Open source cloud killing site plan and build their own cloud antivirus
Build ClamAV server
1 Introduction:
In the last one we have demonstrated throughout the program, the portal "open source cloud killing site plan, build their own cloud antivirus": HTTPS: //www.cnblogs.com/dengjiahai/p/12437360.html#4514940 . Then I wrote a article to demonstrate how to build a ClamAV server, before you begin, let me talk about getting this problem after another exchange of dialogue and questions of some colleagues, and published some of my personal opinions and views:
- In the server installation it does not kill the soft fragrant thing? Staggering out so complicated?
A: Indeed, the server installed directly kill soft is also a protection program. The reason we get this thing would be because there are some places to kill the soft can not meet our requirements. I talk about simple application scenario we could think of. If you read, think about this program help you, then you can continue to explore down, if you feel no sense. Then that this thing can not satisfy you, you can not look down.
First, a simple example to illustrate the application of our situation. We need to do is actually similar VirSCAN some of the features of this site: Portal: https: //www.virscan.org/antivirusvendor/clamav
We want mainly on account of the following aspects, so to make this choice.
• We are mainly scan, rather than for anti-virus, simply put, we want to go from the source above protection. Rather than waiting viruses, and antivirus we go. You know, our program is not a virus, but a virus scan. According to the interpretation of clamav antivirus for uploading attachments it is meaningless, because the virus since it checks out, some critical files killed, the rest of the file should not be used, even if can you trust Well ?
• We found in the lab, part of the archive server to download a virus, do not actually kill soft scan manually swept away, the virus came out, the specific reasons I do not understand, of course, does not rule out my settings, but I have when the installation is a direct default. There is often a clear soft kill viruses but also to reboot to clear and clean, very often, you computer examination is over, is not it remind you kill soft reboot the computer?
• password archive should be no way to scan, but when we upload attachments, we open the file with a password in the flow inside the archive, and then to scan is not a lot of security. Rather than waiting for the user to directly extract local server is triggered only kill soft.
• There is, even if the virus can not kill the soft feedback to the user, we consider this program when the main consideration annex to upload, if I am a user and I have no intention to attack, and then I found, after I uploaded the attachment, the system prompts I did it, well, then I feel at ease in the shop and go to other things, and then will go to anti-virus server. To get rid of the file. This time of the user without the knowledge ah. Why I did not do something, you look like a lot of mailbox post attachments will immediately killing, and inform you the result, if not through killing, will not give you send.
• When there is a limitation is soft kill must be installed on a local server, if the server a lot of pressure, anti-virus scanning far as I know also more cost performance, according to my previous experience of old computers, particularly the memory is not very full, on-line watching videos, computer very slow, soft launched after the killing, actually a lot faster. So we use this distributed deployment scenario, a single server scans.
• ClamAV's ® is a mail gateway scanning software open-source standard.
• High performance, ClamAV includes a multi-threaded scanning daemon, demand for document scanning and automatic signature updates command-line utility.
• ClamAV supports a variety of file formats, file and archive decompression, and a variety of signature language.
• Open Source
Our main consideration of the above circumstances. We are mainly works
If watching the top, you find the program useful to you, then you can continue to pay attention, if the program is meaningless to you. Then you may not need to see the back of.
2 Preparations
ClamAV official website: https://www.clamav.net/
ClamAV Documentation: https://www.clamav.net/documents/clam-antivirus-user-manual
ClamAV Source: https://github.com/Cisco-Talos/clamav-devel
The latest version is 0.102.2. I looked at the official, there has recently been updated to maintain, and very frequent.
2.1 ClamAV server requirements
OS: I demonstrated using windows 10. (official support many systems Unix / Linux / macOS / Debian / Ubuntu / Redhat / CentOS), etc., the source code is open source, if not support, compile it yourself.
Hardware configuration: requirements are very low, I feel most of the computer can support, as in a production environment, will have a specific allocation of resources according to their usage.
3 Installation Services
Official documents themselves should go over there full understanding.
First, we go to the official website to download the installation package or archive. If you downloaded the installation package installation interface installed. If the package is compressed, decompressor to respond to the directory. I demonstrated that the use of ClamAV Windows Installer to install. First, download the installation package, download address: http: //www.clamav.net/downloads/production/ClamAV-0.102.1.exe. It may slow the network, if the network is too slow may need to download a springboard. Our test network is still possible.
ClamAV-0.102.1.exe Right-click and select Run as administrator, remember to use an administrator, or it may fail to install or run correctly. You may receive a "Windows Protect Your PC" warning message. Select More information and select Always allow.
Select I accept the agreement and click Next.
Next click again. If you remove ClamAV previously installed, you may receive a prompt "folder ... already exists ...." If you do, select Yes. Click Install. To start the installation.
This, ClamAV server installation is complete.
4 Configuration
First, we need to copy the folder inside clamd.conf.sample conf_examples and freshclam.conf.sample two files outside the root directory, and open the configuration file with Notepad or a text editor.
First look clamd.conf file
Example find this line. Comment it out. Otherwise run error.
Then find the following lines in front of the comment (#) removed
#LogFile "C:\Program Files\ClamAV\clamd.log"
#PidFile "C:\Program Files\ClamAV\clamd.pid"
Configuration database, I have here is the default path, if you need more database path set your own drive letter corresponding directory. Behind the virus database needs to be placed here.
#DatabaseDirectory "C:\Program Files\ClamAV\database"
Set the server port, the default port 3310
#TCPSocket 3310
Setting listening address, you can set up multiple addresses. Support IPv6
#TCPAddr 127.0.0.1
These are the necessary configuration, other configurations please myself more profiles according to the instructions, on-demand open.
Then configure freshclam.conf, this is mainly an update to the virus database.
Example # cancellation row
#DatabaseDirectory "C:\Program Files\ClamAV\database"
#UpdateLogFile "C:\Program Files\ClamAV\freshclam.log"
#DatabaseMirror database.clamav.net
#PidFile "C:\Program Files\ClamAV\freshclam.pid"
Virus database address, if they set up a mirror, you can use your own image.
#DatabaseCustomURL http://myserver.example.com/mysigs.ndb
Other configurations please open their demand. Note that it is best to timely update the virus database, or a new virus can not be scanned.
5 Use
5.1 Installation virus database
In the following service installation directory press ctrl + right mouse button, open a command window here, the main use administrator to open, if you open is not an administrator, through windows and scroll cmd, then right click -> Run as Administrator . Into service installation directory, execute freshclam.exe. Wait for the installation to complete.
Open the database installation folder. You will see three virus database.
If your server network is, it can build your own image, or will manually download their own virus database. Address: https://www.clamav.net/downloads#collapseCVD
Download the complete database into the inside.
Virus database updated every 12 hours by default, if you need to change, to change the configuration file itself.
5.2 Service
Clamscan
File Scan specified location. The following is a a.zip scanned document. I found a virus
There are too many options can not list all the options here. Therefore, we will only introduce some common and more interesting content:
--log = FILE - save the scan report to FILE
--database = FILE / DIR - FILE load or load virus database from all db files supported from DIR
--official-db-only [= yes / no (*)] - load only official signature
--max-filesize = # n - the large size of this file will be skipped and that is clean
--max-scansize = # n - the maximum amount of data for each file to be scanned container
--leave-temps [= yes / no (*)] - Do not delete the temporary files
--file-list = FILE - the scan file FILE
--quiet - only output error messages
--bell - sound detect viruses
--cross-fs [= yes (*) / no] - scan files and directories on other file systems
--move = DIRECTORY - the infected files to a directory
--copy = DIRECTORY - to copy the infected files into the directory
--bytecode-timeout = N - bytecode provided timeout (in milliseconds)
--heuristic-alerts [= yes (*) / no] - alarm switch Heuristics
--alert-encrypted [= yes / no (*)] - encrypted files and documents reminder
--nocerts - disable Authenticode certificate chain verification in the PE file
--disable-cache - disabled hash and scanned files cache and cache checks
Clamdscan
Need to start the clamd service, scanning speed;
if you use the -r parameter to specify the path, the default scan subdirectories recursively;
Timing antivirus
# Custom Task Scheduler, 3:00 am start updating virus database, 3:30 start antivirus scanning / home directory and subdirectory files, scanned documents directly delete the virus, anti-virus and save the log
Signature Testing and Management
Many tools can be used to test and manage the signature. It is worth noting the following:
clambc - designed for testing bytecode
sigtool - for general signatures testing and analysis
freshclam - set for the signature database update to the latest version
There are many more better not list them, if I have listed all, so what's the difference with the official translation of the document. And is not the key to our article.
If the above usage you will not, then it does not matter, we can not, however, the following usage must be , because directly determine the success of our program
clamd is a multi-threaded daemon, which uses libclamav scan files for viruses. You can modify the scanning behavior fully configured to suit most needs clamd.conf.
Due to the need for a virus clamd run, we recommend ClamAV clamd official signature set before running to use freshclam.
The daemon clamd.conf command operates on the listener in the designated socket. Local Unix sockets and TCP sockets are supported listening.
IMPORTANT: clamd is not currently protected or certified communication via TCP socket, which means that it will accept any of the following all commands from any source. Therefore, we strongly recommend that you follow best practices when setting up networking clamd instance. That is not to your TCP sockets exposed to the Internet.
This is a quick list clamd socket accepting commands.
PING
VERSION
RELOAD
SHUTDOWN
SCAN file / directory
RAWSCAN file / directory
CONTSCAN file / directory
MULTISCAN file / directory
ALLMATCHSCAN file / directory
INSTREAM
IVORY
STATS
IDSESSION, END
ClamAV with most tools, you can find more information about these tools by calling the following command:
The above paragraph is a direct translation of the official, is not looking Mongolia? I do not understand it does not matter. You just will a command line.
Clamd
Open in the root directory services administrator cmd, enter Clamd.exe or Clamd
As shown is already successfully start the service, then you can go to our code debugging. By WebAPI, we can see the ClamAV version. This explains the success of the program also uses. Then you can have fun Cloud Antivirus achieve their business up.
6 Troubleshooting common issues
- Service failed to start? A firewall is not prohibited port?
- Service failed to start? It is installed as an administrator?
- Scanning for viruses files are always prompt no virus? The virus is not possible to change the entry, it is also possible that you did not pull the virus database?
- Service failed to start? Whether profiles configured?
- Antivirus program can not connect the server? Whether the IP and port the same?
Code has been open source code hosting to Gitee. Portal: https: //gitee.com/Jesai/JESAI.ClamAV.NetScanner.git