clamav install
ここの記事をほぼそのまま、実行してみました。
http://centossrv.com/clamav.shtml
ありがとう、いいサイトです。
[root@cent5-64b-40 ~]# cat /tmp/yumlist | grep clam
clamav.i386 0.97.2-3.el5 epel
clamav.x86_64 0.97.2-3.el5 epel
clamav-db.x86_64 0.97.2-3.el5 epel
clamav-devel.i386 0.97.2-3.el5 epel
clamav-devel.x86_64 0.97.2-3.el5 epel
clamav-milter.x86_64 0.97.2-3.el5 epel
clamav-unofficial-sigs.noarch 3.7.1-6.el5 epel
clamd.x86_64 0.97.2-3.el5 epel
clamsmtp.x86_64 1.10-4.el5 epel
clamtk.x86_64 3.09-1.el5.rf rpmforge
clamtk.noarch 4.25-1.el5.rf rpmforge
claws-mail-plugins-clamav.x86_64 3.0.2-1.el5.rf rpmforge
fuse-clamfs.x86_64 0.9.1-2.el5.rf rpmforge
[root@cent5-64b-40 ~]# yum install clamd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: www.ftp.ne.jp
* epel: ftp.kddilabs.jp
* extras: www.ftp.ne.jp
* rpmforge: ftp-stud.fht-esslingen.de
* updates: www.ftp.ne.jp
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package clamd.x86_64 0:0.97.2-3.el5 set to be updated
--> Processing Dependency: clamav = 0.97.2-3.el5 for package: clamd
--> Processing Dependency: libclamav.so.6(CLAMAV_PRIVATE)(64bit) for package: clamd
--> Processing Dependency: libclamav.so.6(CLAMAV_PUBLIC)(64bit) for package: clamd
--> Processing Dependency: libclamav.so.6()(64bit) for package: clamd
--> Running transaction check
---> Package clamav.x86_64 0:0.97.2-3.el5 set to be updated
--> Processing Dependency: clamav-db = 0.97.2-3.el5 for package: clamav
--> Running transaction check
---> Package clamav-db.x86_64 0:0.97.2-3.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
clamd x86_64 0.97.2-3.el5 epel 182 k
Installing for dependencies:
clamav x86_64 0.97.2-3.el5 epel 11 M
clamav-db x86_64 0.97.2-3.el5 epel 29 M
Transaction Summary
================================================================================
Install 3 Package(s)
Upgrade 0 Package(s)
Total download size: 40 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): clamd-0.97.2-3.el5.x86_64.rpm | 182 kB 00:00
(2/3): clamav-0.97.2-3.el5.x86_64.rpm | 11 MB 00:01
(3/3): clamav-db-0.97.2-3.el5.x86_64.rpm | 29 MB 00:04
--------------------------------------------------------------------------------
Total 5.9 MB/s | 40 MB 00:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : clamav-db 1/3
Installing : clamav 2/3
Installing : clamd 3/3
Installed:
clamd.x86_64 0:0.97.2-3.el5
Dependency Installed:
clamav.x86_64 0:0.97.2-3.el5 clamav-db.x86_64 0:0.97.2-3.el5
Complete!
[root@cent5-64b-40 etc]# cp -pr clamd.conf clamd.conf.orig
[root@cent5-64b-40 etc]# vi clamd.conf
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 etc]# diff clamd.conf.orig clamd.conf
189c189
< User clam
---
> #User clam
[root@cent5-64b-40 etc]# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
[ OK ]
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 etc]# chkconfig clamd on
[root@cent5-64b-40 etc]# cp freshclam.conf freshclam.conf.orig
[root@cent5-64b-40 etc]# vi freshclam.conf
[root@cent5-64b-40 etc]# freshclam
ClamAV update process started at Fri Oct 7 23:10:46 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 211.10.155.48)
WARNING: getpatch: Can't download daily-13357.cdiff from db.jp.clamav.net
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 203.212.42.128)
WARNING: getpatch: Can't download daily-13357.cdiff from db.jp.clamav.net
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 120.29.176.126)
WARNING: getpatch: Can't download daily-13357.cdiff from db.jp.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 13760, sigs: 204317, f-level: 60, builder: guitar)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 145, sigs: 40, f-level: 60, builder: edwin)
Database updated (1050571 signatures) from db.jp.clamav.net (IP: 27.96.54.66)
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 etc]# clamscan --infected --remove --recursive
----------- SCAN SUMMARY -----------
Known viruses: 1049153
Engine version: 0.97.2
Scanned directories: 247
Scanned files: 1438
Infected files: 0
Data scanned: 185.93 MB
Data read: 154.52 MB (ratio 1.20:1)
Time: 63.110 sec (1 m 3 s)
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 etc]# wget http://www.eicar.org/download/eicar.com
--2011-10-07 23:13:47-- http://www.eicar.org/download/eicar.com
www.eicar.org をDNSに問いあわせています... 188.40.238.250
www.eicar.org|188.40.238.250|:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 68 [application/octet-stream]
`eicar.com' に保存中
100%[======================================>] 68 --.-K/s 時間 0s
2011-10-07 23:13:48 (4.63 MB/s) - `eicar.com' へ保存完了 [68/68]
[root@cent5-64b-40 etc]# set -o vi
[root@cent5-64b-40 etc]# wget http://www.eicar.org/download/eicar.com.txt
--2011-10-07 23:14:09-- http://www.eicar.org/download/eicar.com.txt
www.eicar.org をDNSに問いあわせています... 188.40.238.250
www.eicar.org|188.40.238.250|:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 68 [application/octet-stream]
`eicar.com.txt' に保存中
100%[======================================>] 68 --.-K/s 時間 0s
2011-10-07 23:14:10 (5.40 MB/s) - `eicar.com.txt' へ保存完了 [68/68]
[root@cent5-64b-40 etc]# wget http://www.eicar.org/download/eicar.com.zip
--2011-10-07 23:14:28-- http://www.eicar.org/download/eicar.com.zip
www.eicar.org をDNSに問いあわせています... 188.40.238.250
www.eicar.org|188.40.238.250|:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 13217 (13K) [text/html]
`eicar.com.zip' に保存中
100%[======================================>] 13,217 21.6K/s 時間 0.6s
2011-10-07 23:14:29 (21.6 KB/s) - `eicar.com.zip' へ保存完了 [13217/13217]
[root@cent5-64b-40 etc]# clamscan --infected --remove --recursive
/etc/eicar.com.txt: Eicar-Test-Signature FOUND
/etc/eicar.com.txt: Removed.
/etc/eicar.com: Eicar-Test-Signature FOUND
/etc/eicar.com: Removed.
----------- SCAN SUMMARY -----------
Known viruses: 1049153
Engine version: 0.97.2
Scanned directories: 247
Scanned files: 1441
Infected files: 2
Data scanned: 185.94 MB
Data read: 154.54 MB (ratio 1.20:1)
Time: 92.449 sec (1 m 32 s)
[root@cent5-64b-40 etc]#
[root@cent5-64b-40 ~]# vi clamscan
[root@cent5-64b-40 ~]# cat /etc/cron.daily/clamscan
#!/bin/bash
PATH=/usr/bin:/bin
# clamd update
yum -y update clamd > /dev/null 2>&1
# excludeopt setup
#excludelist=/root/clamscan.exclude
excludelist=/etc/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=^$i"
else
excludeopt="${excludeopt} --exclude=^$i"
fi
done
fi
# signature update
freshclam > /dev/null
# virus scan
CLAMSCANTMP=`mktemp`
echo "CLAMSCANTMP : $CLAMSCANTMP generated"
echo "excludeopt : $excludeopt .. these will be skipped"
clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
# report mail send
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
rm -f $CLAMSCANTMP
[root@cent5-64b-40 ~]# chmod +x clamscan
[root@cent5-64b-40 ~]#
[root@cent5-64b-40 ~]# echo "/proc/" > clamscan.exclude
[root@cent5-64b-40 ~]# echo "/sys/" >> clamscan.exclude
[root@cent5-64b-40 ~]#
[root@cent5-64b-40 ~]# mv clamscan /etc/cron.daily/
[root@cent5-64b-40 ~]# /etc/cron.daily/clamscan
