Installasi Antivirus ClamAV di Centos

Pada dasarnya sampai saat ini sistem operasi linux tidak terpengaruh oleh virus-virus yang berada di sistem operasi Windows, akan tetapi virus dapat tersimpan dalam linux. Misalnya ftp server kita ada yang upload file yang terkena virus dari windows, maka file akan tetap tersimpan di linux akan tetapi virus tersebut tidak akan berpengaruh.
Tetapi kalau ada orang lain mendownload file tersebut dan dipakai di sistem operasi windows maka virus akan aktif dan menjalankan fungsi yang umumnya merugikan user.
Untuk itu, ada sebuah program antivirus di linux yang sangat dikenal yaitu ClamAV yang dapat diperoleh info lengkapnya di http://www.clamav.net

adapun tahapan instalasinya yaitu :
1. Download source aplikasi dari website clamav, dan saat ini versi stable yang terakhir yaitu dapat didownload melalui http://downloads.sourceforge.net/clamav/clamav-0.95.2.tar.gz
# wget http://downloads.sourceforge.net/clamav/clamav-0.95.2.tar.gz
# tar -xvzf clamav-0.95.2.tar.gz
2. Buat user untuk menjalankan clamav dahulu

# groupadd clamav
# useradd clamav -g clamav -c “Clam Antivirus” -s /nonexistent
3. Lakukan konfigurasi
# cd clamav-0.95.2
# ./configure
# make
# make install
4. cek hasil instalasi
Setelah install selesai di point 3, maka dapat dilakukan pengecekan clamav, yaitu dengan cara :

# clamscan -r -l scan.log clamav-95.2

dimana akan melakukan scaning atas folder source clamav secara recursive dan hasilnya di tulis di file scan.log

——————————————————————————-

clamav-0.95.2/libclamav/version.h: Empty file
clamav-0.95.2/libclamav/version.h.tmp: Empty file
clamav-0.95.2/test/clam.tnef: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe.mbox.uu: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-v2.rar: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe.html: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-upack.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-fsg.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe.szdd: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.zip: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-wwpack.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.sis: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-upx.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-aspack.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe.binhex: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe.rtf: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.mail: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.arj: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.ea06.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-v3.rar: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-pespin.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.d64.zip: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.cab: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.ea05.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.chm: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-petite.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.exe.mbox.base64: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-nsis.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.ole.doc: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.ppt: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam-mew.exe: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.tar.gz: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.pdf: ClamAV-Test-File FOUND
clamav-0.95.2/test/clam.impl.zip: ClamAV-Test-File FOUND

———– SCAN SUMMARY ———–
Known viruses: 572031
Engine version: 0.95.2
Scanned directories: 61
Scanned files: 1317
Infected files: 33
Data scanned: 52.38 MB
Data read: 44.60 MB (ratio 1.17:1)
Time: 12.786 sec (0 m 12 s)

dari hasil diatas dapat dilihat bahwa clamav berjalan dengan baik dan menemukan virus demo di folder test.
5. Testing program clamav daemon

lakukan konfigurasi file “/usr/local/etc/clamav.conf”
# vi /usr/local/etc/clamav.conf
hapus baris “example” pada file tersebut dan jalankan perintah scan

# clamdscan -l scan.log clamav-0.95.2
dimana hasilnya akan sama dengan point 4, hanya beda sedit tentang summarynya saja.
6. Update data antivirusnya

buat tempat logfile

# touch /var/log/clam-update.log
# chmod 600 /var/log/clam-update.log
# chown clamav /var/log/clam-update.log

Jalankan perintah update

# freshclam -d -c 6 -1 /var/log/clam-update.log
dimana artinya yaitu menjalankan update database antivirusnya yang dilakukan setiap hari sebanyak 6 kali.

apabila dijalankan di belakang firewall :

ClamAV update process started at Wed Sep  9 21:11:45 2009
WARNING: Can’t query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): WARNING: Can’t get information about database.clamav.net: Temporary failure in name resolution
WARNING: Can’t read main.cvd header from database.clamav.net (IP: )
Trying again in 5 secs…
ClamAV update process started at Wed Sep  9 21:11:50 2009
WARNING: Can’t query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): WARNING: Can’t get information about database.clamav.net: Temporary failure in name resolution
WARNING: Can’t read main.cvd header from database.clamav.net (IP: )
Trying again in 5 secs…
ClamAV update process started at Wed Sep  9 21:11:55 2009
WARNING: Can’t query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): ERROR: Can’t get information about database.clamav.net: Temporary failure in name resolution
WARNING: Can’t read main.cvd header from database.clamav.net (IP: )
Giving up on database.clamav.net…
Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

agar bisa jalan walaupun dibelakang firewall, maka perlu diseting HTTPproxynya yaitu di file “/usr/local/etc/freshclam.conf”

# Proxy settings
# Default: disabled
HTTPProxyServer proxyserver
HTTPProxyPort proxyport
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

kalau dilihat di log file “/var/log/clam-update.log”, maka isinya dapat seperti ini :

————————————–
freshclam daemon 0.95.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep  9 21:17:54 2009
WARNING: Can’t query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Connecting via proxyserver
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
Connecting via proxyserver
Reading CVD header (daily.cvd): OK (IMS)
daily.cvd is up to date (version: 9788, sigs: 77535, f-level: 43, builder: ccordes)
————————————–
7. Jalankan scrip update data antivirus setiap centos startup

# vi /etc/rc.local

tambahkan baris berikut (sesuai point 6)

freshclam -d -c 6 -1 /var/log/clam-update.log
8. Lakukan scaning virus secara otomatis setiap jam 6 pagi dengan crantab

# vi /etc/cron.d/clamav.cron

isikan dengan baris berikut :

0 6 * * * root /usr/local/bin/clamscan -r /home/

yang artinya , dengan cron dilakukan scan virus setiap jam 6 pagi di folder /home/ secara recursive

selesai

Selamat Mencoba

source : http://kusprayitna.staff.uii.ac.id

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: