ClamAVをインストールする!(Ubuntu Desktop 22.04)

Ubuntu Desktop 22.04に、ClamAVをインストールします。ClamAVを使用することで、ウィルスチェックを行うことができます。

ClamAVをインストールする!

ClamAVをインストールします。最初に、ClamAVの本体をインストールします。

$ sudo apt install clamav
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  clamav-base clamav-freshclam libclamav9 libtfm1
Suggested packages:
  libclamunrar clamav-docs libclamunrar9
The following NEW packages will be installed:
  clamav clamav-base clamav-freshclam libclamav9 libtfm1
0 upgraded, 5 newly installed, 0 to remove and 25 not upgraded.
Need to get 1,231 kB of archives.
After this operation, 3,877 kB of additional disk space will be used.
...

バックグラウンドで実行するためのパッケージをインストールします。

$ sudo apt install clamav-daemon
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  clamdscan
Suggested packages:
  libclamunrar clamav-docs daemon
The following NEW packages will be installed:
  clamav-daemon clamdscan
0 upgraded, 2 newly installed, 0 to remove and 25 not upgraded.
Need to get 268 kB of archives.
After this operation, 1,258 kB of additional disk space will be used.
...

以上で、主要なパッケージをインストールしましたが、Debian系のディストリビューションでは、以下のようにパッケージが別れているので、必要に応じてパッケージを追加する必要があります。

  • clamav - command-line interface
  • clamav-base - base package
  • clamav-daemon - scanner daemon
  • clamav-docs - documentation
  • clamav-freshclam - virus database update utility
  • clamav-milter - sendmail integration
  • clamav-testfiles - test files
  • libclamav-dev - development files
  • libclamav9 - library
  • libclamunrar9 - unrar support

ウィルスチェックのテストを行う

ウィルスチェックのテストを行います。テスト用のウィルスをインストールします。

$ sudo apt install clamav-testfiles
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  clamav-testfiles
0 upgraded, 1 newly installed, 0 to remove and 25 not upgraded.
Need to get 2,888 kB of archives.
After this operation, 6,699 kB of additional disk space will be used.
...

インストールしたテスト用ウィルスの検知を試みます。

$ sudo clamscan /usr/share/clamav-testfiles
/usr/share/clamav-testfiles/clam-petite.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.bin-le.cpio: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.odc.cpio: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.sis: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-fsg.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-upack.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.mail: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe.html: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.impl.zip: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe.rtf: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.ea06.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam_IScab_ext.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.zip: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-aspack.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe.szdd: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.ole.doc: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.7z: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-pespin.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.ea05.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-v2.rar: OK
/usr/share/clamav-testfiles/clam.exe.mbox.uu: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-v3.rar: OK
/usr/share/clamav-testfiles/clam.newc.cpio: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.tnef: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.d64.zip: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam_IScab_int.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-upx.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-yc.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam_ISmsi_int.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam_cache_emax.tgz: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.arj: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.chm: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.pdf: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.bin-be.cpio: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-wwpack.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam_ISmsi_ext.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe.mbox.base64: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe.binhex: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.ppt: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-nsis.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.bz2.zip: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.exe.bz2: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam-mew.exe: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.cab: Clamav.Test.File-6 FOUND
/usr/share/clamav-testfiles/clam.tar.gz: Clamav.Test.File-6 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8673710
Engine version: 0.103.9
Scanned directories: 1
Scanned files: 46
Infected files: 44
Data scanned: 14.02 MB
Data read: 6.21 MB (ratio 2.26:1)
Time: 35.438 sec (0 m 35 s)
Start Date: 2023:10:01 17:31:02
End Date:   2023:10:01 17:31:37

ウィルススキャンの設定を確認する!

ウィルススキャンの設定は、「/etc/clamav/clamd.conf 」で行います。

$ cat /etc/clamav/clamd.conf 
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M

ウィルス定義ファイルの更新の設定を確認する!

ウィルス定義ファイルの更新の設定は、「/etc/clamav/freshclam.conf 」で行います。

$ cat /etc/clamav/freshclam.conf
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

おわりに

Linuxでウィスルに感染することは少ないですが、Windowsに連携してしまわないようにチェックする場合などに、ClamAVを使用することができます。

参考情報

ClamAV (https://www.clamav.net/)

関連記事

関連書籍(Amazon)

N/A