB 00:01 (3/3): clamav-db-0.97.2-3.el5.x86_64.rpm | 29 MB 00:04 -------------------------------------------------------------------------------- Total 5.9 MB/s | 40 MB 00:06 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : clamav-db 1/3 Installing : clamav 2/3 Installing : clamd 3/3 Installed: clamd.x86_64 0:0.97.2-3.el5 Dependency Installed: clamav.x86_64 0:0.97.2-3.el5 clamav-db.x86_64 0:0.97.2-3.el5 Complete! [root@cent5-64b-40 etc]# cp -pr clamd.conf clamd.conf.orig [root@cent5-64b-40 etc]# vi clamd.conf [root@cent5-64b-40 etc]# [root@cent5-64b-40 etc]# [root@cent5-64b-40 etc]# diff clamd.conf.orig clamd.conf 189c189 < User clam --- > #User clam [root@cent5-64b-40 etc]# /etc/init.d/clamd start Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned". LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ] [root@cent5-64b-40 etc]# [root@cent5-64b-40 etc]# chkconfig clamd on [root@cent5-64b-40 etc]# cp freshclam.conf freshclam.conf.orig [root@cent5-64b-40 etc]# vi freshclam.conf [root@cent5-64b-40 etc]# freshclam ClamAV update process started at Fri Oct 7 23:10:46 2011 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 211.10.155.48) WARNING: getpatch: Can't download daily-13357.cdiff from db.jp.clamav.net WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 203.212.42.128) WARNING: getpatch: Can't download daily-13357.cdiff from db.jp.clamav.net WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 120.29.176.126) WARNING: getpatch: Can't download daily-13357.cdiff from db.jp.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 13760, sigs: 204317, f-level: 60, builder: guitar) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 145, sigs: 40, f-level: 60, builder: edwin) Database updated (1050571 signatures) from db.jp.clamav.net (IP: 27.96.54.66) [root@cent5-64b-40 etc]# [root@cent5-64b-40 etc]# [root@cent5-64b-40 etc]# clamscan --infected --remove --recursive ----------- SCAN SUMMARY ----------- Known viruses: 1049153 Engine version: 0.97.2 Scanned directories: 247 Scanned files: 1438 Infected files: 0 Data scanned: 185.93 MB Data read: 154.52 MB (ratio 1.20:1) Time: 63.110 sec (1 m 3 s) [root@cent5-64b-40 etc]# [root@cent5-64b-40 etc]# wget http://www.eicar.org/download/eicar.com --2011-10-07 23:13:47-- http://www.eicar.org/download/eicar.com www.eicar.org をDNSに問いあわせています... 188.40.238.250 www.eicar.org|188.40.238.250|:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 68 [application/octet-stream] `eicar.com' に保存中 100%[======================================>] 68 --.-K/s 時間 0s 2011-10-07 23:13:48 (4.63 MB/s) - `eicar.com' へ保存完了 [68/68] [root@cent5-64b-40 etc]# set -o vi [root@cent5-64b-40 etc]# wget http://www.eicar.org/download/eicar.com.txt --2011-10-07 23:14:09-- http://www.eicar.org/download/eicar.com.txt www.eicar.org をDNSに問いあわせています... 188.40.238.250 www.eicar.org|188.40.238.250|:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 68 [application/octet-stream] `eicar.com.txt' に保存中 100%[======================================>] 68 --.-K/s 時間 0s 2011-10-07 23:14:10 (5.40 MB/s) - `eicar.com.txt' へ保存完了 [68/68] [root@cent5-64b-40 etc]# wget http://www.eicar.org/download/eicar.com.zip --2011-10-07 23:14:28-- http://www.eicar.org/download/eicar.com.zip www.eicar.org をDNSに問いあわせています... 188.40.238.250 www.eicar.org|188.40.238.250|:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 13217 (13K) [text/html] `eicar.com.zip' に保存中 100%[======================================>] 13,217 21.6K/s 時間 0.6s 2011-10-07 23:14:29 (21.6 KB/s) - `eicar.com.zip' へ保存完了 [13217/13217] [root@cent5-64b-40 etc]# clamscan --infected --remove --recursive /etc/eicar.com.txt: Eicar-Test-Signature FOUND /etc/eicar.com.txt: Removed. /etc/eicar.com: Eicar-Test-Signature FOUND /etc/eicar.com: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 1049153 Engine version: 0.97.2 Scanned directories: 247 Scanned files: 1441 Infected files: 2 Data scanned: 185.94 MB Data read: 154.54 MB (ratio 1.20:1) Time: 92.449 sec (1 m 32 s) [root@cent5-64b-40 etc]# [root@cent5-64b-40 ~]# vi clamscan [root@cent5-64b-40 ~]# cat /etc/cron.daily/clamscan #!/bin/bash PATH=/usr/bin:/bin # clamd update yum -y update clamd > /dev/null 2>&1 # excludeopt setup #excludelist=/root/clamscan.exclude excludelist=/etc/clamscan.exclude if [ -s $excludelist ]; then for i in `cat $excludelist` do if [ $(echo "$i"|grep \/$) ]; then i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d` excludeopt="${excludeopt} --exclude-dir=^$i" else excludeopt="${excludeopt} --exclude=^$i" fi done fi # signature update freshclam > /dev/null # virus scan CLAMSCANTMP=`mktemp` echo "CLAMSCANTMP : $CLAMSCANTMP generated" echo "excludeopt : $excludeopt .. these will be skipped" clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1 [ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \ # report mail send grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root rm -f $CLAMSCANTMP [root@cent5-64b-40 ~]# chmod +x clamscan [root@cent5-64b-40 ~]# [root@cent5-64b-40 ~]# echo "/proc/" > clamscan.exclude [root@cent5-64b-40 ~]# echo "/sys/" >> clamscan.exclude [root@cent5-64b-40 ~]# [root@cent5-64b-40 ~]# mv clamscan /etc/cron.daily/ [root@cent5-64b-40 ~]# /etc/cron.daily/clamscan