{"id":4538,"date":"2018-09-03T11:58:28","date_gmt":"2018-09-03T14:58:28","guid":{"rendered":"https:\/\/blog.clusterweb.com.br\/?p=4538"},"modified":"2018-09-03T11:58:28","modified_gmt":"2018-09-03T14:58:28","slug":"clamav-no-linux","status":"publish","type":"post","link":"https:\/\/blog.clusterweb.com.br\/?p=4538","title":{"rendered":"ClamAV – no Linux"},"content":{"rendered":"

3.6.1 ClamAV<\/h1>\n
<\/div>\n

Objectivo<\/h2>\n
\n

Instala\u00e7\u00e3o do pacote\u00a0anti-v\u00edrus<\/em>\u00a0ClamAV<\/em>. Este pode posteriormente ser integrado num sistema de filtragem de emails ou ficheiros.<\/p>\n<\/div>\n

Instala\u00e7\u00e3o<\/h2>\n
\n
root@server:~# aptitude install clamav clamav-docs clamav-daemon clamav-freshclam<\/pre>\n
Para que o\u00a0ClamAV<\/em>\u00a0possa verificar ficheiros compactados, devem ser tamb\u00e9m instalados alguns pacotes para descompactar ficheiros:<\/p>\n
root@server:~# aptitude install arc arj bzip2 cabextract lzop nomarch p7zip pax tnef unrar-free unzip zoo<\/pre>\n
Se tiver acesso aos\u00a0reposit\u00f3rios\u00a0<\/a>\u201cnon-free\u201d, \u00e9 poss\u00edvel instalar mais alguns pacotes:<\/p>\n
root@server:~# aptitude install lha unrar \r\n\r\n<\/pre>\n<\/div>\n
<\/p>\n
Configura\u00e7\u00e3o<\/h2>\n
\n
A actualiza\u00e7\u00e3o da base de dados de assinaturas de v\u00edrus \u00e9 descarregada da Internet pelo\u00a0daemon<\/em>\u00a0clamav-freshclam<\/em>\u00a024 vezes ao dia. No entanto, essa periodicidade pode ser alterada no ficheiro\u00a0\/etc\/clamav\/freshclam.conf<\/em>:<\/p>\n
\n
\/etc\/clamav\/freshclam.conf<\/a><\/dt>\n
\n
# [...]\r\n# Check for new database 24 times a day\r\nChecks 24\r\n\r\n# [...]<\/pre>\n<\/dd>\n<\/dl>\n
Caso se pretenda utilizar um servidor\u00a0proxy<\/em>\u00a0para aceder \u00e0 Internet, deve-se alterar a configura\u00e7\u00e3o tamb\u00e9m em\u00a0\/etc\/clamav\/freshclam.conf<\/em>:<\/p>\n
\n
\/etc\/clamav\/freshclam.conf<\/a><\/dt>\n
\n
# [...]\r\n# \r\nHTTPProxyServer proxy.home.lan\r\nHTTPProxyPort 3128<\/pre>\n<\/dd>\n<\/dl>\n
Reiniciar o servi\u00e7o, para ter em conta as altera\u00e7\u00f5es de configura\u00e7\u00e3o:<\/p>\n
server:~# \/etc\/init.d\/clamav-freshclam restart<\/pre>\n
Ap\u00f3s a instala\u00e7\u00e3o, deve ser feita a actualiza\u00e7\u00e3o da base de dados de assinaturas de v\u00edrus.<\/p>\n
root@server:~# freshclam\r\nClamAV update process started at Mon Jan  3 12:36:00 2011\r\nmain.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)\r\ndaily.cvd is up to date (version: 12472, sigs: 13615, f-level: 58, builder: ccordes)\r\nbytecode.cvd is up to date (version: 114, sigs: 27, f-level: 58, builder: edwin)<\/pre>\n
As futuras actualiza\u00e7\u00f5es ser\u00e3o feitas automaticamente, v\u00e1rias vezes por dia.<\/p>\n<\/div>\n
Verifica\u00e7\u00e3o<\/h2>\n
\n
A distribui\u00e7\u00e3o debian disponibiliza um pacote de ficheiros de testes \u201cinfectados\u201d com uma assinatura de um falso v\u00edrus. O\u00a0clamAV<\/em>\u00a0dever\u00e1 ser capaz de identificar correctamente os ficheiros de teste \u201cinfectados\u201d.<\/p>\n
Instalar o pacote de testes:<\/p>\n
root@server:~# aptitude install clamav-testfiles<\/pre>\n
Efectuar os testes:<\/p>\n
root@server:~# clamscan \/usr\/share\/clamav-testfiles\/\r\n\/usr\/share\/clamav-testfiles\/clam.impl.zip: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam_ISmsi_int.exe: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.exe.binhex: ClamAV-Test-File FOUND\r\n[...]\r\n\/usr\/share\/clamav-testfiles\/clam.tnef: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.ole.doc: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.exe.mbox.uu: ClamAV-Test-File FOUND\r\n\r\n----------- SCAN SUMMARY -----------\r\nKnown viruses: 858610\r\nEngine version: 0.96.5\r\nScanned directories: 1\r\nScanned files: 46\r\nInfected files: 44\r\nData scanned: 12.47 MB\r\nData read: 6.21 MB (ratio 2.01:1)\r\nTime: 6.616 sec (0 m 6 s)<\/pre>\n
A listarem indica os ficheiros pesquisados e a assinatura do falso \u201cvirus\u201d encontrado (ClamAV-Test-File FOUND) e o sum\u00e1rio indica que foi encontrada a assinatura de \u201cvirus\u201d nos 46 ficheiros verificados.<\/p>\n
Testar tamb\u00e9m o\u00a0daemon<\/em>\u00a0clamdscan<\/em>:<\/p>\n
root@server:~# clamdscan \/usr\/share\/clamav-testfiles\/\r\n\/usr\/share\/clamav-testfiles\/clam.7z: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.exe.bz2: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.ppt: ClamAV-Test-File FOUND\r\n[...]\r\n\/usr\/share\/clamav-testfiles\/clam.pdf: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.exe.mbox.uu: ClamAV-Test-File FOUND\r\n\/usr\/share\/clamav-testfiles\/clam.exe.mbox.base64: ClamAV-Test-File FOUND\r\n\r\n----------- SCAN SUMMARY -----------\r\nInfected files: 44\r\nTime: 1.300 sec (0 m 1 s)<\/pre>\n
O anti-v\u00edrus est\u00e1 agora pronto para ser usado manualmente ou integrado noutros sistemas e servi\u00e7os.<\/p>\n
O pacote de testes pode agora ser removido:<\/p>\n
root@server:~# aptitude remove clamav-testfiles<\/pre>\n
Para detec\u00e7\u00e3o de v\u00edrus, podem ser utilizados os comandos\u00a0clamscan<\/strong>\u00a0e\u00a0clamdscan<\/strong>. No entanto, a segunda forma\u00a0clamdscan<\/strong>\u00a0\u00e9 muito mais r\u00e1pida, uma vez que sendo um\u00a0daemon<\/em>, est\u00e1 j\u00e1 carregada em mem\u00f3ria, ao contr\u00e1rio do comando\u00a0clamscan<\/strong>, que deve ser lido do disco para a mem\u00f3ria cada vez que \u00e9 invocado. (Ver os tempos de execu\u00e7\u00e3o de um e de outro nos exemplos acima).<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
3.6.1 ClamAV Objectivo Instala\u00e7\u00e3o do pacote\u00a0anti-v\u00edrus\u00a0ClamAV. Este pode posteriormente ser integrado num sistema de filtragem de emails ou ficheiros. Instala\u00e7\u00e3o root@server:~# aptitude install clamav clamav-docs clamav-daemon clamav-freshclam Para que o\u00a0ClamAV\u00a0possa verificar ficheiros compactados, devem ser tamb\u00e9m instalados alguns pacotes para descompactar ficheiros: root@server:~# aptitude install arc arj bzip2 cabextract lzop nomarch p7zip pax tnef unrar-free […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1082,730,1,830,42,51,439,495,68,271],"tags":[1211,14,361],"class_list":["post-4538","post","type-post","status-publish","format-standard","hentry","category-centos-7-rhel-7","category-clusterweb","category-viazap","category-debian","category-leitura-recomendada","category-linux-linuxrs","category-midia","category-profissional-de-ti","category-redes-2","category-seguranca-2","tag-clamav","tag-linux","tag-no"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4538"}],"version-history":[{"count":1,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4538\/revisions"}],"predecessor-version":[{"id":4539,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4538\/revisions\/4539"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}