====== Сервис Clamav ======
* [[http://www.eicar.org/85-0-Download.html|Тестовый вирус]]
===== Установка =====
!!! Требуется не меньше 1024Mb RAM !!!
==== Debian/Ubuntu ====
root@gate:~# apt install clamav-daemon
==== CentOS7 ====
* [[http://linux-audit.com/install-clamav-on-centos-7-using-freshclam/|Install and Configure ClamAV on CentOS 7]]
===== Настройка =====
==== Debian/Ubuntu ====
root@gate:~# less /etc/clamav/clamd.conf
===== Запуск =====
==== Debian/Ubuntu ====
root@gate:~# service clamav-freshclam stop
root@gate:~# rm /var/lib/clamav/freshclam.dat
root@gate:~# cat /etc/clamav/freshclam.conf
...
HTTPProxyServer gate.isp.un
HTTPProxyPort 3128
root@gate:~# service clamav-freshclam start
ИЛИ
https://packages.microsoft.com/clamav/
ИЛИ
root@gate:~# wget -O /var/lib/clamav/main.cld https://val.bmstu.ru/unix/clamav/main.cld
root@gate:~# wget -O /var/lib/clamav/daily.cld https://val.bmstu.ru/unix/clamav/daily.cld
root@gate:~# ls /var/lib/clamav/
root@gate:~# service clamav-daemon start
root@gate:~# ls -l /var/run/clamav/clamd.ctl
===== Использование =====
==== Командная строка ====
$ cd /tmp
$ wget http://gate.isp.un/unix/virus.zip
$ clamdscan virus.zip
==== API ядра FANOTIFY ====
* !!! Проверяет только в момент чтения, НЕ записи!
* [[https://www.clamav.net/documents/on-access-scanning|On-Access Scanning]]
* [[https://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html|Configuring On-Access Scanning in ClamAV]]
* [[Модуль AppArmor]]
$ cat /boot/config-`uname -r` | grep FANOTIFY
# cat /etc/clamav/clamd.conf
...
OnAccessIncludePath /disk2
OnAccessPrevention yes
OnAccessExcludeUname clamav
# clamonacc
===== Журнал =====
# tail -f /var/log/clamav/clamav.log