Installazione Clamav in Debian: Difference between revisions

From RVM Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(30 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Aggiunta fonte Apt ==
=Installazione=
==Debian Squeeze==
* Aggiungere la fonte, se non già presente:
sudoedit /etc/apt/sources.list
 
<pre>
<pre>
cat >> /etc/apt/sources.list <<EOFile
...
deb http://volatile.debian.net/debian-volatile sarge/volatile main contrib non-free
deb http://ftp.it.debian.org/debian            squeeze-updates main contrib non-free
EOFile
deb http://security.debian.org/                 squeeze/updates main contrib non-free
...
</pre>
 
 
* Installare
sudo apt-get update && \
sudo apt-get dist-upgrade && \
sudo apt-get install clamav-daemon libclamunrar6
 
 
==Debian >= Wheezy==
* Installare
sudo apt-get update && \
sudo apt-get dist-upgrade && \
sudo apt-get install clamav clamav-daemon libclamunrar\*
 
=Installazione firme aggiuntive=
 
* Sbloccare dal serve rle porte per poter scaricare gli aggiornamenti:
    rsync: TCP port 873
    wget/curl : TCP port 443
 
* Installare il pacchetto RVM, oppure installare dai sorgenti
sudo apt-get install clamav-unofficial-sigs
 
* Registrasi free su https://www.malwarepatrol.net/free-guard-upgrade-option/
 
* Andare nella pagina account e verificare i parametri dell'url di download delle firme per clamav, tipo:
https://lists.malwarepatrol.net/cgi/getfile?receipt=f478726125&product=32&list=clamav_basic
 
* Inserire il prametriin:
sudoedit /etc/clamav-unofficial-sigs/master.conf
 
malwarepatrol_receipt_code="f478726125"
malwarepatrol_product_code="32"
malwarepatrol_list="clamav_basic"
 
* Registrarsi su https://www.securiteinfo.com/clients/customers/signup
 
* Inserire il proprio indicativo contenuto negli url indicati nella tab SETUP del sito, esempio
http://www.securiteinfo.com/get/signatures/a583f5d7113477f99ac6f2f99011897a80399b63212d5cb234c85a84ac7dd3456bd5dfc33a01dab5c31f5bf7b20b2026b6e2c961727adf85777564f9c82abc03/securiteinfo.hdb
 
sudoedit /etc/clamav-unofficial-sigs/master.conf
 
securiteinfo_authorisation_signature="a583f5d7113477f99ac6f2f99011897a80399b63212d5cb234c85a84ac7dd3456bd5dfc33a01dab5c31f5bf7b20b2026b6e2c961727adf85777564f9c82abc03"
 
* '''Attenzione questo codice vale solo per 1 indirizzo IP'''
 
* '''VERIFICARE IL FUNZIONAMENTO DI WGET, ALTRIMENTI FALLIRÀ CERTAMENTE LO SCARICAMENTO DI SANESECURITY'''
 
* Scaricare le firme la prima volta come root, poi come clamav:
sudo [ -x /usr/sbin/clamav-unofficial-sigs ] && sudo  /bin/bash /usr/sbin/clamav-unofficial-sigs
 
sudo -u clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && sudo -u clamav /bin/bash /usr/sbin/clamav-unofficial-sigs
 
* Impostare lo scaricamento delle signatures di Google Safebrowsing per i siti di Phishing e malware:
 
sudoedit /etc/clamav/freshclam.conf
 
SafeBrowsing Yes
 
* Se necessario, impostare un proxy per lo scaricamento degli aggiornamenti:
sudoedit /etc/clamav/freshclam.conf
 
HTTPProxyServer proxy.example.priv
HTTPProxyPort 3128
 
* Fermare il daemon di aggiornamento
sudo /etc/init.d/clamav-freshclam stop
 
* Aggiornare il database, e verificare che scarichi anche le firme di Google Safebrowsing:
sudo freshclam -v
 
* Riattivare il daemon di aggiornamento
sudo /etc/init.d/clamav-freshclam start
 
=Configurazione=
* Per il funzionamento con amavis, impostare:
sudoedit  /etc/clamav/clamd.conf
 
AllowSupplementaryGroups true
 
:Altrimenti la scansione di amavis fallisce con clamd, e si ottiene l'errore:
Mar 11 18:59:40 myserver amavis[18226]: (18226-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20160311T185044-18226-VIje1ebd/parts: lstat() failed: Permission denied. ERROR\n"
* Riavviare clamav-daemon:
sudo /etc/init.d/clamav-daemon stop; sudo /etc/init.d/clamav-daemon start
 
 
=Test Clamav=
 
* Installare i test files:
sudo apt-get install clamav-testfiles
 
clamscan /usr/share/clamav-testfiles/
 
<pre>
----------- SCAN SUMMARY -----------
Known viruses: 8484890
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 46
Infected files: 46
Data scanned: 13.76 MB
Data read: 6.21 MB (ratio 2.22:1)
Time: 23.877 sec (0 m 23 s)
</pre>
</pre>


== Pinning ==
* Verificare se utilizza le firme di Safebrowsing:
<pre>
<pre>
cat >> /etc/apt/preferences <<EOFile
cat > /tmp/test-safebrowsing <<EOFile
Package: clamav
Return-Path: <username@example.com>
Pin: origin volatile.debian.net
Delivered-To: <destination@example.com>
Pin-Priority: 1100
Received: from servername.example.com
by servername.example.com (Dovecot) with LMTP id xI3QK3XIrVjAYAAA25iMvQ
for <destination@example.com>; Wed, 22 Feb 2017 18:20:53 +0100
Date: Wed, 22 Feb 2017 18:20:58 +0100
To: destination@example.com
From: username@example.com
Subject: test Wed, 22 Feb 2017 18:20:58 +0100
X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
Message-Id: <20170222172053.A4DFADEAEA@servername.example.com>
 
http://malware.testing.google.test/testing/malware/


Package: *
Pin: release a=sarge
Pin-Priority: 700
EOFile
EOFile
</pre>
</pre>


== Installazione ==
clamscan -v /tmp/test-safebrowsing
 
<pre>
<pre>
apt-get update
Scanning /tmp/test-safebrowsing
apt-get upgrade
/tmp/test-safebrowsing: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND
apt-get install clamav
 
----------- SCAN SUMMARY -----------
Known viruses: 8484890
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 41.610 sec (0 m 41 s)
 
</pre>
</pre>


Scegliere come metodo di update ''cron'' e come sito di update ''db.ch.clamav.net''
* Rimuovere i testfiles:
  sudo apt-get remove --purge clamav-testfiles


== Controllo versione ==
= Installazione decompressori =
==Debian Squeeze==
sudo apt-get install unrar arj unzip unace


<pre>
==Debian >= Wheezy==
export COLUMNS=132; dpkg -l | grep clamav
sudo apt-get install unrar arj unzip unace-nonfree
ii  clamav                      0.86.2-0volatile1          antivirus scanner for Unix
=Riferimenti=
ii  clamav-base                0.86.2-0volatile1          base package for clamav, an anti-virus utility for Unix
*[https://sdeziel.info/postfix.html Postfix guide]
ii  clamav-daemon              0.86.2-0volatile1          antivirus scanner daemon
*[http://security.stackexchange.com/questions/37383/are-there-faux-fake-malicious-websites-to-test-web-reputation-services-similar-t malware - Are there faux/fake malicious websites to test web reputation services similar to EICAR? - Information Security Stack Exchange]
ii  clamav-freshclam            0.86.2-0volatile1          downloads clamav virus databases from the Internet
*[http://www.hidaba.com/installare-definizioni-virus-sanesecurity-su-clamav-in-debian-per-amavis/ Installare definizioni virus Sanesecurity su clamav in Debian per Amavis]
ii  libclamav1                  0.86.2-0volatile1          virus scanner library
*[http://sanesecurity.com/support/signature-testing/ Signature Testing - Sanesecurity ClamAV: Phishing, Spam & Malware Signatures]
</pre>
*[https://github.com/extremeshok/clamav-unofficial-sigs extremeshok/clamav-unofficial-sigs: ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com]

Latest revision as of 14:34, 11 December 2019

Installazione

Debian Squeeze

  • Aggiungere la fonte, se non già presente:
sudoedit /etc/apt/sources.list

...
deb http://ftp.it.debian.org/debian             squeeze-updates main contrib non-free
deb http://security.debian.org/                 squeeze/updates main contrib non-free
...


  • Installare
sudo apt-get update && \
sudo apt-get dist-upgrade && \
sudo apt-get install clamav-daemon libclamunrar6


Debian >= Wheezy

  • Installare
sudo apt-get update && \
sudo apt-get dist-upgrade && \
sudo apt-get install clamav clamav-daemon libclamunrar\*

Installazione firme aggiuntive

  • Sbloccare dal serve rle porte per poter scaricare gli aggiornamenti:
   rsync: TCP port 873
   wget/curl : TCP port 443
  • Installare il pacchetto RVM, oppure installare dai sorgenti
sudo apt-get install clamav-unofficial-sigs
  • Andare nella pagina account e verificare i parametri dell'url di download delle firme per clamav, tipo:
https://lists.malwarepatrol.net/cgi/getfile?receipt=f478726125&product=32&list=clamav_basic
  • Inserire il prametriin:
sudoedit /etc/clamav-unofficial-sigs/master.conf 

malwarepatrol_receipt_code="f478726125"
malwarepatrol_product_code="32"
malwarepatrol_list="clamav_basic"
  • Inserire il proprio indicativo contenuto negli url indicati nella tab SETUP del sito, esempio
http://www.securiteinfo.com/get/signatures/a583f5d7113477f99ac6f2f99011897a80399b63212d5cb234c85a84ac7dd3456bd5dfc33a01dab5c31f5bf7b20b2026b6e2c961727adf85777564f9c82abc03/securiteinfo.hdb

sudoedit /etc/clamav-unofficial-sigs/master.conf 

securiteinfo_authorisation_signature="a583f5d7113477f99ac6f2f99011897a80399b63212d5cb234c85a84ac7dd3456bd5dfc33a01dab5c31f5bf7b20b2026b6e2c961727adf85777564f9c82abc03"
  • Attenzione questo codice vale solo per 1 indirizzo IP
  • VERIFICARE IL FUNZIONAMENTO DI WGET, ALTRIMENTI FALLIRÀ CERTAMENTE LO SCARICAMENTO DI SANESECURITY
  • Scaricare le firme la prima volta come root, poi come clamav:
sudo [ -x /usr/sbin/clamav-unofficial-sigs ] && sudo  /bin/bash /usr/sbin/clamav-unofficial-sigs

sudo -u clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && sudo -u clamav /bin/bash /usr/sbin/clamav-unofficial-sigs
  • Impostare lo scaricamento delle signatures di Google Safebrowsing per i siti di Phishing e malware:
sudoedit /etc/clamav/freshclam.conf

SafeBrowsing Yes
  • Se necessario, impostare un proxy per lo scaricamento degli aggiornamenti:
sudoedit /etc/clamav/freshclam.conf 

HTTPProxyServer proxy.example.priv
HTTPProxyPort 3128
  • Fermare il daemon di aggiornamento
sudo /etc/init.d/clamav-freshclam stop
  • Aggiornare il database, e verificare che scarichi anche le firme di Google Safebrowsing:
sudo freshclam -v
  • Riattivare il daemon di aggiornamento
sudo /etc/init.d/clamav-freshclam start

Configurazione

  • Per il funzionamento con amavis, impostare:
sudoedit  /etc/clamav/clamd.conf

AllowSupplementaryGroups true
Altrimenti la scansione di amavis fallisce con clamd, e si ottiene l'errore:
Mar 11 18:59:40 myserver amavis[18226]: (18226-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20160311T185044-18226-VIje1ebd/parts: lstat() failed: Permission denied. ERROR\n"
  • Riavviare clamav-daemon:
sudo /etc/init.d/clamav-daemon stop; sudo /etc/init.d/clamav-daemon start


Test Clamav

  • Installare i test files:
sudo apt-get install clamav-testfiles

clamscan /usr/share/clamav-testfiles/

----------- SCAN SUMMARY -----------
Known viruses: 8484890
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 46
Infected files: 46
Data scanned: 13.76 MB
Data read: 6.21 MB (ratio 2.22:1)
Time: 23.877 sec (0 m 23 s)
  • Verificare se utilizza le firme di Safebrowsing:
cat > /tmp/test-safebrowsing <<EOFile
Return-Path: <username@example.com>
Delivered-To: <destination@example.com>
Received: from servername.example.com
	by servername.example.com (Dovecot) with LMTP id xI3QK3XIrVjAYAAA25iMvQ
	for <destination@example.com>; Wed, 22 Feb 2017 18:20:53 +0100
Date: Wed, 22 Feb 2017 18:20:58 +0100
To: destination@example.com
From: username@example.com
Subject: test Wed, 22 Feb 2017 18:20:58 +0100
X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
Message-Id: <20170222172053.A4DFADEAEA@servername.example.com>

http://malware.testing.google.test/testing/malware/

EOFile

clamscan -v /tmp/test-safebrowsing

Scanning /tmp/test-safebrowsing
/tmp/test-safebrowsing: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8484890
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 41.610 sec (0 m 41 s)
  • Rimuovere i testfiles:
 sudo apt-get remove --purge clamav-testfiles

Installazione decompressori

Debian Squeeze

sudo apt-get install unrar arj unzip unace

Debian >= Wheezy

sudo apt-get install unrar arj unzip unace-nonfree

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Installazione_Clamav_in_Debian&oldid=10304"