ClamAV on Amazon Linux のバックアップ(No.3)

バックアップ一覧
差分を表示
現在との差分を表示
ソースを表示
ClamAV on Amazon Linux へ行く。
- 1 (2014-11-14 11:46:33 (金))
- 2 (2014-11-14 12:25:03 (金))
- 3 (2017-11-12 22:08:31 (日))

†

sudo yum update -y

↑

†

date
sudo cp -f /usr/share/zoneinfo/Japan /etc/localtime
sudo service crond restart

↑

†

sudo yum install clamav clamav-scanner-sysvinit clamav-update -y

↑

†

/etc/freshclam.conf
```
sudo vi /etc/freshclam.conf	
```

```
# Example            
```

DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
DatabaseOwner clamupdate

sed -i -e "s/Example/#Example/" freshclam.conf
sed -i -e "s:#DatabaseDirectory /var/lib/clamav:DatabaseDirectory /var/lib/clamav:" freshclam.conf
sed -i -e "s:#UpdateLogFile /var/log/freshclam.log:UpdateLogFile /var/log/freshclam.log:" freshclam.conf
sed -i -e "s/#DatabaseOwner clamupdate/DatabaseOwner clamupdate/" freshclam.conf

↑

†

sudo freshclam

↑

†

etc/clamd.d/scan.conf
```
sudo vi /etc/clamd.d/scan.conf
```

```
# Example
```

LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1

sed -i -e "s/Example/#Example/" /etc/clamd.d/scan.conf
sed -i -e "s:#LocalSocket /var/run/clamd.scan/clamd.sock:LocalSocket /var/run/clamd.scan/clamd.sock:" /etc/clamd.d/scan.conf
sed -i -e "s/#FixStaleSocket yes/FixStaleSocket yes/" /etc/clamd.d/scan.conf
sed -i -e "s/#TCPSocket 3310/TCPSocket 3310/" /etc/clamd.d/scan.conf
sed -i -e "s/#TCPAddr 127.0.0.1/TCPAddr 127.0.0.1/" /etc/clamd.d/scan.conf

↑

†

sudo service clamd.scan start

↑

†

sudo chkconfig clamd.scan on
chkconfig

↑

†

sudo ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

↑

†

/usr/bin/clamdscan .
or
/usr/bin/clamscan -r .

↑

†

/usr/bin/freshclam

↑

†

```
mkdir -p /opt/scripts/clamav
```

/opt/scripts/clamav/virusscan.sh

#!/bin/bash
PATH=/usr/bin:/bin 


logger "[Info] ClamAV Scan Start" 

fromAddr="<Mail address>"
toAddr="<Mail address>"
subjString="[AWS] Virus Found in `hostname`"


# clamd update
yum -y --enablerepo=rpmforge update clamd > /dev/null 2>&1
freshclam > /dev/null 2>&1

# excludeopt setup
excludelist=/opt/scripts/clamav/clamscan.exclude
if [ -s $excludelist ]; then
    for i in `cat $excludelist`
    do
        if [ $(echo "$i"|grep \/$) ]; then
            i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
            excludeopt="${excludeopt} --exclude-dir=^$i"
        else
            excludeopt="${excludeopt} --exclude=^$i"
        fi
    done
fi 

# virus scan
CLAMSCANTMP=`mktemp`
clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
bodyString="`grep FOUND$ $CLAMSCANTMP`"
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \

# report mail send
echo -e "From: ${fromAddr}\nTo: ${toAddr}\nSubject:${subjString}\n\n${bodyString}" | /usr/sbin/sendmail -t ${toAddr} -f <Mail address>


grep FOUND$ $CLAMSCANTMP | logger 

rm -f $CLAMSCANTMP


logger "[Info] ClamAV Scan Finish"

sudo chmod 755 /opt/scripts/clamav/virusscan.sh

sudo echo "/proc/" >> /opt/scripts/clamav/clamscan.exclude
sudo echo "/sys/" >> /opt/scripts/clamav/clamscan.exclude

cron

cd /etc/cron.daily
sudo ln -s /opt/scripts/clamav/virusscan.sh

↑

†

wget http://www.eicar.org/download/eicar.com.txt
wget http://www.eicar.org/download/eicar_com.zip
wget http://www.eicar.org/download/eicarcom2.zip