Clam AntiVirus это антивирусный инструмент для UNIX с открытым исходным кодом (GPL). В этой статье мы рассмотрим как установить и подвязать к NextCloud.
Для начала рассмотрим саму установку антивируса. Скачаем последнюю версию (на момент написания статьи – 1.0.0), распаковываем и устанавливаем.
cd /tmp
wget https://prohosting.group/wp-content/uploads/2022/12/clamav-1.0.0.linux_.x86_64.tar
tar -xvf clamav-1.0.0.linux_.x86_64.tar
dpkg -i clamav-1.0.0.linux.x86_64.deb
Создадим директорию:
mkdir /usr/local/share/clamav
Создадим пользователя и группу Clamav и предоставим нужные права на директорию
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
sudo chown -R clamav:clamav /usr/local/share/clamav
Переименовываем конфигурационные файлы
mv /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf
mv /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.confРедактируем файл clamd.conf
nano +8 /usr/local/etc/clamd.confи приводим его к следующему виду, я буду описывать только то что меняем:
# Comment or remove the line below.
Example
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# This file will be owned by root, as long as clamd was started by root.
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
#PidFile /var/run/clamd.pid
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
#LocalSocket /tmp/clamd.socket
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
#TCPAddr localhost
# Comment or remove the line below.
#Example
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# This file will be owned by root, as long as clamd was started by root.
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
PidFile /var/run/clamd.pid
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
TCPAddr localhost
В файле freshclam.conf комментируем строку:
nano +8 /usr/local/etc/freshclam.conf##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.
Example
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.
#Example
Обнавляем базы данных сигнатур вирусов:
freshclam
Проверим запускается ли Clamav
clamd
- Если не выведет никаких ошибок значит можно двигаться дальше, если все же напишет ошибки, их нужно исправить.
Создаем службу clamav-daemon:
nano /etc/systemd/system/clamav-daemon.service
Вставляем содержимое:
[Unit]
Description=Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/
# Check for database existence
ConditionPathExistsGlob=/usr/local/share/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/usr/local/share/clamav/daily.{c[vl]d,inc}
[Service]
ExecStart=/usr/local/sbin/clamd --foreground=true
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
StandardOutput=syslog
TimeoutStartSec=420
[Install]
WantedBy=multi-user.target
Включаем автозапуск сервиса и запускаем его
systemctl enable clamav-daemon && systemctl start clamav-daemonПроверим статус службы. Если все сделано правильно, служба будет запущена
systemctl status clamav-daemon