zoukankan      html  css  js  c++  java
  • CentOS Linux病毒查杀系统的构建(Clam AntiVirus

     UNIX下的杀毒软件有好多是商业版本的。但和Windows系统下一样,杀毒软件的质量决定于病毒库的量已及更新的速度。在这里,我们使用自由软件 Clam AntiVirus 来建立Linux下的病毒查杀系统。并且为了消除后来的隐患,建议务必在服务器公开以前构建病毒查杀系统。

    安装 Clam AntiVirus

      由于Clam Antivirus不存在于CentOS中yum的官方库中,所以用yum安装Clam Antivirus需要定义非官方的库。请先确认相应非官方库文件的存在。

    [root@sample ~]# ls -l /etc/yum.repos.d/dag.repo  ← 确认相应库文件的存在性
    -rw-r--r-- 1 root root 143 Oct 1 21:33 /etc/yum.repos.d/dag.repo ← 确认其存在(否则不能通过yum安装Clamd)

      如果以上,dag.repo文件不存在,则不能通过yum安装Clam Antivirus,需要定义非官方库。定义非官方库的方法请见 “CentOS的下载、安装及初始环境设置”一节中yum的相关设置。而且,在此前提下也要保证所定义的dag.repo文件的语法的正确性。

      然后,通过yum来在线安装 Clam Antivirus 。

    [root@sample ~]# yum -y install clamd  ← 在线安装 Clam AntiVirus
    Setting up Install Process
    Setting up repositories
    dag 100% |=========================| 1.1 kB 00:00
    update 100% |=========================| 951 B 00:00
    base 100% |=========================| 1.1 kB 00:00
    addons 100% |=========================| 951 B 00:00
    extras 100% |=========================| 1.1 kB 00:00
    Reading repository metadata in from local files
    primary.xml.gz 100% |=========================| 1.6 MB 00:08
    dag : ################################################## 4610/4610
    Added 4610 new packages, deleted 0 old in 94.91 seconds
    primary.xml.gz 100% |=========================| 103 kB 00:05
    update : ################################################## 256/256
    Added 56 new packages, deleted 0 old in 4.25 seconds
    Reducing Dag RPM Repository for Red Hat Enterprise Linux to included packages only
    Finished
    Parsing package install arguments
    Resolving Dependencies
    --> Populating transaction set with selected packages. Please wait.
    ---> Downloading header for clamd to pack into transaction set.
    clamd-0.88.4-1.el4.rf.i38 100% |=========================| 5.3 kB 00:00
    ---> Package clamd.i386 0:0.88.4-1.el4.rf set to be updated
    --> Running transaction check
    --> Processing Dependency: clamav = 0.88.4-1.el4.rf for package: clamd
    --> Processing Dependency: libclamav.so.1 for package: clamd
    --> Restarting Dependency Resolution with new changes.
    --> Populating transaction set with selected packages. Please wait.
    ---> Downloading header for clamav to pack into transaction set.
    clamav-0.88.4-1.el4.rf.i3 100% |=========================| 8.1 kB 00:00
    ---> Package clamav.i386 0:0.88.4-1.el4.rf set to be updated
    --> Running transaction check
    --> Processing Dependency: clamav-db = 0.88.4-1.el4.rf for package: clamav
    --> Restarting Dependency Resolution with new changes.
    --> Populating transaction set with selected packages. Please wait.
    ---> Downloading header for clamav-db to pack into transaction set.
    clamav-db-0.88.4-1.el4.rf 100% |=========================| 3.2 kB 00:00
    ---> Package clamav-db.i386 0:0.88.4-1.el4.rf set to be updated
    --> Running transaction check

    Dependencies Resolved

    =============================================================================
    Package Arch Version Repository Size
    =============================================================================
    Installing:
    clamd i386 0.88.4-1.el4.rf dag 64 k
    Installing for dependencies:
    clamav i386 0.88.4-1.el4.rf dag 724 k
    clamav-db i386 0.88.4-1.el4.rf dag 5.6 M

    Transaction Summary
    =============================================================================
    Install 3 Package(s)
    Update 0 Package(s)
    Remove 0 Package(s)
    Total download size: 6.4 M
    Downloading Packages:
    (1/3): clamd-0.88.4-1.el4 100% |=========================| 64 kB 00:01
    (2/3): clamav-0.88.4-1.el 100% |=========================| 724 kB 00:04
    (3/3): clamav-db-0.88.4-1 100% |=========================| 5.6 MB 00:25
    Running Transaction Test
    Finished Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Installing: clamav-db ######################### [1/3]
    Installing: clamav ######################### [2/3]
    Installing: clamd ######################### [3/3]
    Installed: clamd.i386 0:0.88.4-1.el4.rf
    Dependency Installed: clamav.i386 0:0.88.4-1.el4.rf clamav-db.i386 0:0.88.4-1.el4.rf
    Complete!   ← 安装完毕!

    配置 Clam AntiVirus

      接下来配置 Clam Antivirus 。

    [root@sample ~]# vi /etc/clamd.conf  ← 修改clamd的配置文件

    ArchiveBlockMax ← 找到这一行,在行首加上“#”(不把大容量的压缩文件看作被感染病毒的文件)
     ↓
    #ArchiveBlockMax ← 变为此状态

    User clamav  ← 找到这一行,在行首加上“#”(不允许一般用户控制)
     ↓
    #User clamav  ← 变为此状态

    运行 Clam AntiVirus

      让 Clam Antivirus 开始运行,并设置其为自启动。

    [root@sample ~]# chkconfig clamd on   ← 将其设置为自系统启动后启动

    [root@sample ~]# chkconfig --list clamd
    clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off  ← 确认2--5为on的状态就OK

    [root@sample ~]# /etc/rc.d/init.d/clamd start  ← 启动clamd服务(运行Clam AntiVirus)

    Starting Clam AntiVirus Daemon:      [ OK ]  ← 启动成功

    更新 Clam AntiVirus 的病毒库

      安装后建议立即更新病毒库,以保证最新病毒的查杀。

    [root@sample ~]# freshclam  ← 更新clam的病毒库

    ClamAV update process started at Fri Aug 25 18:39:26 2006
    Downloading main.cvd


    • main.cvd updated (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
      Downloading daily.cvd

    • daily.cvd updated (version: 1728, sigs: 2565, f-level: 8, builder: ccordes)
      Database updated (66703 signatures) from db.cn.clamav.net (IP: 58.221.253.171)
      Clamd successfully notified about the update.

    病毒扫描

      然后进行病毒扫描的测试,在这里,我们首先下载测试用的病毒文件。

    [root@sample ~]# clamdscan  ← 进行病毒扫描

    /root: OK

    ----------- SCAN SUMMARY -----------
    Infected files: 0  ← 没有发现病毒
    Time: 5.074 sec (0 m 5 s)

    [root@sample ~]# wget http://www.eicar.org/download/eicar.com  ← 下载带毒文件

    [root@sample ~]# wget http://www.eicar.org/download/eicar_com.zip  ← 下载带毒文件

      然后,再次进行病毒到描。附加“remove”选项后,会在查出病毒后自动删除染毒文件。

    [root@sample ~]# clamdscan --remove  ← 再次进行病毒扫描,并附加删除选项

    /root/eicar.com: Eicar-Test-Signature FOUND  ← 发现被病毒感染的文件
    /root/eicar.com: Removed.  ← 删除被病毒感染的文件
    /root/eicar_com.zip: Eicar-Test-Signature FOUND  ← 发现被病毒感染的文件
    /root/eicar_com.zip: Removed.  ← 删除被病毒感染的文件 ----------- SCAN SUMMARY -----------
    Infected files: 2
    Time: 2.201 sec (0 m 2 s)

    让病毒扫描定期运行

    [root@sample ~]# vi scan.sh  ← 建立自动扫描脚本,如下:

    #!/bin/bash
    PATH=/usr/bin:/bin
    CLAMSCANTMP=`mktemp`
    clamdscan --recursive --remove / > $CLAMSCANTMP
    [ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
    grep FOUND $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
    rm -f $CLAMSCANTMP

    [root@sample ~]# chmod 700 scan.sh  ← 赋予脚本可被执行的权限
    [root@sample ~]# crontab -e   ← 编辑计划任务,添加如下行
    00 03 * * * /root/scan.sh   ← 添加这一行,让其在每天3点钟执行扫描

  • 相关阅读:
    机器学习笔记[保持更新]
    习题 7-3 uva211
    习题 7-2 uva225(回溯)
    习题7-1 uva 208(剪枝)
    poj2331 (IDA*)
    poj2449 (第k条最短路)
    POJ 1324(BFS + 状态压缩)
    hdu3567 八数码(搜索)--预处理
    poj 1367 robot(搜索)
    例 7-10 uva12212(迭代加深搜索)
  • 原文地址:https://www.cnblogs.com/zhouwenwu/p/2301416.html
Copyright © 2011-2022 走看看