Clam AntiVirus をインストールする
通常は無効にしている rpmforge のリポジトリを一時的に有効にして、インストールを行う。
# yum --enablerepo=rpmforge install clamd Loading "installonlyn" plugin Setting up Install Process Setting up repositories update 100% |=========================| 951 B 00:00 rpmforge 100% |=========================| 1.1 kB 00:00 base 100% |=========================| 1.1 kB 00:00 addons 100% |=========================| 951 B 00:00 Reading repository metadata in from local files primary.xml.gz 100% |=========================| 2.4 MB 00:05 ################################################## 6747/6747 Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for clamd to pack into transaction set. clamd-0.93-2.el5.rf.i386. 100% |=========================| 6.2 kB 00:00 ---> Package clamd.i386 0:0.93-2.el5.rf set to be updated --> Running transaction check --> Processing Dependency: clamav = 0.93-2.el5.rf for package: clamd --> Processing Dependency: libclamav.so.4(CLAMAV_PRIVATE) for package: clamd --> Processing Dependency: libclamav.so.4(CLAMAV_PUBLIC) for package: clamd --> Processing Dependency: libclamav.so.4 for package: clamd --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for clamav to pack into transaction set. clamav-0.93-2.el5.rf.i386 100% |=========================| 17 kB 00:00 ---> Package clamav.i386 0:0.93-2.el5.rf set to be updated --> Running transaction check --> Processing Dependency: clamav-db for package: clamav --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for clamav-db to pack into transaction set. clamav-db-0.93-2.el5.rf.i 100% |=========================| 3.7 kB 00:00 ---> Package clamav-db.i386 0:0.93-2.el5.rf set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: clamd i386 0.93-2.el5.rf rpmforge 86 k Installing for dependencies: clamav i386 0.93-2.el5.rf rpmforge 1.4 M clamav-db i386 0.93-2.el5.rf rpmforge 13 M Transaction Summary ============================================================================= Install 3 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 14 M Is this ok [y/N]: y Downloading Packages: (1/3): clamd-0.93-2.el5.r 100% |=========================| 86 kB 00:01 (2/3): clamav-0.93-2.el5. 100% |=========================| 1.4 MB 00:04 (3/3): clamav-db-0.93-2.e 100% |=========================| 13 MB 00:10 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: clamav-db ######################### [1/3] Installing: clamav ######################### [2/3] Installing: clamd ######################### [3/3] Installed: clamd.i386 0:0.93-2.el5.rf Dependency Installed: clamav.i386 0:0.93-2.el5.rf clamav-db.i386 0:0.93-2.el5.rf Complete! #
Clam AntiVirus を起動する
# cp /etc/clamd.conf /etc/clamd.conf.orig # vi /etc/clamd.conf #User clamav <- root 権限で動作させるためにコメントアウトする # cp /etc/freshclam.conf /etc/freshclam.conf.orig # vi /etc/freshclam.conf DatabaseMirror db.jp.clamav.net #DatabaseMirror db.local.clamav.net <- ウィルスデータベースの入手元を日本だけにするためにコメントアウト # chkconfig --list clamd clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off # /etc/rc.d/init.d/clamd start Starting Clam AntiVirus Daemon: LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ]
Clam AntiVirus のウィルス定義ファイルを最新に更新する
# /usr/bin/freshclam ClamAV update process started at Wed Apr 30 17:34:05 2008 main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven) WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 211.12.214.131) WARNING: getpatch: Can't download daily-6689.cdiff from db.jp.clamav.net WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 211.12.214.131) WARNING: getpatch: Can't download daily-6689.cdiff from db.jp.clamav.net WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 218.44.253.75) WARNING: getpatch: Can't download daily-6689.cdiff from db.jp.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 6993, sigs: 42012, f-level: 26, builder: ccordes) Database updated (273846 signatures) from db.jp.clamav.net (IP: 219.106.242.51) Clamd successfully notified about the update. #
ウィルススキャンテスト(ウィルスなしの場合)
# clamscan --infected --remove --recursive ----------- SCAN SUMMARY ----------- Known viruses: 273088 Engine version: 0.93 Scanned directories: 9 Scanned files: 22 Infected files: 0 Data scanned: 0.06 MB Time: 2.988 sec (0 m 2 s)
ウィルススキャンテスト(ウィルスありの場合)
まずはテスト用ウィルスファイルをダウンロードする。
# wget http://www.eicar.org/download/eicar.com --17:50:53-- http://www.eicar.org/download/eicar.com Resolving www.eicar.org... 88.198.38.136 Connecting to www.eicar.org|88.198.38.136|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 68 [application/x-msdos-program] Saving to: `eicar.com' 100%[=================================================================================>] 68 --.-K/s in 0s 17:51:05 (4.86 MB/s) - `eicar.com' saved [68/68] /root/clam# wget wget http://www.eicar.org/download/eicar.com.txt --17:51:18-- http://wget/ Resolving wget... failed: Name or service not known. --17:51:18-- http://www.eicar.org/download/eicar.com.txt Resolving www.eicar.org... 88.198.38.136 Connecting to www.eicar.org|88.198.38.136|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 68 [text/plain] Saving to: `eicar.com.txt' 100%[=================================================================================>] 68 --.-K/s in 0s 17:51:19 (2.89 MB/s) - `eicar.com.txt' saved [68/68] FINISHED --17:51:19-- Downloaded: 1 files, 68 in 0s (2.89 MB/s) /root/clam# wget wget http://www.eicar.org/download/eicar_com.zip --17:51:29-- http://wget/ Resolving wget... failed: Name or service not known. --17:51:29-- http://www.eicar.org/download/eicar_com.zip Resolving www.eicar.org... 88.198.38.136 Connecting to www.eicar.org|88.198.38.136|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 184 [application/zip] Saving to: `eicar_com.zip' 100%[=================================================================================>] 184 --.-K/s in 0s 17:51:29 (12.6 MB/s) - `eicar_com.zip' saved [184/184] FINISHED --17:51:29-- Downloaded: 1 files, 184 in 0s (12.6 MB/s) /root/clam# wget http://www.eicar.org/download/eicarcom2.zip --17:51:39-- http://www.eicar.org/download/eicarcom2.zip Resolving www.eicar.org... 88.198.38.136 Connecting to www.eicar.org|88.198.38.136|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 308 [application/zip] Saving to: `eicarcom2.zip' 100%[=================================================================================>] 308 --.-K/s in 0s 17:51:40 (15.3 MB/s) - `eicarcom2.zip' saved [308/308]
それから、スキャンを実行する。
t# clamscan --infected --remove --recursive /root/clam/eicar_com.zip: Eicar-Test-Signature FOUND /root/clam/eicar_com.zip: Removed /root/clam/eicarcom2.zip: Eicar-Test-Signature FOUND /root/clam/eicarcom2.zip: Removed /root/clam/eicar.com.txt: Eicar-Test-Signature FOUND /root/clam/eicar.com.txt: Removed /root/clam/eicar.com: Eicar-Test-Signature FOUND /root/clam/eicar.com: Removed ----------- SCAN SUMMARY ----------- Known viruses: 273088 Engine version: 0.93 Scanned directories: 10 Scanned files: 26 Infected files: 4 Data scanned: 0.06 MB Time: 2.978 sec (0 m 2 s)
