[ Server ][ CentOS7 ] ClamAV AntiVirus install
페이지 정보
작성자 웹지기 댓글 0건 조회 9,244회 작성일 19-09-03 14:46본문
Notes on ClamAV AntiVirus
CentOS 7 VM notes:
Set /etc/clamd.d/scan.conf “MaxThreads” to 1 (default is 10) to avoid too much CPU usage upon reboot
CentOS 7 issues:
https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/
http://linux-audit.com/install-clamav-on-centos-7-using-freshclam/
If not CentOS7, start with this procedure - or see steps listed below:
http://www.centosblog.com/how-to-install-clamav-and-configure-daily-scanning-on-centos/
Other links:
http://www.clamav.net/
http://tboxmy.blogspot.com/2013/06/install-clamav-antivirus-on-centos.html
http://tboxmy.blogspot.com/2013/06/install-yum-repo-for-centos.html
http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html
Steps done as root on local linux box:
Notes:
-
Make sure the “epel” yum repository is installed first
-
Using the “rpmforge” repository resulted in conflicting clam vs clamav users
-
The “clamav-milter” package is only for sendmail scanning on send
yum install clamav clamav-db clamav-devel clamav-milter clamd
chkconfig –list |grep clam (should see results for “clamav-milter” and “clamd”)
chkconfig clamav-milter on
chkconfig clamd on
service clamd start
service clamav-milter start
freshclam (to update)
run a recursive scan: clamscan -r -l scan.txt /path/to/dir
Set up crons (credit Devon Hillard):
/etc/cron.hourly/clamscan_hourly
#!/bin/bash # email subject SUBJECT="VIRUS DETECTED ON `hostname`!!!" # Email To ? EMAIL="USER@DOMAIN" # Log location LOG=/var/log/clamav/scan.log echo "" >> ${LOG} echo "***Start /etc/cron.hourly/clamscan_hourly at `date`" >> ${LOG} check_scan () { # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem. if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ] then EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: root@`hostname`" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE} #sendmail -t < ${EMAILMESSAGE} /usr/bin/mutt -s "${SUBJECT}" $EMAIL < ${EMAILMESSAGE} fi } find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG} check_scan find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG} check_scan echo "***End /etc/cron.hourly/clamscan_hourly at `date`" >> ${LOG} echo "" >> ${LOG}
/etc/cron.daily/clamscan_daily
#!/bin/bash # email subject SUBJECT="VIRUS DETECTED ON `hostname`!!!" # Email To ? EMAIL="USER@DOMAIN" # Log location LOG=/var/log/clamav/scan.log echo "" >> ${LOG} echo "***Start /etc/cron.daily/clamscan_daily at `date`" >> ${LOG} check_scan () { # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem. if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ] then EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: root@`hostname`" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE} #sendmail -t < ${EMAILMESSAGE} /usr/bin/mutt -s "${SUBJECT}" $EMAIL < ${EMAILMESSAGE} fi } clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG} check_scan echo "***End /etc/cron.daily/clamscan_daily at `date`" >> ${LOG} echo "" >> ${LOG}
Make sure that the new cron files are set to executable (chmod +x)
Remember that email from crons will require setup (see GMail on Linux with SSMTP)
Test that clamd runs upon a reboot (it should)
Clamav may report errors in the scan logs if SELinux is set to enforcing; some files cannot be checked even as root.
Check /var/log/clamav for log files updating; freshclam failed on one box because log files had bad permissions. User “clam” and user “clamav” seemed to conflict, and another box only had user clam, not both. This can happen when the clamd RPM and the clamav RPM come from different sources. The following recommendations are what are used in my VM distributions of ZendTo. There are 2 usernames involved: “clam” and “clamav”.
The following is all based on the line
User clam
appearing in the file /etc/clamd.conf
More info: http://zend.to/clamavpermissions.php
Fix: Disable rpmforge in /etc/yum.repos.d/ directory
Other scripts: https://www.annasseh.info/knowledgebase/30/Install-ClamAV--on-CentOS-6---64-bit-plus-Configure-Daily-Scanning.html
관련링크
댓글목록
등록된 댓글이 없습니다.