ClamAV ( Clam AntiVirus )

는 리눅스에서 사용가능한 바이러스 검사 소프트웨어로 제일 강점은 무료입니다.

바이러스를 포함한  수많은 종류의 악성 코드 프로그램을 찾아낼 수 있도록 도와주는 리눅스 무료 소프트웨어입니다. 

 

 

1. Selinux 는 비활성화!

vi /etc/selinux/config
   SELINUX=disabled

 

2. 패키지 설치를 위해 yum 레파지토리 설치.

[root@server ~]# yum -y install epel-release
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.kaist.ac.kr
 * extras: ftp.kaist.ac.kr
 * updates: ftp.kaist.ac.kr
base                                                                                                                                
extras                                                                                                                              
updates                                                                                                                             
(1/4): extras/7/x86_64/primary_db                                                                                                   
(2/4): base/7/x86_64/group_gz                                                                                                       
(3/4): base/7/x86_64/primary_db                                                                                                     
(4/4): updates/7/x86_64/primary_db                                                                                                  
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================
 Package                                          Arch                                       Version                                
====================================================================================================================================
Installing:
 epel-release                                     noarch                                     7-11                                   

Transaction Summary
====================================================================================================================================
Install  1 Package

Total download size: 15 k
Installed size: 24 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/extras/packages/epel-release-7-11.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKE
Public key for epel-release-7-11.noarch.rpm is not installed
epel-release-7-11.noarch.rpm                                                                                                        
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-9.2009.0.el7.centos.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-11.noarch                                                                                             
  Verifying  : epel-release-7-11.noarch                                                                                             

Installed:
  epel-release.noarch 0:7-11                                                                                                        

Complete!

 

3. ClamAV 패키지 설치 해줍니다.

[root@server~]# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                                        | 9.6 kB  00:00:00     
 * base: mirror.kakao.com
 * epel: ftp.kaist.ac.kr
 * extras: mirror.kakao.com
 * updates: mirror.kakao.com
epel                                                                                                        | 4.3 kB  00:00:00     
(1/3): epel/x86_64/group                                                                                    | 399 kB  00:00:00     
(2/3): epel/x86_64/updateinfo                                                                               | 1.0 MB  00:00:00     
(3/3): epel/x86_64/primary_db                                                                               | 8.7 MB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.103.11-1.el7 will be installed
---> Package clamav-data.noarch 0:0.103.11-1.el7 will be installed
Dependencies Resolved

===================================================================================================================================
 Package                              Arch                    Version                               Repository                Size
===================================================================================================================================
Installing:
 clamav                               x86_64                  0.103.11-1.el7                        epel                     332 k
 clamav-data                          noarch                  0.103.11-1.el7                        epel                     222 M
 clamav-devel                         x86_64                  0.103.11-1.el7                        epel                      52 k
 clamav-filesystem                    noarch                  0.103.11-1.el7                        epel                      45 k
 clamav-lib                           x86_64                  0.103.11-1.el7                        epel                     833 k
 clamav-update                        x86_64                  0.103.11-1.el7                        epel                     128 k
 clamd                                x86_64                  0.103.11-1.el7                        epel                     122 k
--------- ------------------ ------------------ ---------중략 ------------------ ------------------ ------------------

Installed:
  clamav.x86_64 0:0.103.11-1.el7                clamav-data.noarch 0:0.103.11-1.el7     clamav-devel.x86_64 0:0.103.11-1.el7     
  clamav-filesystem.noarch 0:0.103.11-1.el7     clamav-lib.x86_64 0:0.103.11-1.el7      clamav-update.x86_64 0:0.103.11-1.el7    
  clamd.x86_64 0:0.103.11-1.el7                

Dependency Installed:
  keyutils-libs-devel.x86_64 0:1.5.8-3.el7     krb5-devel.x86_64 0:1.15.1-55.el7_9     libcom_err-devel.x86_64 0:1.42.9-19.el7    
  libkadm5.x86_64 0:1.15.1-55.el7_9            libprelude.x86_64 0:5.2.0-2.el7         libselinux-devel.x86_64 0:2.5-15.el7       
  libsepol-devel.x86_64 0:2.5-10.el7           libverto-devel.x86_64 0:0.2.5-4.el7     openssl-devel.x86_64 1:1.0.2k-26.el7_9     
  pcre-devel.x86_64 0:8.32-17.el7              zlib-devel.x86_64 0:1.2.7-21.el7_9     

Dependency Updated:
  krb5-libs.x86_64 0:1.15.1-55.el7_9         openssl.x86_64 1:1.0.2k-26.el7_9         openssl-libs.x86_64 1:1.0.2k-26.el7_9        
  zlib.x86_64 0:1.2.7-21.el7_9              

Complete!
[root@server ~]# 

 

 

 

4. 설정을 수정합니다.

[root@server ~]# vi /etc/clamd.d/scan.conf

 

96번 라인 #LocalSocket /run/clamd.scan/clamd.sock -> LocalSocket /run/clamd.scan/clamd.sock  주석제거

 

 

5. 서비스 등록

[root@server systemd]# systemctl enable clamd@scan
Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@.service.
[root@server  systemd]# 
[root@server  systemd]# systemctl start clamd@scan
[root@server  systemd]# systemctl status clamd@scan
● clamd@scan.service - clamd scanner (scan) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2024-05-27 22:37:32 KST; 32s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
  Process: 23419 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS)
 Main PID: 23422 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─23422 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

May 27 22:37:32 server  clamd[23422]: Portable Executable support enabled.
May 27 22:37:32 server  clamd[23422]: ELF support enabled.
May 27 22:37:32 server  clamd[23422]: Mail files support enabled.
May 27 22:37:32 server  clamd[23422]: OLE2 support enabled.
May 27 22:37:32 server  clamd[23422]: PDF support enabled.
May 27 22:37:32 server  clamd[23422]: SWF support enabled.
May 27 22:37:32 server  clamd[23422]: HTML support enabled.
May 27 22:37:32 server  clamd[23422]: XMLDOCS support enabled.
May 27 22:37:32 server   clamd[23422]: HWP3 support enabled.
May 27 22:37:32 server  clamd[23422]: Self checking every 600 seconds.

 

 

6. 엔진업데이트

[root@server~]# freshclam
ClamAV update process started at Mon May 27 22:24:10 2024
daily database available for update (local version: 27075, remote version: 27288)
Current database is 213 versions behind.
Downloading database patch # 27076...
WARNING: downloadFile: file not found: https://database.clamav.net/daily-27076.cdiff
WARNING: downloadPatch: Can't download daily-27076.cdiff from https://database.clamav.net/daily-27076.cdiff
Downloading database patch # 27076...
WARNING: downloadFile: file not found: https://database.clamav.net/daily-27076.cdiff
WARNING: downloadPatch: Can't download daily-27076.cdiff from https://database.clamav.net/daily-27076.cdiff
Downloading database patch # 27076...
WARNING: downloadFile: file not found: https://database.clamav.net/daily-27076.cdiff
WARNING: downloadPatch: Can't download daily-27076.cdiff from https://database.clamav.net/daily-27076.cdiff
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.7s, ETA:    0.0s [========================>]   60.74MiB/60.74MiB
Testing database: '/var/lib/clamav/tmp.7d82c9e63b/clamav-a81dacad27acf4a7a7a1686e9e7c629f.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 27288, sigs: 2061829, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for update (local version: 334, remote version: 335)
Current database is 1 version behind.
Downloading database patch # 335...
Time:    0.1s, ETA:    0.0s [========================>]       836B/836B
Testing database: '/var/lib/clamav/tmp.7d82c9e63b/clamav-867cd10d163f31f97aea58d4cc4f0ea0.tmp-bytecode.cld' ...
Database test passed.
bytecode.cld updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
[root@a-web1 ~]# clamd -V
ClamAV 0.103.11/27288/Mon May 27 17:29:01 2024
[root@server ~]# 

 

 

 

 

 

#clamscan -r /      

+ Recent posts