end0tknr's kipple - 新web写経開発

http://d.hatena.ne.jp/end0tknr/ から移転しました

install clamav-0.102.3 from src to centos 8

過去、数回installしていますが、これまでのメモが不十分でしたので、再度、お試し

参考url

install

主に https://clamav-jp.osdn.jp/jdoc/clamav.html の記載の通りです。

$ sudo groupadd clamav
$ sudo useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
$ sudo yum install gmp
$ wget https://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz
$ tar -xvf clamav-0.102.3.tar.gz
$ ./configure
  :
configure: Summary of detected features follows
              OS          : linux-gnu
              pthreads    : yes (-lpthread)
configure: Summary of miscellaneous features
              check       : no (auto)
              fanotify    : yes
              fdpassing   : 1
              IPv6        : yes
              openssl     : /usr
              libcurl     : /usr/local
configure: Summary of optional tools
              clamdtop    : yes (-lncurses)
              milter      : no (missing libmilter) (disabled)
              clamsubmit  : no (missing libjson-c-dev. Use the website to submit FPs/FNs.) (disabled)
              clamonacc   : yes (auto)
configure: Summary of engine performance features
              release mode: yes
              llvm        : no (disabled)
              mempool     : yes
configure: Summary of engine detection features
              iconv       : yes
              bzip2       : ok
              zlib        : yes (from system)
              unrar       : yes
              preclass    : no (missing libjson-c-dev) (disabled)
              pcre        : /usr/local
              libmspack   : yes (Internal)
              libxml2     : yes, from /usr/local
              yara        : yes
              fts         : yes (libc)
$ make
$ make check
$ sudo make install 

virus 定期 databaseの作成

$ sudo /usr/local/bin/freshclam
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf

$ sudo cp ~/tmp/clamav-0.102.3/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf

が、freshclam.conf 内に「Example」という記述があったので、コメント化

$ sudo /usr/local/bin/freshclam
ERROR: Please edit the example config file /usr/local/etc/freshclam.conf
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf

$ sudo vi /usr/local/etc/freshclam.conf

  # Comment or remove the line below.
  # Example ←ココをコメント化

更に、virus定義file 用のdirがない為、mkdir

$ sudo /usr/local/bin/freshclam
ERROR: Database directory does not exist: /usr/local/share/clamav/
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!

$ sudo mkdir /usr/local/share/clamav

更にx2、ユーザ(clamav)への書込み権限が必要らしく、chown

$ sudo /usr/local/bin/freshclam
ClamAV update process started at Sat May 23 10:54:10 2020
ERROR: Can't create temporary directory /usr/local/share/clamav/tmp.bbd17
Hint: The database directory must be writable for UID 1005 or GID 1007
ERROR: Update failed.

$ sudo chown clamav:clamav /usr/local/share/clamav
$ ls -l /usr/local/share
   :
drwxr-xr-x   2 clamav clamav    6 May 23 10:54 clamav
$

で、やっと成功。

$ sudo /usr/local/bin/freshclam
ClamAV update process started at Sat May 23 11:00:01 2020
daily database available for download (remote version: 25820)
Time: 17.6s, ETA: 0.0s [=============================>] 63.14MiB/63.14MiB        
Testing database: '/usr/local/share/clamav/tmp.3cc97/clamav-f27aa8b7c8f1244ca8cb7be72f9f37a1.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 25820, sigs: 2462534, f-level: 63, builder: raynman)
main database available for download (remote version: 59)
Time: 26.4s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB       
Testing database: '/usr/local/share/clamav/tmp.3cc97/clamav-1197b7466f4ea80d0831b55e85bcab64.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode database available for download (remote version: 331)
Time: 5.3s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB      
Testing database: '/usr/local/share/clamav/tmp.3cc97/clamav-759c07fa126e9bbd634636a0e7770777.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

clamd (daemon)の起動

設定fileのcopy.

$ sudo cp ~/tmp/clamav-0.102.3/etc/clamd.conf.sample /usr/local/etc/clamd.conf

$ sudo vi /usr/local/etc/clamd.conf

※ freshclam.conf と同様、「Example」という記述があったので、コメント化
# Comment or remove the line below.
# Example

※clamd起動時に「Please define server type (local and/or TCP)」となる為、
  以下3行を非コメント化
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1

自動起動 for systemd の設定

$ sudo cp ~/tmp/clamav-0.102.3/clamd/clamav-daemon.service /etc/systemd/system/
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-daemon.service
  → /etc/systemd/system/clamav-daemon.service.
Created symlink /etc/systemd/system/sockets.target.wants/clamav-daemon.socket
  → /usr/lib/systemd/system/clamav-daemon.socket.

$ sudo systemctl start  clamav-daemon.service
$ sudo systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/etc/systemd/system/clamav-daemon.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-05-23 11:26:14 JST; 2s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
 Main PID: 9398 (clamd)
    Tasks: 1 (limit: 24004)
   Memory: 182.4M
   CGroup: /system.slice/clamav-daemon.service
           └─9398 /usr/local/sbin/clamd --foreground=true

clamdscan によるvirus scan

www.eicar.org によるテストfileを利用します

$ wget http://www.eicar.org/download/eicar.com
$ wget http://www.eicar.org/download/eicar.com.txt
$ wget http://www.eicar.org/download/eicar_com.zip
$ wget http://www.eicar.org/download/eicarcom2.zip

## virusありの場合
$ /usr/local/bin/clamdscan -i eicar.com
/home/end0tknr/tmp/CLAM_AV/eicar.com: Win.Test.EICAR_HDB-1 FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.002 sec (0 m 0 s)

## virusなしの場合
[end0tknr@cent80 CLAM_AV]$ /usr/local/bin/clamdscan -i foo.txt 

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)

## clamdが起動していない等、errorの場合
$ /usr/local/bin/clamdscan -i eicar.com
ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)