2015年6月10日水曜日

clamav

https://wiki.archlinux.org/index.php/ClamAV をみて

1) pacman -S clamav

2) freshclam

3)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd.sock: No such file or directory
がでたので
 
# touch /var/lib/clamav/clamd.sock
# chown clamav:clamav /var/lib/clamav/clamd.sock
 
4)もう一度 freshclam すると
 ClamAV update process started at Wed Jun 10 01:33:35 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd is up to date (version: 20557, sigs: 1423118, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 256, sigs: 45, f-level: 63, builder: dgoddard)

5)で
wget -O- http://www.eicar.org/download/eicar.com.txt | clamscan -
したら 
 
 
stdin: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3841799
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 40.088 sec (0 m 40 s)
なって clamscan の テストはOK。

 
6)# systemctl start clamd
Job for clamd.service failed. See "systemctl status clamd.service" and "journalctl -xe" for details.
といけない。



 
今 /etc/clamav/freshclam.conf は
DatabaseMirror database.clamav.net
NotifyClamd /etc/clamav/clamd.conf
 
また 今 /etc/clamav/clamd.conf は
LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /var/lib/clamav/clamd.sock
User clamav
 
 
しかし 再起動して
systemctl start clamd
がうまく動かない。
 


 

で clamd , clamdscan は 今はあきらめて
 
 
 
 
clamscan.bat (clamscanは遅いのですが)
 
 http://www.cloud-memo.com/2014/04/clamscan.html  をみて
 

#!/bin/sh
## Scan
clamscan -ri $1    > /var/log/clamav/scan.log
## Mail Send
cat /var/log/clamav/scan.log | mail -s "Scan Report" root@localhost
exit
 
 
 
 
 
 
 
http://www.kernel-panic.it/openbsd/mail/mail6.html
をみて
 
 
/etc/freshclam.conf
# Comment or remove the line below.
#Example
DatabaseDirectory /var/db/clamav
DatabaseOwner  _clamav
DNSDatabaseInfo  current.cvd.clamav.net
DatabaseMirror  db.it.clamav.net
DatabaseMirror  database.clamav.net
MaxAttempts  3
checks   24

/etc/clamd.conf
# Comment or remove the line below. 
#Example 
DatabaseDirectory  /var/db/clamav 
TCPAddr 127.0.0.1 
TCPSocket 3310 
User _clamav 
LogSyslog yes 
LogFacility LOG_MAIL

 
pacman -S cronie

crontab -eを
16 * * * * /usr/bin/freshclam >/dev/null 2>&1
とする。