 |
|
|
| ◆ | ウィルスメールの検知・駆除 |
| Clamay AntiVirus と言うLinux用のフリーソフトを使ってウィルスメールを検知・駆除をします。 | |
| ◆ | Clam AntiVirusのインストール |
|
インストールする Clam AntiVirus 及び関連ソフトは 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# yum install clamav clamav-update clamav-server ← 入力 Loading "downloadonly" plugin fedora 100% |=========================| 2.1 kB 00:00 updates 100% |=========================| 2.3 kB 00:00 primary.sqlite.bz2 100% |=========================| 2.1 MB 00:13 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package clamav.i386 0:0.92.1-2.fc8 set to be updated --> Processing Dependency: clamav-lib = 0.92.1-2.fc8 for package: clamav --> Processing Dependency: data(clamav) for package: clamav --> Processing Dependency: libclamav.so.3 for package: clamav ---> Package clamav-update.i386 0:0.92.1-2.fc8 set to be updated --> Processing Dependency: clamav-filesystem = 0.92.1-2.fc8 for package: clamav-update --> Processing Dependency: group(clamav) for package: clamav-update ---> Package clamav-server.i386 0:0.92.1-2.fc8 set to be updated --> Processing Dependency: init(clamav-server) for package: clamav-server --> Running transaction check ---> Package clamav-server-sysv.i386 0:0.92.1-2.fc8 set to be updated ---> Package clamav-data.i386 0:0.92.1-2.fc8 set to be updated ---> Package clamav-lib.i386 0:0.92.1-2.fc8 set to be updated ---> Package clamav-filesystem.i386 0:0.92.1-2.fc8 set to be updated --> Processing Dependency: fedora-usermgmt for package: clamav-filesystem --> Running transaction check ---> Package fedora-usermgmt.noarch 0:0.10-1.fc8 set to be updated --> Processing Dependency: instance(fedora-usermgmt) for package: fedora-usermgmt --> Processing Dependency: fedora-usermgmt-core = 0.10-1.fc8 for package: fedora-usermgmt --> Processing Dependency: setup(fedora-usermgmt) for package: fedora-usermgmt --> Running transaction check ---> Package fedora-usermgmt-default-fedora-setup.noarch 0:0.10-1.fc8 set to be updated ---> Package fedora-usermgmt-core.noarch 0:0.10-1.fc8 set to be updated ---> Package fedora-usermgmt-shadow-utils.noarch 0:0.10-1.fc8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: clamav i386 0.92.1-2.fc8 updates 635 k clamav-update i386 0.92.1-2.fc8 updates 65 k Installing for dependencies: clamav-data i386 0.92.1-2.fc8 updates 12 M clamav-filesystem i386 0.92.1-2.fc8 updates 18 k clamav-lib i386 0.92.1-2.fc8 updates 288 k clamav-server i386 0.92.1-2.fc8 updates 60 k clamav-server-sysv i386 0.92.1-2.fc8 updates 18 k fedora-usermgmt noarch 0.10-1.fc8 fedora 7.0 k fedora-usermgmt-core noarch 0.10-1.fc8 fedora 8.2 k fedora-usermgmt-default-fedora-setup noarch 0.10-1.fc8 fedora 6.9 k fedora-usermgmt-shadow-utils noarch 0.10-1.fc8 fedora 7.8 k Transaction Summary ============================================================================= Install 11 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 13 M Is this ok [y/N]: y ← 入力 Downloading Packages: (1/11): fedora-usermgmt-s 100% |=========================| 7.8 kB 00:00 (2/11): clamav-0.92.1-2.f 100% |=========================| 635 kB 00:03 (3/11): clamav-filesystem 100% |=========================| 18 kB 00:00 (4/11): clamav-lib-0.92.1 100% |=========================| 288 kB 00:04 (5/11): clamav-data-0.92. 100% |=========================| 12 MB 00:48 (6/11): clamav-server-0.9 100% |=========================| 60 kB 00:01 (7/11): fedora-usermgmt-c 100% |=========================| 8.2 kB 00:00 (8/11): fedora-usermgmt-d 100% |=========================| 6.9 kB 00:00 (9/11): fedora-usermgmt-0 100% |=========================| 7.0 kB 00:00 (10/11): clamav-update-0. 100% |=========================| 65 kB 00:01 (11/11): clamav-server-sy 100% |=========================| 18 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: fedora-usermgmt-default-fedo ####################### [ 1/11] Installing: clamav-server-sysv ####################### [ 2/11] Installing: fedora-usermgmt-core ####################### [ 3/11] Installing: fedora-usermgmt-shadow-utils ####################### [ 4/11] Installing: fedora-usermgmt ####################### [ 5/11] Installing: clamav-filesystem ####################### [ 6/11] Installing: clamav-data ####################### [ 7/11] Installing: clamav-lib ####################### [ 8/11] Installing: clamav-update ####################### [ 9/11] Installing: clamav-server ####################### [10/11] Installing: clamav ####################### [11/11] Installed: clamav.i386 0:0.92.1-2.fc8 clamav-update.i386 0:0.92.1-2.fc8 Dependency Installed: clamav-data.i386 0:0.92.1-2.fc8 clamav-filesystem.i386 0:0.92.1-2.fc8 clamav- lib.i386 0:0.92.1-2.fc8 clamav-server.i386 0:0.92.1-2.fc8 clamav-server-sysv.i386 0:0.92.1-2.fc8 fedora- usermgmt.noarch 0:0.10-1.fc8 fedora-usermgmt-core.noarch 0:0.10-1.fc8 fedora-usermgmt-default-fedora- setup.noarch 0:0.10-1.fc8 fedora-usermgmt-shadow-utils.noarch 0:0.10-1.fc8sermgmt-default-fedora- setup.noarch 0:0.9-2.fc7 fedora-usermgmt-shadow-utils.noarch 0:0.9-2.fc7 Complete! ← Complete! と表示されればインストール完了 |
|
| ◆ | ウィルス定義ファイルの最新化 |
|
/etc/freshclam.conf を設定します。 下記のように設定します。下記のように緑色の部分を黄色に変更(書き換え・削除)して下さい。赤文字は説明です。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/freshclam.conf ← 入力 ## ## Example config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## This file may be optionally merged with clamd.conf. ## # Comment or remove the line below. Example ↓ #Example ← コメント化 # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) #DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled UpdateLogFile /var/log/freshclam.log # Enable verbose logging. # Default: disabled #LogVerbose # Use system logger (can work together with UpdateLogFile). # Default: disabled #LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # This option allows you to save the process identifier of the daemon # Default: disabled #PidFile /var/run/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) #DatabaseOwner clamav # Initialize supplementary group access (freshclam must be started by root). # Default: disabled #AllowSupplementaryGroups # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. With this directive you can change # the database verification domain. # Default: enabled, pointing to current.cvd.clamav.net #DNSDatabaseInfo current.cvd.clamav.net # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. # Default: There is no default, which results in an error when running freshclam #DatabaseMirror db.XY.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror database.clamav.net # How many attempts to make before giving up. # Default: 3 (per mirror) #MaxAttempts 5 # Number of database checks per day. # Default: 12 (every two hours) #Checks 24 # Proxy settings # Default: disabled #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for # multi-homed systems. # Default: Use OS'es default outgoing IP address. #LocalIPAddress aaa.bbb.ccc.ddd # Send the RELOAD command to clamd. # Default: disabled #NotifyClamd # By default it uses the hardcoded configuration file but you can force an # another one. #NotifyClamd /config/file/path # Run command after successful database update. # Default: disabled #OnUpdateExecute command # Run command when database update process fails. # Default: disabled #OnErrorExecute command # Run command when freshclam reports outdated version. # In the command string %v will be replaced by the new version number. # Default: disabled #OnOutdatedExecute command # Don't fork into background. # Default: disabled #Foreground # Enable debug messages in libclamav. # Default: disabled #Debug # Timeout in seconds when connecting to the database server. # Default: 30 #ConnectTimeout 60 # Timeout in seconds when reading from the database server. # Default: 30 #ReceiveTimeout 60 |
|
| ウィルス定義ファイルの最新化をします。下記のように入力して下さい。 | |
|
[root@linux]# freshclam ← 入力 ClamAV update process started at Mon May 5 23:03:54 2008 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.92.1 Recommended version: 0.93 DON'T PANIC! Read http://www.clamav.net/support/faq WARNING: Removing corrupted incremental directory main.inc WARNING: Removing obsolete main.cvd Downloading main.cvd [100%] main.cvd updated (version: 46, sigs: 231834, f-level: 26, builder: sven) WARNING: Removing corrupted incremental directory daily.inc WARNING: Removing obsolete daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 7032, sigs: 46847, f-level: 26, builder: ccordes) Database updated (278681 signatures) from database.clamav.net (IP: 218.44.253.75) |
|
| ◆ | ウィルススキャンの 実行 |
|
確認のためウィルススキャンを実行してみます。 下記のように入力して下さい。 |
|
|
[root@linux]# clamscan --infected --remove --recursive ← 入力 ----------- SCAN SUMMARY ----------- Known viruses: 277931 Engine version: 0.92.1 Scanned directories: 93 Scanned files: 154 Infected files: 0 ← ここが 0 だとウィルスは無し Data scanned: 18.54 MB Time: 29.390 sec (0 m 29 s) |
|
| ウィルスが無いことを確認する。続いて
テスト用のウィルスをダウンロードして再度ウィルスの検出・削除が出来るか確認します。 まずテスト用のウィルスをダウンロードします。 |
|
|
[root@linux]# wget http://www.eicar.org/download/eicar.com.txt ← 入力(テスト用ウィルス=1) --13:36:55-- http://www.eicar.org/download/eicar.com.txt => `eicar.com.txt' www.eicar.org をDNSに問いあわせています... 88.198.38.136 www.eicar.org|88.198.38.136|:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 68 [text/plain] 100%[====================================================>] 68 --.--K/s 13:36:56 (1.21 MB/s) - `eicar.com.txt' を保存しました [68/68] [root@linux]# wget http://www.eicar.org/download/eicar.com.txt ← 入力(テスト用ウィルス=2) --13:37:25-- http://www.eicar.org/download/eicar.com.txt => `eicar.com.txt.1' www.eicar.org をDNSに問いあわせています... 88.198.38.136 www.eicar.org|88.198.38.136|:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 68 [text/plain] 100%[====================================================>] 68 --.--K/s 13:37:25 (1.19 MB/s) - `eicar.com.txt.1' を保存しました [68/68] |
|
| 再度ウィルススキャンを実行。 | |
|
[root@linux]# clamscan --infected --remove --recursive ← 入力 /root/eicar.com.txt.1: Eicar-Test-Signature FOUND /root/eicar.com.txt.1: Removed /root/eicar.com.txt: Eicar-Test-Signature FOUND /root/eicar.com.txt: Removed ----------- SCAN SUMMARY ----------- Known viruses: 277931 Engine version: 0.92.1 Scanned directories: 93 Scanned files: 156 Infected files: 2 ← 2個のウィルスを検出して駆除したことを表す Data scanned: 18.54 MB Time: 26.185 sec (0 m 26 s) |
|
| これでウィルスを検出して削除できることが確認されました。 | |
| ◆ | ウィルススキャンの自動実行 |
|
ウィルススキャンの自動実行を行うファイルを設定します。 下記のように入力してファイルを作成します。 |
|
|
[root@linux]# crontab -e ← 入力 00 04 * * * /usr/bin/clamscan --infected --remove --recursive > /var/log/clamav.log 2>&1 |
|
| これで毎日午前4時にウィルススキャンを実行するようになります。 | |
| ◆ | ウィルスデータベースチェックの回数変更 |
|
デフォルトの状態では2時間毎(1日12回)にウィルスデータベースが更新されているかのチェックを行い、更新されていない場合はデータベースの更新を促すメールが
root 宛に届きます。 ウィルスデータベースのチェックを毎日1回に変更してこのメールが極力来ないように設定を変更します。 設定ファイル /etc/freshclam.conf を設定します。 下記のように設定します。下記のように緑色の部分を黄色に変更(書き換え・削除)して下さい。赤文字は説明です。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/freshclam.conf ← 入力 ## ## Example config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## This file may be optionally merged with clamd.conf. ## # Comment or remove the line below. #Example # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) #DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled UpdateLogFile /var/log/freshclam.log # Enable verbose logging. # Default: disabled #LogVerbose # Use system logger (can work together with UpdateLogFile). # Default: disabled #LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # This option allows you to save the process identifier of the daemon # Default: disabled #PidFile /var/run/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) #DatabaseOwner clamav # Initialize supplementary group access (freshclam must be started by root). # Default: disabled #AllowSupplementaryGroups # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. With this directive you can change # the database verification domain. # Default: enabled, pointing to current.cvd.clamav.net #DNSDatabaseInfo current.cvd.clamav.net # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. # Default: There is no default, which results in an error when running freshclam #DatabaseMirror db.XY.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror database.clamav.net # How many attempts to make before giving up. # Default: 3 (per mirror) #MaxAttempts 5 # Number of database checks per day. # Default: 12 (every two hours) #Checks 24 ↓ Checks 1 ← コメントを解除して1日に1回に変更 # Proxy settings # Default: disabled #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for # multi-homed systems. # Default: Use OS'es default outgoing IP address. #LocalIPAddress aaa.bbb.ccc.ddd # Send the RELOAD command to clamd. # Default: disabled #NotifyClamd # By default it uses the hardcoded configuration file but you can force an # another one. #NotifyClamd /config/file/path # Run command after successful database update. # Default: disabled #OnUpdateExecute command # Run command when database update process fails. # Default: disabled #OnErrorExecute command # Run command when freshclam reports outdated version. # In the command string %v will be replaced by the new version number. # Default: disabled #OnOutdatedExecute command # Don't fork into background. # Default: disabled #Foreground # Enable debug messages in libclamav. # Default: disabled #Debug # Timeout in seconds when connecting to the database server. # Default: 30 #ConnectTimeout 60 # Timeout in seconds when reading from the database server. # Default: 30 #ReceiveTimeout 60 |
|
| ◆ | ウィルスデータベースの更新 |
|
デフォルトの状態ではウィルスデータベースの更新が無効になっています。 そこで、ウィルスデータベースの更新を有効にします。 下記のように設定します。下記のように緑色の部分を黄色に変更(書き換え・削除)して下さい。赤文字は説明です。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/sysconfig/freshclam ← 入力 ## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation FRESHCLAM_DELAY=disabled-warn # REMOVE ME ↓ #FRESHCLAM_DELAY=disabled-warn # REMOVE ME ← コメント化 |
|
| 続いて更新回数の設定です。 デフォルトの状態では3時間毎(1日8回)にウィルスデータベースが更新を実行するように設定されています。 変更する場合は、下記のように設定します。下記のように緑色の部分を黄色に変更(書き換え・削除)して下さい。赤文字は説明です。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/cron.d/clamav-update ← 入力 ## Adjust this line... MAILTO=root,postmaster,webmaster,clamav ## It is ok to execute it as root; freshclam drops privileges and becomes ## user 'clamav' as soon as possible 0 */3 * * * root /usr/share/clamav/freshclam-sleep ↓ 0 */6 * * * root /usr/share/clamav/freshclam-sleep ← 6時間毎に変更(この時間は任意です) |
|