如何将ClamAV集成到PureFTPd中以在​​CentOS 7上进行病毒扫描

本教程介绍了如何将ClamAV集成到PureFTPd中,以便在CentOS 7系统上进行病毒扫描。 最后,每当通过PureFTPd上传文件时,ClamAV将检查该文件并将其删除,如果它包含病毒或恶意软件。

1初步说明

您应该在CentOS 7服务器上安装一个有效的PureFTPd设置,例如本教程所示:CentOS 7上使用PureFTPd和MySQL虚拟主机(包括配额和带宽管理)

2安装ClamAV

ClamAV在官方CentOS存储库中不可用,因此,我们启用了EPEL存储库(如果您还没有这样做),首先导入RPM GPK密钥。

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

然后,我们在CentOS系统上启用EPEL存储库,因为本教程中将要安装的许多软件包在官方CentOS 7存储库中不可用:

yum -y install epel-release
yum -y install yum-priorities

编辑/etc/yum.repos.d/epel.repo ...

nano /etc/yum.repos.d/epel.repo

...并将行优先级= 10添加到[epel]部分:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[...]

然后我们更新系统上现有的软件包:

yum update

之后, 我们可以安装ClamAV如下:

yum -y clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

编辑文件/etc/freshclam.conf并注释掉示例行:

nano /etc/freshclam.conf

通过在示例行的前面添加一个#:

.....
# Comment or remove the line below.
# Example

....

然后编辑文件/etc/clamd.d/scan.conf:

nano /etc/clamd.d/scan.conf

并注释掉示例行,就像我们在上面的文件中所做的那样,删除LocalSocket行前面的#。

.....
# Comment or remove the line below.
# Example

....
LocalSocket /var/run/clamd.scan/clamd.sock
....

接下来,我们为clamd创建系统启动链接并启动它:

systemctl enable clamd@.service
freshclam

然后启动clamav服务:

systemctl start clamd@.service

您可以使用以下命令检查ClamAV守护程序的状态:

 systemctl  status clamd@scan

结果应该是这样的:

[root@server1 system]# systemctl status clamd@scan
? clamd@scan.service - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-04-07 15:44:28 CEST; 1min 48s ago
Main PID: 10945 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
??10945 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes
Apr 07 15:44:36 server1.example.com clamd[10945]: HTML support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: XMLDOCS support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: HWP3 support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: Self checking every 600 seconds.
Apr 07 15:44:36 server1.example.com clamd[10945]: PDF support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: SWF support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: HTML support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: XMLDOCS support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: HWP3 support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: Self checking every 600 seconds.

3配置PureFTPd

首先我们打开/etc/pure-ftpd/pure-ftpd.conf并将CallUploadScript设置为yes

nano /etc/pure-ftpd/pure-ftpd.conf
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don't enable this option if you don't actually use pure-uploadscript.

CallUploadScript yes
[...]

接下来,我们创建文件/etc/pure-ftpd/clamav_check.sh (每当通过PureFTPd上传文件时,它将调用/ usr / bin / clamdscan)...

nano /etc/pure-ftpd/clamav_check.sh
#!/bin/sh
/usr/bin/clamdscan --fdpass --remove --quiet --no-summary -c /etc/clamd.d/scan.conf "$1"

...并使其可执行:

chmod 755 /etc/pure-ftpd/clamav_check.sh

现在我们启动pure-uploadscript程序作为守护进程,每当通过PureFTPd上传文件时,它将会调用我们的/etc/pure-ftpd/clamav_check.sh脚本:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

当然,你不想在启动系统时手动启动守护进程 - 因此我们打开/etc/rc.local ...

nano /etc/rc.local

...并将/ usr / sbin / pure-uploadscript -b -r /etc/pure-ftpd/clamav_check.sh添加到其中 - 如下所示:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local

最后我们重新启动PureFTPd:

systemctl restart clamd@.service

而已! 现在每当有人尝试通过PureFTPd将恶意软件上传到您的服务器时,“坏”文件将被默认删除。

4虚拟机映像

本教程可用于为Howtoforge订阅者准备使用OVA / OVF格式的虚拟机。 VM格式与VMWare和Virtualbox以及可以导入此格式的其他工具兼容。 您可以在顶部的右侧菜单中找到下载链接。 点击文件名开始下载。

VM的登录详细信息如下:

SSH登录

用户名:root
密码:youcl

玛丽亚登录

用户名:root
密码:youcl

请在首次启动后更改密码。

5链接

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏