<病毒查杀系统的构建(ClamAntiVirus)>(最近更新日:2006/08/15)
UNIX下的杀毒软件有好多是商业版本的。但和Windows系统下一样,杀毒软件的质量决定于病毒库的量已及更新的速度。在这里,我们使用自由软件ClamAntiVirus来建立Linux下的病毒查杀系统。并且为了消除后来的隐患,建议务必在服务器公开以前构建病毒查杀系统。
由于ClamAntivirus不存在于CentOS中yum的官方库中,所以用yum安装ClamAntivirus需要定义非官方的库。请先确认相应非官方库文件的存在。
[root@sample~]#ls-l/etc/yum.repos.d/dag.repo ←确认相应库文件的存在性
-rw-r--r--1rootroot143Oct121:33/etc/yum.repos.d/dag.repo ←确认其存在(否则不能通过yum安装Clamd) |
如果以上,dag.repo文件不存在,则不能通过yum安装ClamAntivirus,需要定义非官方库。定义非官方库的方法请见“
CentOS的下载、安装及初始环境设置”一节中yum的相关设置。而且,在此前提下也要
保证所定义的dag.repo文件的语法的正确性。然后,通过yum来在线安装ClamAntivirus。
[root@sample~]#yum-yinstallclamd ←在线安装ClamAntiVirus
SettingupInstallProcess
Settinguprepositories
dag100%|=========================|1.1kB00:00
update100%|=========================|951B00:00
base100%|=========================|1.1kB00:00
addons100%|=========================|951B00:00
extras100%|=========================|1.1kB00:00
Readingrepositorymetadatainfromlocalfiles
primary.xml.gz100%|=========================|1.6MB00:08
dag:##################################################4610/4610
Added4610newpackages,deleted0oldin94.91seconds
primary.xml.gz100%|=========================|103kB00:05
update:##################################################256/256
Added56newpackages,deleted0oldin4.25seconds
ReducingDagRPMRepositoryforRedHatEnterpriseLinuxtoincludedpackagesonly
Finished
Parsingpackageinstallarguments
ResolvingDependencies
-->Populatingtransactionsetwithselectedpackages.Pleasewait.
--->Downloadingheaderforclamdtopackintotransactionset.
clamd-0.88.4-1.el4.rf.i38100%|=========================|5.3kB00:00
--->Packageclamd.i3860:0.88.4-1.el4.rfsettobeupdated
-->Runningtransactioncheck
-->ProcessingDependency:clamav=0.88.4-1.el4.rfforpackage:clamd
-->ProcessingDependency:libclamav.so.1forpackage:clamd
-->RestartingDependencyResolutionwithnewchanges.
-->Populatingtransactionsetwithselectedpackages.Pleasewait.
--->Downloadingheaderforclamavtopackintotransactionset.
clamav-0.88.4-1.el4.rf.i3100%|=========================|8.1kB00:00
--->Packageclamav.i3860:0.88.4-1.el4.rfsettobeupdated
-->Runningtransactioncheck
-->ProcessingDependency:clamav-db=0.88.4-1.el4.rfforpackage:clamav
-->RestartingDependencyResolutionwithnewchanges.
-->Populatingtransactionsetwithselectedpackages.Pleasewait.
--->Downloadingheaderforclamav-dbtopackintotransactionset.
clamav-db-0.88.4-1.el4.rf100%|=========================|3.2kB00:00
--->Packageclamav-db.i3860:0.88.4-1.el4.rfsettobeupdated
-->RunningtransactioncheckDependenciesResolved
=============================================================================
PackageArchVersionRepositorySize
=============================================================================
Installing:
clamdi3860.88.4-1.el4.rfdag64k
Installingfordependencies:
clamavi3860.88.4-1.el4.rfdag724k
clamav-dbi3860.88.4-1.el4.rfdag5.6M
TransactionSummary
=============================================================================
Install3Package(s)
Update0Package(s)
Remove0Package(s)
Totaldownloadsize:6.4M
DownloadingPackages:
(1/3):clamd-0.88.4-1.el4100%|=========================|64kB00:01
(2/3):clamav-0.88.4-1.el100%|=========================|724kB00:04
(3/3):clamav-db-0.88.4-1100%|=========================|5.6MB00:25
RunningTransactionTest
FinishedTransactionTest
TransactionTestSucceeded
RunningTransaction
Installing:clamav-db#########################[1/3]
Installing:clamav#########################[2/3]
Installing:clamd#########################[3/3]
Installed:clamd.i3860:0.88.4-1.el4.rf
DependencyInstalled:clamav.i3860:0.88.4-1.el4.rfclamav-db.i3860:0.88.4-1.el4.rf
Complete!←安装完毕! |
接下来配置ClamAntivirus。
[root@sample~]#vi/etc/clamd.conf ←修改clamd的配置文件
ArchiveBlockMax ←找到这一行,在行首加上“#”(不把大容量的压缩文件看作被感染病毒的文件)
↓
#ArchiveBlockMax ←变为此状态
Userclamav ←找到这一行,在行首加上“#”(不允许一般用户控制)
↓
#Userclamav←变为此状态 |
让ClamAntivirus开始运行,并设置其为自启动。
[root@sample~]#chkconfigclamdon←将其设置为自系统启动后启动
[root@sample~]#chkconfig--listclamd
clamd0:off1:off2:on3:on4:on5:on6:off ←确认2--5为on的状态就OK
[root@sample~]#/etc/rc.d/init.d/clamdstart ←启动clamd服务(运行ClamAntiVirus)
StartingClamAntiVirusDaemon:[OK] ←启动成功 |
安装后建议立即更新病毒库,以保证最新病毒的查杀。
[root@sample~]#freshclam ←更新clam的病毒库
ClamAVupdateprocessstartedatFriAug2518:39:262006
Downloadingmain.cvd[*]
main.cvdupdated(version:40,sigs:64138,f-level:8,builder:tkojm)
Downloadingdaily.cvd[*]
daily.cvdupdated(version:1728,sigs:2565,f-level:8,builder:ccordes)
Databaseupdated(66703signatures)fromdb.cn.clamav.net(IP:58.221.253.171)
Clamdsuccessfullynotifiedabouttheupdate. |
然后进行病毒扫描的测试,在这里,我们首先下载测试用的病毒文件。
[root@sample~]#clamdscan ←进行病毒扫描
/root:OK-----------SCANSUMMARY-----------
Infectedfiles:0 ←没有发现病毒
Time:5.074sec(0m5s)
[root@sample~]#wgethttp://www.eicar.org/download/eicar.com ←下载带毒文件
[root@sample~]#wgethttp://www.eicar.org/download/eicar_com.zip ←下载带毒文件 |
然后,再次进行病毒到描。附加“remove”选项后,会在查出病毒后自动删除染毒文件。
[root@sample~]#clamdscan--remove ←再次进行病毒扫描,并附加删除选项
/root/eicar.com:Eicar-Test-SignatureFOUND ←发现被病毒感染的文件
/root/eicar.com:Removed. ←删除被病毒感染的文件
/root/eicar_com.zip:Eicar-Test-SignatureFOUND ←发现被病毒感染的文件
/root/eicar_com.zip:Removed. ←删除被病毒感染的文件-----------SCANSUMMARY-----------
Infectedfiles:2
Time:2.201sec(0m2s) |
[root@sample~]#viscan.sh ←建立自动扫描脚本,如下:
#!/bin/bash
PATH=/usr/bin:/bin
CLAMSCANTMP=`mktemp`
clamdscan--recursive--remove/>$CLAMSCANTMP
[!-z"$(grepFOUND$$CLAMSCANTMP)"]&&\
grepFOUND$CLAMSCANTMP|mail-s"VirusFoundin`hostname`"root
rm-f$CLAMSCANTMP
[root@sample~]#chmod700scan.sh ←赋予脚本可被执行的权限
[root@sample~]#crontab-e ←编辑计划任务,添加如下行
0003***/root/scan.sh←添加这一行,让其在每天3点钟执行扫描 |
返回中文centOS攻略首页