[ Server ][ CentOS7 ] ClamAV AntiVirus install > Linux

본문 바로가기
사이트 내 전체검색

Linux

[ Server ][ CentOS7 ] ClamAV AntiVirus install

페이지 정보

작성자 웹지기 쪽지보내기 메일보내기 자기소개 아이디로 검색 전체게시물 댓글 0건 조회 98회 작성일 19-09-03 14:46

본문

Notes on ClamAV AntiVirus

CentOS 7 VM notes:
Set /etc/clamd.d/scan.conf “MaxThreads” to 1 (default is 10) to avoid too much CPU usage upon reboot

CentOS 7 issues:
https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/ 
http://linux-audit.com/install-clamav-on-centos-7-using-freshclam/

If not CentOS7, start with this procedure - or see steps listed below: 
http://www.centosblog.com/how-to-install-clamav-and-configure-daily-scanning-on-centos/

Other links: 
http://www.clamav.net/
http://tboxmy.blogspot.com/2013/06/install-clamav-antivirus-on-centos.html
http://tboxmy.blogspot.com/2013/06/install-yum-repo-for-centos.html
http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html

Steps done as root on local linux box:

Notes:

  • Make sure the “epel” yum repository is installed first
  • Using the “rpmforge” repository resulted in conflicting clam vs clamav users
  • The “clamav-milter” package is only for sendmail scanning on send

yum install clamav clamav-db clamav-devel clamav-milter clamd

chkconfig –list |grep clam (should see results for “clamav-milter” and “clamd”)

chkconfig clamav-milter on

chkconfig clamd on

service clamd start

service clamav-milter start

freshclam (to update)

run a recursive scan: clamscan -r -l scan.txt /path/to/dir

Set up crons (credit Devon Hillard):

/etc/cron.hourly/clamscan_hourly

#!/bin/bash
# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="USER@DOMAIN"
# Log location
LOG=/var/log/clamav/scan.log
echo "" >> ${LOG}
echo "***Start /etc/cron.hourly/clamscan_hourly at `date`" >> ${LOG}
check_scan () {
    # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
    if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: root@`hostname`" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
        echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
        #sendmail -t < ${EMAILMESSAGE}
        /usr/bin/mutt -s "${SUBJECT}" $EMAIL < ${EMAILMESSAGE}
    fi
}
find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
echo "***End /etc/cron.hourly/clamscan_hourly at `date`" >> ${LOG}
echo "" >> ${LOG}

/etc/cron.daily/clamscan_daily

#!/bin/bash
# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="USER@DOMAIN"
# Log location
LOG=/var/log/clamav/scan.log
echo "" >> ${LOG}
echo "***Start /etc/cron.daily/clamscan_daily at `date`" >> ${LOG}
check_scan () {
    # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
    if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: root@`hostname`" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
        echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
        #sendmail -t < ${EMAILMESSAGE}
        /usr/bin/mutt -s "${SUBJECT}" $EMAIL < ${EMAILMESSAGE}
    fi
}
clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
echo "***End /etc/cron.daily/clamscan_daily at `date`" >> ${LOG}
echo "" >> ${LOG}

Make sure that the new cron files are set to executable (chmod +x)

Remember that email from crons will require setup (see GMail on Linux with SSMTP)

Test that clamd runs upon a reboot (it should)

Clamav may report errors in the scan logs if SELinux is set to enforcing; some files cannot be checked even as root.

Check /var/log/clamav for log files updating; freshclam failed on one box because log files had bad permissions. User “clam” and user “clamav” seemed to conflict, and another box only had user clam, not both. This can happen when the clamd RPM and the clamav RPM come from different sources. The following recommendations are what are used in my VM distributions of ZendTo. There are 2 usernames involved: “clam” and “clamav”.

The following is all based on the line

User clam

appearing in the file /etc/clamd.conf

More info: http://zend.to/clamavpermissions.php

Fix: Disable rpmforge in /etc/yum.repos.d/ directory

Other scripts: https://www.annasseh.info/knowledgebase/30/Install-ClamAV--on-CentOS-6---64-bit-plus-Configure-Daily-Scanning.html

추천0 비추천0

댓글목록

등록된 댓글이 없습니다.

Total 82건 1 페이지
게시물 검색

회원로그인

접속자집계

오늘
103
어제
359
최대
359
전체
70,100

그누보드5
Copyright © funyphp.com. All rights reserved.