Ngô Thắng IT Chia sẻ và Đào tạo kỹ năng phần mềm
ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. This article will guide you through the installation of ClamAV on CentOS. Once installed, we will also configure a daily scan on our CentOS server.
A. Install ClamAV
1. Install EPEL repo
Before we can do proceed, you must ensure that you have the EPEL yum repository enabled.
The EPEL repo is enabled by simply installing an RPM. Please use the command below to install the EPEL repository on your CentOS server.
CentOS 6 – 32-bit
|
1 |
rpm -Uvh http://mirror.overthewire.com.au/pub/epel/6/i386/epel-release-6-8.noarch.rpm |
CentOS 6 – 64-bit
|
1 |
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm |
CentOS 5 – 32-bit
|
1 |
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm |
CentOS 5 – 64-bit
|
1 |
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm |
|
1 |
/etc/yum.repos.d/epel.repo |
2. Install required packages
|
1 |
yum install clamav clamd |
3. Start the clamd service and set it to auto-start
|
1 2 |
chkconfig clamd on service clamd start |
4. Update ClamAV’s signatures
|
1 |
/usr/bin/freshclam |
or
|
1 |
/usr/local/bin/freshclam |
Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.
B. Configure Daily Scan
In this example, we will configure a cronjob to scan the /home/ directory every day:
1. Create cron file:
|
1 |
vim /etc/cron.daily/manual_clamscan |
Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:
|
1 2 3 4 5 |
#!/bin/bash SCAN_DIR="/home" LOG_FILE="/var/log/clamav/manual_clamscan.log" /usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE |
Or following if you want to send mail:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
#!/bin/bash # Declaring path script. Ví dụ /home/clamav_manualscan PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/clamav_manualscan # Email alert cron job script for ClamAV # Original, unmodified script by: Deven Hillard #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html) # Modified to show infected and/or removed files # Directories to scan SCAN_DIR="/home /tmp /var" # Location of log file LOG_FILE="/var/log/clamav/manual_clamscan.log" # Uncomment to have scan remove files #AGGRESSIVE=1 # Uncomment to have scan not remove files AGGRESSIVE=0 # Email Subject SUBJECT="Infections detected on `hostname`" # Email To EMAIL="[email protected] [email protected]" # Email From EMAIL_FROM="clamav@IPAddress" check_scan () { # If there were infected files detected, send email alert if [ `tail -n 12 ${LOG_FILE} | grep Infected | grep -v 0 | wc -l` != 0 ] then # Count number of infections SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files') INFECTIONS=${SCAN_RESULTS##* } EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: ${EMAIL_FROM}" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} if [ $AGGRESSIVE = 1 ] then echo -e "n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE} else echo -e "n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE} fi sendmail -t < ${EMAILMESSAGE} fi } if [ $AGGRESSIVE = 1 ] then /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE else /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE fi check_scan |
Note: clamscan exists in /usr/bin/clamscan or /usr/local/bin/clamscan
1. Give our cron script executable permissions:
|
1 |
chmod +x /etc/cron.daily/manual_clamscan |
You can even run the above script to ensure that it works correctly.
And you’re done! That should be the minimum required to 1. install ClamAV and 2. Perform a daily scan of a specific directory.
