ClamAV ( Clam AntiVirus )
는 리눅스에서 사용가능한 바이러스 검사 소프트웨어로 제일 강점은 무료입니다.
바이러스를 포함한 수많은 종류의 악성 코드 프로그램을 찾아낼 수 있도록 도와주는 리눅스 무료 소프트웨어입니다.
1. Selinux 는 비활성화!
# vi /etc/selinux/config SELINUX=disabled |
2. 패키지 설치를 위해 yum 레파지토리 설치.
[root@server ~]# yum -y install epel-release Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: ftp.kaist.ac.kr * extras: ftp.kaist.ac.kr * updates: ftp.kaist.ac.kr base extras updates (1/4): extras/7/x86_64/primary_db (2/4): base/7/x86_64/group_gz (3/4): base/7/x86_64/primary_db (4/4): updates/7/x86_64/primary_db Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:7-11 will be installed --> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================================== Package Arch Version ==================================================================================================================================== Installing: epel-release noarch 7-11
Transaction Summary ==================================================================================================================================== Install 1 Package
Total download size: 15 k Installed size: 24 k Downloading packages: warning: /var/cache/yum/x86_64/7/extras/packages/epel-release-7-11.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKE Public key for epel-release-7-11.noarch.rpm is not installed epel-release-7-11.noarch.rpm Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : epel-release-7-11.noarch Verifying : epel-release-7-11.noarch
Installed: epel-release.noarch 0:7-11
Complete! |
3. ClamAV 패키지 설치 해줍니다.
[root@server~]# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile epel/x86_64/metalink | 9.6 kB 00:00:00 * base: mirror.kakao.com * epel: ftp.kaist.ac.kr * extras: mirror.kakao.com * updates: mirror.kakao.com epel | 4.3 kB 00:00:00 (1/3): epel/x86_64/group | 399 kB 00:00:00 (2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (3/3): epel/x86_64/primary_db | 8.7 MB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package clamav.x86_64 0:0.103.11-1.el7 will be installed ---> Package clamav-data.noarch 0:0.103.11-1.el7 will be installed Dependencies Resolved
=================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================== Installing: clamav x86_64 0.103.11-1.el7 epel 332 k clamav-data noarch 0.103.11-1.el7 epel 222 M clamav-devel x86_64 0.103.11-1.el7 epel 52 k clamav-filesystem noarch 0.103.11-1.el7 epel 45 k clamav-lib x86_64 0.103.11-1.el7 epel 833 k clamav-update x86_64 0.103.11-1.el7 epel 128 k clamd x86_64 0.103.11-1.el7 epel 122 k --------- ------------------ ------------------ ---------중략 ------------------ ------------------ ------------------
Installed: clamav.x86_64 0:0.103.11-1.el7 clamav-data.noarch 0:0.103.11-1.el7 clamav-devel.x86_64 0:0.103.11-1.el7 clamav-filesystem.noarch 0:0.103.11-1.el7 clamav-lib.x86_64 0:0.103.11-1.el7 clamav-update.x86_64 0:0.103.11-1.el7 clamd.x86_64 0:0.103.11-1.el7
Dependency Installed: keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-55.el7_9 libcom_err-devel.x86_64 0:1.42.9-19.el7 libkadm5.x86_64 0:1.15.1-55.el7_9 libprelude.x86_64 0:5.2.0-2.el7 libselinux-devel.x86_64 0:2.5-15.el7 libsepol-devel.x86_64 0:2.5-10.el7 libverto-devel.x86_64 0:0.2.5-4.el7 openssl-devel.x86_64 1:1.0.2k-26.el7_9 pcre-devel.x86_64 0:8.32-17.el7 zlib-devel.x86_64 0:1.2.7-21.el7_9
Dependency Updated: krb5-libs.x86_64 0:1.15.1-55.el7_9 openssl.x86_64 1:1.0.2k-26.el7_9 openssl-libs.x86_64 1:1.0.2k-26.el7_9 zlib.x86_64 0:1.2.7-21.el7_9
Complete! [root@server ~]# |
4. 설정을 수정합니다.
[root@server ~]# vi /etc/clamd.d/scan.conf |
96번 라인 #LocalSocket /run/clamd.scan/clamd.sock -> LocalSocket /run/clamd.scan/clamd.sock 주석제거
5. 서비스 등록
[root@server systemd]# systemctl enable clamd@scan Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@.service. [root@server systemd]# [root@server systemd]# systemctl start clamd@scan [root@server systemd]# systemctl status clamd@scan ● clamd@scan.service - clamd scanner (scan) daemon Loaded: loaded (/usr/lib/systemd/system/clamd@.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2024-05-27 22:37:32 KST; 32s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 23419 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS) Main PID: 23422 (clamd) CGroup: /system.slice/system-clamd.slice/clamd@scan.service └─23422 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
May 27 22:37:32 server clamd[23422]: Portable Executable support enabled. May 27 22:37:32 server clamd[23422]: ELF support enabled. May 27 22:37:32 server clamd[23422]: Mail files support enabled. May 27 22:37:32 server clamd[23422]: OLE2 support enabled. May 27 22:37:32 server clamd[23422]: PDF support enabled. May 27 22:37:32 server clamd[23422]: SWF support enabled. May 27 22:37:32 server clamd[23422]: HTML support enabled. May 27 22:37:32 server clamd[23422]: XMLDOCS support enabled. May 27 22:37:32 server clamd[23422]: HWP3 support enabled. May 27 22:37:32 server clamd[23422]: Self checking every 600 seconds. |
6. 엔진업데이트
[root@server~]# freshclam ClamAV update process started at Mon May 27 22:24:10 2024 daily database available for update (local version: 27075, remote version: 27288) Current database is 213 versions behind. Downloading database patch # 27076... WARNING: downloadFile: file not found: https://database.clamav.net/daily-27076.cdiff WARNING: downloadPatch: Can't download daily-27076.cdiff from https://database.clamav.net/daily-27076.cdiff Downloading database patch # 27076... WARNING: downloadFile: file not found: https://database.clamav.net/daily-27076.cdiff WARNING: downloadPatch: Can't download daily-27076.cdiff from https://database.clamav.net/daily-27076.cdiff Downloading database patch # 27076... WARNING: downloadFile: file not found: https://database.clamav.net/daily-27076.cdiff WARNING: downloadPatch: Can't download daily-27076.cdiff from https://database.clamav.net/daily-27076.cdiff WARNING: Incremental update failed, trying to download daily.cvd Time: 3.7s, ETA: 0.0s [========================>] 60.74MiB/60.74MiB Testing database: '/var/lib/clamav/tmp.7d82c9e63b/clamav-a81dacad27acf4a7a7a1686e9e7c629f.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 27288, sigs: 2061829, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for update (local version: 334, remote version: 335) Current database is 1 version behind. Downloading database patch # 335... Time: 0.1s, ETA: 0.0s [========================>] 836B/836B Testing database: '/var/lib/clamav/tmp.7d82c9e63b/clamav-867cd10d163f31f97aea58d4cc4f0ea0.tmp-bytecode.cld' ... Database test passed. bytecode.cld updated (version: 335, sigs: 86, f-level: 90, builder: raynman) [root@a-web1 ~]# clamd -V ClamAV 0.103.11/27288/Mon May 27 17:29:01 2024 [root@server ~]# |
#clamscan -r /