====== Сервис Clamav ======

  * [[http://www.eicar.org/85-0-Download.html|Тестовый вирус]]
===== Установка =====

  !!! Требуется не меньше 1024Mb RAM !!! 

==== Debian/Ubuntu ====
<code>
root@gate:~# apt install clamav-daemon
</code>

==== CentOS7 ====

  * [[http://linux-audit.com/install-clamav-on-centos-7-using-freshclam/|Install and Configure ClamAV on CentOS 7]]

===== Настройка =====

==== Debian/Ubuntu ====
<code>
root@gate:~# less /etc/clamav/clamd.conf
</code>

===== Запуск =====

==== Debian/Ubuntu ====

<code>
root@gate:~# service clamav-freshclam stop
</code><code>
root@gate:~# rm /var/lib/clamav/freshclam.dat

root@gate:~# cat /etc/clamav/freshclam.conf
</code><code>
...
HTTPProxyServer gate.isp.un
HTTPProxyPort 3128
</code><code>
root@gate:~# service clamav-freshclam start
</code>

ИЛИ

https://packages.microsoft.com/clamav/

ИЛИ

<code>
root@gate:~# wget -O /var/lib/clamav/main.cld https://val.bmstu.ru/unix/clamav/main.cld
root@gate:~# wget -O /var/lib/clamav/daily.cld https://val.bmstu.ru/unix/clamav/daily.cld
</code><code>
root@gate:~# ls /var/lib/clamav/

root@gate:~# service clamav-daemon start

root@gate:~# ls -l /var/run/clamav/clamd.ctl
</code>

===== Использование =====

==== Командная строка ====
<code>
$ cd /tmp

$ wget http://gate.isp.un/unix/virus.zip

$ clamdscan virus.zip
</code>

==== API ядра FANOTIFY ====

  * !!! Проверяет только в момент чтения, НЕ записи!
  * [[https://www.clamav.net/documents/on-access-scanning|On-Access Scanning]]
  * [[https://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html|Configuring On-Access Scanning in ClamAV]]
  * [[Модуль AppArmor]]

<code>
$ cat /boot/config-`uname -r` | grep FANOTIFY

# cat /etc/clamav/clamd.conf
</code><code>
...
OnAccessIncludePath /disk2
OnAccessPrevention yes
OnAccessExcludeUname clamav
</code><code>
# clamonacc
</code>
===== Журнал =====
<code>
# tail -f /var/log/clamav/clamav.log
</code>