アンチウィルスソフト導入(Clam AntiVirus)
Clam AntiVirusインストール
/etc/clamd.conf を clamd設定ファイル編集
#User clam とコメントアウトする
起動してみる
/etc/rc.d/init.d/clamd start Starting Clam AntiVirus Daemon: LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ]
clamd自動起動設定
chkconfig clamd on
ウィルス定義ファイル更新機能の有効化
sed -i ‘s/Example/#Example/g’ /etc/freshclam.conf
ウィルス定義ファイル最新化
freshclam ClamAV update process started at Mon Jul 9 01:33:45 2012 WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): OK main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Reading CVD header (daily.cvd): OK WARNING: getfile: daily-13811.cdiff not found on remote server (IP: 211.10.155.48) WARNING: getpatch: Can't download daily-13811.cdiff from db.jp.clamav.net WARNING: getfile: daily-13811.cdiff not found on remote server (IP: 203.212.42.128) WARNING: getpatch: Can't download daily-13811.cdiff from db.jp.clamav.net WARNING: getfile: daily-13811.cdiff not found on remote server (IP: 27.96.54.66) WARNING: getpatch: Can't download daily-13811.cdiff from db.jp.clamav.net WARNING: Incremental update failed, trying to download daily.cvd connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out Can't connect to port 80 of host db.jp.clamav.net (IP: 219.106.242.51) Downloading daily.cvd [100%] daily.cvd updated (version: 15117, sigs: 228019, f-level: 63, builder: guitar) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 187, sigs: 37, f-level: 63, builder: neo) Database updated (1272443 signatures) from db.jp.clamav.net (IP: 211.10.155.48) 大丈夫なのか? freshclam ClamAV update process started at Mon Jul 9 01:34:50 2012 WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): OK main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Reading CVD header (daily.cvd): OK (IMS) daily.cvd is up to date (version: 15117, sigs: 228019, f-level: 63, builder: guitar) Reading CVD header (bytecode.cvd): OK (IMS) bytecode.cvd is up to date (version: 187, sigs: 37, f-level: 63, builder: neo) 2度目でOKらしい。 ではテスト
clamscan --infected --remove --recursive ----------- SCAN SUMMARY ----------- Known viruses: 1267143 Engine version: 0.97.3 Scanned directories: 5 Scanned files: 12 Infected files: 0 Data scanned: 1.70 MB Data read: 0.57 MB (ratio 2.95:1) Time: 4.153 sec (0 m 4 s) 実行スクリプト作成
virusscan ーーーココからーーー
#!/bin/bash
PATH=/usr/bin:/bin
# clamd update
yum -y update clamd > /dev/null 2>&1
# excludeopt setup
excludelist=/root/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=^$i"
else
excludeopt="${excludeopt} --exclude=^$i"
fi
done
fi
# virus scan
CLAMSCANTMP=`mktemp`
clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
# report mail send
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
rm -f $CLAMSCANTMP
ーーーココまでーーー
chmod +x virusscan
echo "/proc/" >> clamscan.exclude
echo "/sys/" >> clamscan.exclude 移動
mv virusscan /etc/cron.daily/