ウィルス駆除ソフト導入
30 11 月 2007自動実行ファイルはコチラで公開しているスクリプトをそのまま使用しています。 まずClam AntiVirusをインストールする
# yum -y --enablerepo=rpmforge install clamd
Loading "installonlyn" plugin
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamd to pack into transaction set.
clamd-0.91.2-1.el5.rf.i38 100% |=========================| 6.1 kB 00:00
---> Package clamd.i386 0:0.91.2-1.el5.rf set to be updated
--> Running transaction check
--> Processing Dependency: libclamav.so.2 for package: clamd
--> Processing Dependency: clamav = 0.91.2-1.el5.rf for package: clamd
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav to pack into transaction set.
clamav-0.91.2-1.el5.rf.i3 100% |=========================| 9.7 kB 00:00
---> Package clamav.i386 0:0.91.2-1.el5.rf set to be updated
--> Running transaction check
--> Processing Dependency: clamav-db = 0.91.2-1.el5.rf for package: clamav
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav-db to pack into transaction set.
clamav-db-0.91.2-1.el5.rf 100% |=========================| 3.6 kB 00:00
---> Package clamav-db.i386 0:0.91.2-1.el5.rf set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
clamd i386 0.91.2-1.el5.rf rpmforge 81 k
Installing for dependencies:
clamav i386 0.91.2-1.el5.rf rpmforge 1.1 M
clamav-db i386 0.91.2-1.el5.rf rpmforge 10 M
Transaction Summary
=============================================================================
Install 3 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 11 M
Downloading Packages:
(1/3): clamd-0.91.2-1.el5 100% |=========================| 81 kB 00:00
(2/3): clamav-db-0.91.2-1 100% |=========================| 10 MB 02:32
(3/3): clamav-0.91.2-1.el 100% |=========================| 1.1 MB 00:20
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav-db ######################### [1/3]
Installing: clamav ######################### [2/3]
Installing: clamd ######################### [3/3]
Installed: clamd.i386 0:0.91.2-1.el5.rf
Dependency Installed: clamav.i386 0:0.91.2-1.el5.rf clamav-db.i386 0:0.91.2-1.el5.rf
Complete!
|
設定ファイルを編集する
Clamの設定ファイルを編集 # vi /etc/clamd.conf #User clamav 144行目前後 先頭に#を追加 #ArchiveBlockMax no 315行目前後 先頭に#を追加 ウィルスデータベース用設定ファイルを編集 # vi /etc/freshclam.conf DatabaseMirror db.jp.clamav.net61行目前後 確認(デフォルト) |
Clam 実行&データベース最新化
# /etc/rc.d/init.d/clamd start ウィルスソフト起動 Starting Clam AntiVirus Daemon: [ OK ] # chkconfig clamd on 自動実行に登録 # freshclam データベース最新化 ClamAV update process started at Fri Nov 23 20:47:08 2007 main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven) ERROR: getfile: daily-4016.cdiff not found on remote server (IP: 219.117.246.50) ERROR: getpatch: Can't download daily-4016.cdiff from db.jp.clamav.net ERROR: getfile: daily-4016.cdiff not found on remote server (IP: 219.117.246.50) ERROR: getpatch: Can't download daily-4016.cdiff from db.jp.clamav.net ERROR: getfile: daily-4016.cdiff not found on remote server (IP: 219.117.246.50) ERROR: getpatch: Can't download daily-4016.cdiff from db.jp.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 4890, sigs: 37086, f-level: 21, builder: aeriana) Database updated (170249 signatures) from db.jp.clamav.net (IP: 219.117.246.50) Clamd successfully notified about the update. ウィルススキャンをしてみる # clamscan --infected --remove --recursive ----------- SCAN SUMMARY ----------- Known viruses: 170249 Engine version: 0.91.2 Scanned directories: 1 Scanned files: 10 Infected files: 0 感染ファイルはなかったみたいです Data scanned: 0.02 MB Time: 4.365 sec (0 m 4 s) |
Clam 自動実行ファイル作成
# vi clamscan ← ウィルススキャン実行ファイル作成 ------------------------------ここから------------------------------ #!/bin/bash PATH=/usr/bin:/bin # clamd update yum -y --enablerepo=rpmforge update clamd > /dev/null 2>&1 # excludeopt setup excludelist=/root/clamscan.exclude if [ -s $excludelist ]; then for i in `cat $excludelist` do if [ $(echo "$i"|grep /$) ]; then i=`echo $i|sed -e 's/^([^ ]*)/$/1/p' -e d` excludeopt="${excludeopt} --exclude-dir=$i" else excludeopt="${excludeopt} --exclude=$i" fi done fi # signature update freshclam > /dev/null # virus scan CLAMSCANTMP=`mktemp` clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1 [ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && # report mail send grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root rm -f $CLAMSCANTMP ------------------------------ここまで------------------------------ 実行権を付与する # chmod +x clamscan 自動スキャンの対象外を登録する。 # echo "/proc/" >> clamscan.exclude # echo "/sys/" >> clamscan.exclude ※ウィルススキャン対象外のリストにファイルやディレクトリーを登録できる ディレクトリを登録する場合は末尾に「/」を付加する 毎日自動実行されるディレクトリへ移動させる # mv clamscan /etc/cron.daily/ |
Comments are closed.