ClamAV – Script configurazione
/etc/init.d/clamd
#! /bin/bash # # crond Start/Stop the clam antivirus daemon. # # chkconfig: 3 70 41 # description: clamd is a standard Linux/UNIX program that scans for Viruses. # processname: clamd # config: /opt/clamav/conf/clamd.conf # pidfile: /var/lock/subsys/clamd # Source function library. . /etc/init.d/functions RETVAL=0 # See how we were called. prog="clamd" progdir="/opt/clamav/bin/" # Source configuration if [ -f /etc/sysconfig/$prog ] ; then . /etc/sysconfig/$prog fi start() { echo -n $"Starting $prog: " daemon $progdir/$prog RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd return $RETVAL } stop() { echo -n $"Stopping $prog: " # Would be better to send QUIT first, then killproc if that fails killproc $prog RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd return $RETVAL } rhstatus() { status clamd } restart() { stop start } reload() { echo -n $"Reloading clam daemon configuration: " killproc clamd -HUP retval=$? echo return $RETVAL } case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; status) rhstatus ;; condrestart) [ -f /var/lock/subsys/clamd ] && restart || : ;; *) echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}" exit 1 esac exit $? # chmod 755 /etc/init.d/clamd # chkconfig clamd on # service clamd start
/opt/clamav/conf/clamd.conf
LogFile /var/log/clamd/clamd.log LogFileMaxSize 0 LogTime yes LogClean yes #LogVerbose yes ExtendedDetectionInfo yes PidFile /var/run/clamd/clamd.pid TemporaryDirectory /tmp DatabaseDirectory /opt/clamav/share #OfficialDatabaseOnly no LocalSocket /tmp/clamd.socket LocalSocketGroup simscan FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 30 MaxThreads 20 MaxDirectoryRecursion 20 SelfCheck 600 User simscan #Debug yes # Detect Possibly Unwanted Applications. # DetectPUA yes ## ## Executable files ## # PE stands for Portable Executable ScanPE yes # Executable and Linking Format is a standard format for UN*X executables. ScanELF yes # With this option clamav will try to detect broken executables (both PE and # ELF) and mark them as Broken.Executable. DetectBrokenExecutables yes ## ## Documents ## # This option enables scanning of OLE2 files, such as Microsoft Office # documents and .msi files. ScanOLE2 yes # With this option enabled OLE2 files with VBA macros, which were not # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". # Default: no OLE2BlockMacros no # This option enables scanning within PDF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes ScanPDF yes ## ## Mail files ## # Enable internal e-mail scanner. # If you turn off this option, the original files will still be scanned, but # without parsing individual messages/attachments. # Default: yes ScanMail yes # Scan RFC1341 messages split over many emails. # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. # WARNING: This option may open your system to a DoS attack. # Never use it on loaded servers. # Default: no ScanPartialMessages yes # With this option enabled ClamAV will try to detect phishing attempts by using # signatures. # Default: yes PhishingSignatures yes # Scan URLs found in mails for phishing attempts using heuristics. # Default: yes PhishingScanURLs yes # Always block SSL mismatches in URLs, even if the URL isn't in the database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockSSLMismatch no # Always block cloaked URLs, even if URL isn't in database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockCloak no # Allow heuristic match to take precedence. # When enabled, if a heuristic scan (such as phishingScan) detects # a possible virus/phish it will stop scan immediately. Recommended, saves CPU # scan-time. # When disabled, virus/phish detected by heuristic scans will be reported only at # the end of a scan. If an archive contains both a heuristically detected # virus/phish, and a real malware, the real malware will be reported # # Keep this disabled if you intend to handle "*.Heuristics.*" viruses # differently from "real" malware. # If a non-heuristically-detected virus (signature-based) is found first, # the scan is interrupted immediately, regardless of this config option. # # Default: no #HeuristicScanPrecedence yes ## ## Data Loss Prevention (DLP) ## # Enable the DLP module # Default: No #StructuredDataDetection yes # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. # Default: 3 #StructuredMinCreditCardCount 5 # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 #StructuredMinSSNCount 5 # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes #StructuredSSNFormatNormal yes # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz # Default: no #StructuredSSNFormatStripped yes ## ## HTML ## # Perform HTML normalisation and decryption of MS Script Encoder code. # Default: yes # If you turn off this option, the original files will still be scanned, but # without additional processing. ScanHTML yes ## ## Archives ## # ClamAV can scan within archives and compressed files. # If you turn off this option, the original files will still be scanned, but # without unpacking and additional processing. # Default: yes ScanArchive yes # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: no ArchiveBlockEncrypted yes ## ## Limits ## # The options below protect your system against Denial of Service attacks # using archive bombs. # This option sets the maximum amount of data to be scanned for each input file. # Archives and other containers are recursively extracted and scanned up to this # value. # Value of 0 disables the limit # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 100M MaxScanSize 20M # Files larger than this limit won't be scanned. Affects the input file itself # as well as files contained inside it (when the input file is an archive, a # document or some other kind of container). # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 25M MaxFileSize 30M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how # deeply the process should be continued. # Note: setting this limit too high may result in severe damage to the system. # Default: 16 MaxRecursion 16 # Number of files to be scanned within an archive, a document, or any other # container file. # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10000 #MaxFiles 15000 ## ## Clamuko settings ## # Enable Clamuko. Dazuko must be configured and running. Clamuko supports # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS # is the preferred option. For more information please visit www.dazuko.org # Default: no #ClamukoScanOnAccess yes # The number of scanner threads that will be started (DazukoFS only). # Having multiple scanner threads allows Clamuko to serve multiple # processes simultaneously. This is particularly beneficial on SMP machines. # Default: 3 #ClamukoScannerCount 3 # Don't scan files larger than ClamukoMaxFileSize # Value of 0 disables the limit. # Default: 5M #ClamukoMaxFileSize 10M # Set access mask for Clamuko (Dazuko only). # Default: no #ClamukoScanOnOpen yes #ClamukoScanOnClose yes #ClamukoScanOnExec yes # Set the include paths (all files inside them will be scanned). You can have # multiple ClamukoIncludePath directives but each directory must be added # in a seperate line. (Dazuko only) # Default: disabled #ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. (Dazuko only) # Default: disabled #ClamukoExcludePath /home/bofh # With this option you can whitelist specific UIDs. Processes with these UIDs # will be able to access all files. # This option can be used multiple times (one per line). # Default: disabled #ClamukoExcludeUID 0 # With this option enabled ClamAV will load bytecode from the database. # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. # Default: yes #Bytecode yes # Set bytecode security level. # Possible values: # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS # This value is only available if clamav was built with --enable-debug! # TrustSigned - trust bytecode loaded from signed .c[lv]d files, # insert runtime safety checks for bytecode loaded from other sources # Paranoid - don't trust any bytecode, insert runtime checks for all # Recommended: TrustSigned, because bytecode in .cvd files already has these checks # Note that by default only signed bytecode is loaded, currently you can only # load unsigned bytecode in --enable-debug mode. # # Default: TrustSigned #BytecodeSecurity TrustSigned # Set bytecode timeout in miliseconds. # # Default: 5000 # BytecodeTimeout 1000
/opt/clamav/conf/freshclam.conf
DatabaseDirectory /opt/clamav/share UpdateLogFile /var/log/clamd/freshclam.log LogFileMaxSize 0 LogTime yes #LogVerbose yes PidFile /var/run/clamd/freshclam.pid DatabaseOwner simscan DatabaseMirror db.it.clamav.net DatabaseMirror database.clamav.net MaxAttempts 3 Checks 24 # Proxy settings # Default: disabled #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass #HTTPUserAgent SomeUserAgentIdString NotifyClamd /opt/clamav/conf/clamd.conf #Debug yes