過去、数回installしていますが、これまでのメモが不十分でしたので、再度、お試し
参考url
install
主に https://clamav-jp.osdn.jp/jdoc/clamav.html の記載の通りです。
$ sudo groupadd clamav $ sudo useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
$ sudo yum install gmp
$ wget https://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz
$ tar -xvf clamav-0.102.3.tar.gz
$ ./configure
:
configure: Summary of detected features follows
OS : linux-gnu
pthreads : yes (-lpthread)
configure: Summary of miscellaneous features
check : no (auto)
fanotify : yes
fdpassing : 1
IPv6 : yes
openssl : /usr
libcurl : /usr/local
configure: Summary of optional tools
clamdtop : yes (-lncurses)
milter : no (missing libmilter) (disabled)
clamsubmit : no (missing libjson-c-dev. Use the website to submit FPs/FNs.) (disabled)
clamonacc : yes (auto)
configure: Summary of engine performance features
release mode: yes
llvm : no (disabled)
mempool : yes
configure: Summary of engine detection features
iconv : yes
bzip2 : ok
zlib : yes (from system)
unrar : yes
preclass : no (missing libjson-c-dev) (disabled)
pcre : /usr/local
libmspack : yes (Internal)
libxml2 : yes, from /usr/local
yara : yes
fts : yes (libc)
$ make
$ make check
$ sudo make install
virus 定期 databaseの作成
$ sudo /usr/local/bin/freshclam ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf $ sudo cp ~/tmp/clamav-0.102.3/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
が、freshclam.conf 内に「Example」という記述があったので、コメント化
$ sudo /usr/local/bin/freshclam ERROR: Please edit the example config file /usr/local/etc/freshclam.conf ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf $ sudo vi /usr/local/etc/freshclam.conf # Comment or remove the line below. # Example ←ココをコメント化
更に、virus定義file 用のdirがない為、mkdir
$ sudo /usr/local/bin/freshclam ERROR: Database directory does not exist: /usr/local/share/clamav/ ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! $ sudo mkdir /usr/local/share/clamav
更にx2、ユーザ(clamav)への書込み権限が必要らしく、chown
$ sudo /usr/local/bin/freshclam ClamAV update process started at Sat May 23 10:54:10 2020 ERROR: Can't create temporary directory /usr/local/share/clamav/tmp.bbd17 Hint: The database directory must be writable for UID 1005 or GID 1007 ERROR: Update failed. $ sudo chown clamav:clamav /usr/local/share/clamav $ ls -l /usr/local/share : drwxr-xr-x 2 clamav clamav 6 May 23 10:54 clamav $
で、やっと成功。
$ sudo /usr/local/bin/freshclam ClamAV update process started at Sat May 23 11:00:01 2020 daily database available for download (remote version: 25820) Time: 17.6s, ETA: 0.0s [=============================>] 63.14MiB/63.14MiB Testing database: '/usr/local/share/clamav/tmp.3cc97/clamav-f27aa8b7c8f1244ca8cb7be72f9f37a1.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 25820, sigs: 2462534, f-level: 63, builder: raynman) main database available for download (remote version: 59) Time: 26.4s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB Testing database: '/usr/local/share/clamav/tmp.3cc97/clamav-1197b7466f4ea80d0831b55e85bcab64.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) bytecode database available for download (remote version: 331) Time: 5.3s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB Testing database: '/usr/local/share/clamav/tmp.3cc97/clamav-759c07fa126e9bbd634636a0e7770777.tmp-bytecode.cvd' ... Database test passed. bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
clamd (daemon)の起動
設定fileのcopy.
$ sudo cp ~/tmp/clamav-0.102.3/etc/clamd.conf.sample /usr/local/etc/clamd.conf $ sudo vi /usr/local/etc/clamd.conf ※ freshclam.conf と同様、「Example」という記述があったので、コメント化 # Comment or remove the line below. # Example ※clamd起動時に「Please define server type (local and/or TCP)」となる為、 以下3行を非コメント化 FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1
自動起動 for systemd の設定
$ sudo cp ~/tmp/clamav-0.102.3/clamd/clamav-daemon.service /etc/systemd/system/
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-daemon.service
→ /etc/systemd/system/clamav-daemon.service.
Created symlink /etc/systemd/system/sockets.target.wants/clamav-daemon.socket
→ /usr/lib/systemd/system/clamav-daemon.socket.
$ sudo systemctl start clamav-daemon.service
$ sudo systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/etc/systemd/system/clamav-daemon.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-05-23 11:26:14 JST; 2s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 9398 (clamd)
Tasks: 1 (limit: 24004)
Memory: 182.4M
CGroup: /system.slice/clamav-daemon.service
└─9398 /usr/local/sbin/clamd --foreground=true
clamdscan によるvirus scan
www.eicar.org によるテストfileを利用します
$ wget http://www.eicar.org/download/eicar.com $ wget http://www.eicar.org/download/eicar.com.txt $ wget http://www.eicar.org/download/eicar_com.zip $ wget http://www.eicar.org/download/eicarcom2.zip ## virusありの場合 $ /usr/local/bin/clamdscan -i eicar.com /home/end0tknr/tmp/CLAM_AV/eicar.com: Win.Test.EICAR_HDB-1 FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.002 sec (0 m 0 s) ## virusなしの場合 [end0tknr@cent80 CLAM_AV]$ /usr/local/bin/clamdscan -i foo.txt ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.001 sec (0 m 0 s) ## clamdが起動していない等、errorの場合 $ /usr/local/bin/clamdscan -i eicar.com ERROR: Could not connect to clamd on 127.0.0.1: Connection refused ----------- SCAN SUMMARY ----------- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s)
