GNU/Linux >> Belajar Linux >  >> Linux

Cara Menginstal ClamAV di Ubuntu 20.04 dan Memindai Kerentanan

ClamAV adalah perangkat lunak antivirus gratis dan sumber terbuka yang dapat digunakan untuk menemukan trojan dan perangkat lunak berbahaya serta virus lain di sistem Anda. Sederhana, mudah digunakan, dan mampu memindai lebih dari satu juta virus dan trojan. ClamAV mendukung berbagai format arsip termasuk Tar, Gzip, Zip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS, dan juga mendukung semua format file email. Muncul dengan beberapa alat bawaan, termasuk daemon multi-utas dan antarmuka baris perintah untuk memperbarui database secara otomatis.

Dalam tutorial ini, kami akan menjelaskan cara menginstal dan menggunakan ClamAV di Ubuntu 20.04.

Prasyarat

  • VPS Ubuntu 20.04 baru di Platform Cloud Atlantic.net
  • Kata sandi root yang dikonfigurasi di server Anda

Langkah 1 – Buat Server Cloud Atlantic.Net

Pertama, masuk ke Server Cloud Atlantic.Net Anda. Buat server baru, pilih Ubuntu 20.04 sebagai sistem operasi, dengan setidaknya 2GB RAM. Hubungkan ke Server Cloud Anda melalui SSH dan masuk menggunakan kredensial yang disorot di bagian atas halaman.

Setelah Anda masuk ke server Ubuntu 20.04 Anda, jalankan perintah berikut untuk memperbarui sistem dasar Anda dengan paket terbaru yang tersedia.

apt-get update -y

Langkah 2 – Instal ClamAV

apt-get install clamav clamav-daemon -y

Setelah ClamAV diinstal, Anda dapat melanjutkan untuk memperbarui basis data virus.

Langkah 3 – Perbarui Basis Data Virus

Selanjutnya, Anda perlu memperbarui basis data virus agar pemindaian berfungsi. Anda dapat memperbaruinya melalui internet menggunakan perintah freshclam.

Sebelum memperbarui database, Anda harus menghentikan layanan clamav-freshclam. Anda dapat menghentikannya dengan perintah berikut:

systemctl stop clamav-freshclam

Selanjutnya, perbarui database menggunakan perintah berikut:

freshclam

Setelah database diperbarui, Anda akan mendapatkan output berikut:

Thu Sep 17 06:11:23 2020 -> ClamAV update process started at Thu Sep 17 06:11:23 2020
Thu Sep 17 06:11:23 2020 -> daily.cvd database is up to date (version: 25930, sigs: 4317819, f-level: 63, builder: raynman)
Thu Sep 17 06:11:23 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Thu Sep 17 06:11:23 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Selanjutnya, mulai layanan clamav-freshclam dan aktifkan untuk memulai pada sistem reboot dengan perintah berikut:

systemctl start clamav-freshclam
systemctl enable clamav-freshclam
ls /var/lib/clamav/

Anda akan mendapatkan output berikut:

bytecode.cvd  daily.cvd  main.cvd

Langkah 4 – Gunakan Clamscan untuk Memindai Direktori

Clamscan digunakan untuk memindai file dan direktori dari virus dan segera menghapusnya.

Sintaks dasar Clamscan ditunjukkan di bawah ini:

clamscan [options] [files-or-directories]

Penjelasan singkat tentang opsi yang paling umum digunakan ditunjukkan di bawah ini:

  • –terinfeksi : Opsi ini menampilkan daftar semua file yang terinfeksi.
  • –hapus : Opsi ini menghapus semua file yang terinfeksi dari sistem Anda.
  • –rekursif : Opsi ini akan memindai semua direktori dan sub-direktori.

Misalnya, Anda dapat memindai direktori /etc dengan perintah berikut:

clamscan --infected --remove --recursive /etc

Anda akan melihat output berikut:

----------- SCAN SUMMARY -----------
Known viruses: 8908044
Engine version: 0.102.4
Scanned directories: 240
Scanned files: 754
Infected files: 0
Data scanned: 3.25 MB
Data read: 1.41 MB (ratio 2.30:1)
Time: 42.391 sec (0 m 42 s)

Anda dapat mencetak semua opsi yang tersedia dengan clamscan menggunakan perintah berikut:

clamscan -h

Anda akan mendapatkan output berikut:

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-536869121 1107305727 33554432 0 415 0;} @font-face {font-family:"Liberation Serif"; mso-font-alt:"Times New Roman"; mso-font-charset:1; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:"Droid Sans Fallback"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:FreeSans; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-alt:Cambria; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:0 0 0 0 0 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; mso-pagination:none; mso-hyphenate:none; font-size:12.0pt; font-family:"Liberation Serif",serif; mso-fareast-font-family:"Droid Sans Fallback"; mso-bidi-font-family:FreeSans; color:#00000A; mso-ansi-language:EN-IN; mso-fareast-language:ZH-CN; mso-bidi-language:HI;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:12.0pt; mso-ansi-font-size:12.0pt; mso-bidi-font-size:12.0pt; font-family:"Liberation Serif",serif; mso-ascii-font-family:"Liberation Serif"; mso-fareast-font-family:"Droid Sans Fallback"; mso-hansi-font-family:"Liberation Serif"; mso-bidi-font-family:FreeSans; mso-ansi-language:EN-IN; mso-fareast-language:ZH-CN; mso-bidi-language:HI;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} -->
                       Clam AntiVirus: Scanner 0.102.4
           By The ClamAV Team: https://www.clamav.net/about.html#credits
           (C) 2020 Cisco Systems, Inc.
 
    clamscan [options] [file/directory/-]
 
    --help                -h             Show this help
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr. Does not affect 'debug' messages.
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection
 
    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --gen-json[=yes/no(*)]               Generate JSON description of scanned file(s). JSON will be printed and also-
                                         dropped to the temp directory if --leave-temps is enabled.
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX
 
    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Enable email signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     Enable URL signature-based phishing detection
    --heuristic-alerts[=yes(*)/no]       Heuristic alerts
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --normalize[=yes(*)/no]              Normalize html, script, and text files. Use normalize=no for yara compatibility
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-xmldocs[=yes(*)/no]           Scan xml-based document files
    --scan-hwp3[=yes(*)/no]              Scan HWP3 files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --alert-broken[=yes/no(*)]           Alert on broken executable files (PE & ELF)
    --alert-encrypted[=yes/no(*)]        Alert on encrypted archives and documents
    --alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives
    --alert-encrypted-doc[=yes/no(*)]    Alert on encrypted documents
    --alert-macros[=yes/no(*)]           Alert on OLE2 files containing VBA macros
    --alert-exceeds-max[=yes/no(*)]      Alert on files that exceed max file size, max scan size, or max recursion limit
    --alert-phishing-ssl[=yes/no(*)]     Alert on emails containing SSL mismatches in URLs
    --alert-phishing-cloak[=yes/no(*)]   Alert on emails containing cloaked URLs
    --alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files containing partition intersections
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files
 
    --max-scantime=#n                    Scan time longer than this will be skipped and assumed clean
    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze
    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned
    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned
    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function
    --pcre-match-limit=#n                Maximum calls to the PCRE match function.
    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.
    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.
    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.

Kesimpulan

Dalam panduan di atas, Anda mempelajari cara menginstal ClamAV dan menggunakannya untuk menghapus berbagai jenis virus dari sistem Anda. Anda sekarang harus memiliki pengetahuan yang cukup untuk menggunakan ClamAV di lingkungan produksi untuk membersihkan sistem. Mulai ClamAV hari ini di VPS Hosting dari Atlantic.Net!


Linux
  1. Cara Menginstal MongoDB di Ubuntu 18.04 – Panduan untuk Pemula

  2. Cara Menginstal ClamAV di Debian 9 dan Memindai Kerentanan

  3. Bagaimana Cara Menginstal dan Mengonfigurasi Fail2ban di Ubuntu?

  1. Cara Menginstal PHP 7.4 dan 8.0 Di Ubuntu 18.04 atau 20.04

  2. Cara Menginstal Anaconda di Ubuntu 18.04 dan 20.04

  3. Cara menginstal dan mengkonfigurasi Elasticsearch di Ubuntu 18.04

  1. Cara Menginstal PostgreSQL di Ubuntu 20.04

  2. Cara Menginstal PostgreSQL 9.5 di Ubuntu (12.04 - 15.10)

  3. Cara memindai virus dengan ClamAV di Ubuntu 20.04