马不停蹄
[原]IBM x366上安装红旗DC Server 4.1 for x86_新版
Nov
17
四、部署clamav
1、获取软件
官方网站:Clamav Project
最新版本:0.88.6
我已经在红旗DC 5.0上编译好,可以直接使用:
本地下载:
下载文件 2、安装
# rpm -ivh clama* --nodeps
包括一个clamd服务,以及一些执行文件。
3、配置
配置文件在:/etc/clamd.conf,需要修改几个地方:
a)把
引用
TCPSocket 3310
修改为
引用
#TCPSocket 3310
为安全,不让其监听端口,而改为socks监听。
b)把
引用
#LocalSocket /var/run/clamav/clamd.sock
修改为
引用
LocalSocket /var/run/clamav/clamd.sock
4、启动
# service clamd start
更新病毒库:
# freshclam -v
默认在/etc/cron.daily/freshclam中会进行定时病毒库更新。
五、配置Samba
前面一切正常的话,最后一步就是修改Samba配置,让其自动激活病毒扫描。
修改/etc/samba/smb.conf,例如:
引用
[myshare]
comment = Share File Fold
path = /share
public = no
writable = yes
printable = no
create mask = 0765
vfs object = vscan-clamav audit recycle
vscan-clamav: config-file = /etc/samba/vscan/vscan-clamav.conf
comment = Share File Fold
path = /share
public = no
writable = yes
printable = no
create mask = 0765
vfs object = vscan-clamav audit recycle
vscan-clamav: config-file = /etc/samba/vscan/vscan-clamav.conf
其中audit是把所有文件访问记录都写入syslog,方便调试;recycle是激活Samba的“回收站”功能,可不要;而vscan-clamav等就是激活病毒防火墙功能。
若要对所有共享文件夹都设置病毒防火墙过滤,则把上面两行放到[global]即可。
六、测试
1、启动
# service portmap start
# service smb start
# service smb start
2、监控日志
起初服务启动的时候,日志不会有太多显示。但建立samba链接后,可看到:
引用
Nov 17 04:00:06 ora01 smbd_vscan-clamav[5040]: samba-vscan (vscan-clamav 0.3.5) registered (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Nov 17 04:00:06 ora01 smbd_vscan-clamav[5040]: samba-vscan (vscan-clamav 0.3.5) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Nov 17 04:00:06 ora01 smbd_vscan-clamav[5040]: INFO: connect to service myshare by user test
Nov 17 04:00:06 ora01 smbd_audit[5040]: connect to service myshare by user test
Nov 17 04:00:06 ora01 smbd_vscan-clamav[5040]: samba-vscan (vscan-clamav 0.3.5) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Nov 17 04:00:06 ora01 smbd_vscan-clamav[5040]: INFO: connect to service myshare by user test
Nov 17 04:00:06 ora01 smbd_audit[5040]: connect to service myshare by user test
可以看到,samba-vscan-clamav已经激活。
3、测试
clamav软件包中,自带有一些病毒测试文件,路径在:/usr/share/doc/clamav-0.88.6/test/
可以先通过ftp等方式拷贝到windows下,然后用网上邻居拷贝到myshare目录,即可发现:
引用
Nov 17 04:04:05 ora01 smbd_audit[5040]: ALERT - Scan result: '/share/clam.exe' infected with virus 'ClamAV-Test-File', client: '192.168.228.244'
Nov 17 04:04:05 ora01 clamd[4672]: /share/clam.exe: ClamAV-Test-File FOUND
Nov 17 04:04:05 ora01 smbd_audit[5040]: rename /share/clam.exe -> /tmp/vir-IoB6Fl
Nov 17 04:04:05 ora01 smbd_audit[5040]: INFO: quarantining file '/share/clam.exe' to '/tmp/vir-IoB6Fl' was successful
Nov 17 04:04:05 ora01 smbd_audit[5040]: ALERT - Scan result: '/share/clam.exe.bz2' infected with virus 'ClamAV-Test-File', client: '192.168.228.244'
Nov 17 04:04:05 ora01 clamd[4672]: /share/clam.exe.bz2: ClamAV-Test-File FOUND
Nov 17 04:04:05 ora01 smbd_audit[5040]: rename /share/clam.exe.bz2 -> /tmp/vir-uqEXOU
Nov 17 04:04:05 ora01 smbd_audit[5040]: INFO: quarantining file '/share/clam.exe.bz2' to '/tmp/vir-uqEXOU' was successful
Nov 17 04:04:05 ora01 clamd[4672]: /share/clam.exe: ClamAV-Test-File FOUND
Nov 17 04:04:05 ora01 smbd_audit[5040]: rename /share/clam.exe -> /tmp/vir-IoB6Fl
Nov 17 04:04:05 ora01 smbd_audit[5040]: INFO: quarantining file '/share/clam.exe' to '/tmp/vir-IoB6Fl' was successful
Nov 17 04:04:05 ora01 smbd_audit[5040]: ALERT - Scan result: '/share/clam.exe.bz2' infected with virus 'ClamAV-Test-File', client: '192.168.228.244'
Nov 17 04:04:05 ora01 clamd[4672]: /share/clam.exe.bz2: ClamAV-Test-File FOUND
Nov 17 04:04:05 ora01 smbd_audit[5040]: rename /share/clam.exe.bz2 -> /tmp/vir-uqEXOU
Nov 17 04:04:05 ora01 smbd_audit[5040]: INFO: quarantining file '/share/clam.exe.bz2' to '/tmp/vir-uqEXOU' was successful
其他没有病毒的文件会保留在myshare目录中。
※注意,clamav由于协议问题,只能支持rar 2.0版本,不支持rar 3.0,而且默认是关闭的。需要打开的话,请修改/etc/clamd.conf文件,否则rar文件是不会扫描的。
至此,Samba用病毒防火墙已经部署完毕。clamav也可支持sendmail等MTA过滤,请参考官方Readme文件。有空我再写吧。
※附录
上述相关软件已经放入yum中,可参考[原]使用yum更新红旗Linux直接下载。
内文分页: [1] [2]
