Clam AntiVirusをインストする
元ネタはここ。
(1)パッケージをインスト。
# yum -y install clamd
(2)設定を編集。
/etc/clamd.conf
#User clamav
(3)サービス実行。※元ネタと若干替わっている。
# /etc/rc.d/init.d/clamd start
Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
[ OK ]
(4)自動実行を設定。※元ネタと若干替わっている。
# chkconfig clamd on
# chkconfig –list clamd
clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(5)ウィルス定義ファイル更新機能の有効化し実行してみる
# sed -i ‘s/Example/#Example/g’ /etc/freshclam.conf
# freshclam
・・・
bytecode.cvd updated (version: 163, sigs: 39, f-level: 63, builder: edwin)
Database updated (1120560 signatures) from db.jp.clamav.net (IP: 203.212.42.128)
(6)一応テストしてみる
# clamscan –infected –remove –recursive
———– SCAN SUMMARY ———–
Known viruses: 1119275
Engine version: 0.97.3
Scanned directories: 1
Scanned files: 10
Infected files: 0
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 2.00:1)
Time: 11.014 sec (0 m 11 s)
(7)スキャンスプリプトをcromに登録しておく
/root/clamscan
#!/bin/bash
PATH=/usr/bin:/bin
# clamd update
yum -y update clamd > /dev/null 2>&1
# excludeopt setup
excludelist=/
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo “$i”|grep \/$) ]; then
i=`echo $i|sed -e ‘s/^\([^ ]*\)\/$/\1/p’ -e d`
excludeopt=”${excludeopt} –exclude-dir=^$i”
else
excludeopt=”${excludeopt} –exclude=^$i”
fi
done
fi
# signature update
freshclam > /dev/null
# virus scan
CLAMSCANTMP=`mktemp`
clamscan –recursive –remove ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z “$(grep FOUND$ $CLAMSCANTMP)” ] && \
# report mail send
grep FOUND$ $CLAMSCANTMP | mail -s “Virus Found in `hostname`” root
rm -f $CLAMSCANTMP
# chmod +x clamscan
# echo “/proc/” >> clamscan.exclude
# echo “/sys/” >> clamscan.exclude
# mv clamscan /etc/cron.daily/