I-ClamAV: I-antivirus ebalulekileyo yomthombo ovulekileyo weLinux kunye neeseva

  • I-ClamAV yi-antivirus yasimahla kunye nevulelekileyo, ilungele i-GNU/Linux, iiseva kunye neenkqubo ezixubeneyo.
  • I-database yayo ihlaziywa rhoqo enkosi kuluntu olukhulu kunye nenkxaso yobungcali.
  • Ivumela ukuskena okucwangcisiweyo, ukudityaniswa kwiiseva zeposi, ulawulo oluphambili, kunye nokwenza ngokwezifiso ngokweemfuno.
Pablinux

Imizuzu ye10

ClamAV

Ukhuseleko lweKhompyutha sisihloko esiya sihambelana ngakumbi kwimekobume yedijithali yanamhlanje. Ukukhusela iintsholongwane, iiTrojani, kunye nezinye izoyikiso kube yinto ephambili kubo bobabini abasebenzisi babucala kunye namashishini. Ukugcina iinkqubo zikhuselekile ngundoqo ekunqandeni ukulahleka kwedatha, ukuphulwa kokhuseleko, okanye ukuphazamiseka kwenkonzo. Kulo mba, ukuba nezixhobo eziqinileyo nezithembekileyo ezifana ClamAV ibalulekile kukhuseleko olusebenzayo.

Enye yezona nkqubo zaziwa kakhulu kwaye zisetyenziswa ngokubanzi kwiinkqubo ze-antivirus zeLinux kunye ne-Unix yiClamAV ekhankanywe ngasentla. Nangona izenzele igama njengesisombululo esithandwayo kwiiseva zeposi kunye neenkqubo ze-GNU/Linux, ukufikelela kwayo kubanzi kakhulu, kunwenwela kwiiWindows kunye ne-macOS. Ukuba ujonge ukufunda ngakumbi malunga neClamAV, Indlela esebenza ngayo, apho igqwesa khona, kunye nendlela onokuyisebenzisa ngayoQhubeka ufunda kuba siza kukuxelela YONKE INTO, ukuya kutsho kwezona nkcukacha zincinci.

Yintoni iClamAV kwaye ivela phi?

I-ClamAV yi i-antivirus yomthombo ovulekileyo, enikwe ilayisenisi phantsi kwe-GPLv2, ijolise ekuboneni nasekususeni iintsholongwane, iiTrojani, i-malware, kunye nenye isoftware enobungozi. Imvelaphi yasePoland, iprojekthi yaqalwa nguTomasz Kojm ngo-2001, kwaye iye yaguquka ngokuthe ngcembe ukuze ibe luphawu kukhuseleko lweeseva kunye neenkqubo ezisekwe kwi-GNU/Linux. Kwi-2007, iqela lophuhliso lidityaniswe kwi-Sourcefire, kwaye kamva, kwi-2013, yaba yinxalenye yeCisco, apho ngoku igcinwe yicandelo layo le-cybersecurity, iTalos.

Ukususela ekusekweni kwayo, i-ClamAV iye yamkela ifilosofi yokusebenzisana, evulekileyo, necacileyo, eye yafumana inkxaso kwiiyunivesithi, iinkampani, kunye noluntu lwehlabathi lwabasebenzisi kunye nabaphuhlisi. Olu luntu lukhulu luqinisekisa impendulo ekhawulezayo kwizisongelo ezintsha kunye nedatha yedatha yentsholongwane ehlala ihlaziywa..

Iimpawu zobugcisa: yintoni eyenza ibe yinto ekhethekileyo?

IClamAV yiyo icwangciswe ikakhulu kwi-C kunye ne-C++. Ifumaneka ngokusemthethweni kwiinkqubo ezininzi zokusebenza, kuquka GNU/Linux, Windows, FreeBSD, OpenBSD, Solaris kunye neMacOS, ngaloo ndlela ivumela ukusetyenziswa kwayo kwiindawo ezahlukeneyo ezahlukeneyo. Kubalulekile ukuqaphela ukuba, nangona isetyenziswa kakhulu kwi-GNU/Linux, kukwakho ujongano lwegraphical kunye nokwahluka okulungiselelwe inkqubo nganye:

  • KlamAV yeemeko-bume ze KDE.
  • ClamXav ye-macOS.
  • ClamWin yeWindows.
  • Umphathi, yakutshanje kwaye enenjongo yokuthatha indawo yeClamTK.

Uyilo lweClamAV yi imodyuli, iyakala kwaye iyabhetyebhetyeAmandla ayo aphambili alele kuyo undoqo onemisonto emininzi kunye nokusetyenziswa kwenkqubo ye-daemon (i-clamav-daemon) ekhawulezisa ukuskena, iququzelele uhlalutyo lwangaxeshanye lweefayile ezininzi kunye nabalawuli ngaphandle kokucotha inkqubo.

Imisebenzi ephambili kunye nezinto eziluncedo

ClamAV Ekuqaleni yayiyilelwe ukuskena ii-imeyile kunye neziqhoboshelo, yiyo loo nto isetyenziswa kakhulu kwiiseva ze-imeyile ukubona nokuthintela ukusasazeka kwe-malware nge-imeyile. Ngokuhamba kwexesha, izicelo zayo ziye zanda, kwaye ngoku ivumela:

  • Yenza iskena esifunwayo okanye esicwangcisiweyo kwiifayile, abalawuli, kunye neenkqubo zonke
  • Ujongo lwexesha lokwenyani (kwi-GNU/Linux) lofikelelo lwefayile, ukubhaqwa kwangoko kunye nokuvalelwa kweefayile ezosulelekileyo.
  • Uhlaziyo oluzenzekelayo lwesiseko sedatha yentsholongwane ngenkonzo yeFreshClam
  • Ukuskena iifayile kunye noovimba abacinezelweyo kwiifomathi ezahlukeneyo ezinje ngeZIP, RAR, ARJ, TAR, GZ, BZ2, MS OLE2, CHM, CAB, BinHex, SIS okanye AutoIt, phakathi kwabanye.
  • Inkxaso yee-imeyile ezininzi kunye neefomati ezikhethekileyo zefayile (HTML, RTF, PDF, uuencode, TNEF, njl.)
  • Ukuvalelwa yedwa kunye nolawulo lweziphumo zobuxoki

Ukuhambelana kwayo kwefomathi ebanzi kunye nokugxila kwi isantya kunye nokusebenza kakuhle (ngaphezu kwama-850.000 abasayiniweyo abadwelisiweyo) benza I-ClamAV sisisombululo esomeleleyo nakwishishini kunye neendawo ezibalulekileyo.

Kutheni usebenzisa iClamAV kwiLinux?

Nangona kukho ukungaqondi okuqhelekileyo kokuba iinkqubo ze-GNU/Linux “azinazo iintsholongwane,” inyaniso yeyokuba, nangona ingaphantsi rhoqo kune-Windows, izoyikiso zikhona. Indima yeClamAV kwiLinux Ngokuqhelekileyo idibaniswe ngakumbi nomsebenzi wokuthintela kunye nokukhusela wezinye iinkqubo:

  • Ukuba wabelana ngeefayile okanye uthumele ii-imeyile kwiinkqubo zeWindows kwi-Linux server yakho, iClamAV ibona izoyikiso ezinokuchaphazela ezo khompyuter, nokuba iLinux yakho ayichaphazelekanga ngokuthe ngqo.
  • Kwimeko yoshishino, ukufumana iziqinisekiso zokhuseleko kunokufuna umaleko we-antivirus, kungakhathaliseki ukuba yiyiphi inkqubo yokusebenza.
  • Khangela usulelo kwiifayile ezikhutshelweyo, ekwabelwana ngazo, okanye ezigqithiselweyo, ukuthintela ukuba lijelo elingaziwayo losasazo lwe-malware.

I-ClamAV inceda ukumisa ukusasazeka kweefayile ezinobungozi kwaye iqinisekise imigangatho yokhuseleko nakwiinkqubo ezithathwa njengekhuselekile ngakumbi.

Ukufakela kunye nokuqaliswa kweClamAV

Ukufakela i-ClamAV kuyo nayiphi na i-GNU/Linux yokusasazwa kulula kakhulu, njengoko uninzi lubandakanya kwiindawo zabo zokugcina ezisemthethweni. I-Debian, Ubuntu, CentOS, RHEL kunye nezinto eziphuma kuzo zivumela ufakelo lomyalelo omnye:

  • Kwi-Ubuntu/Debian: sudo apt-get install clamav clamav-daemon.
  • Kwi-CentOS/RHEL: sudo yum install clamav (ifuna ukuba uvimba we-EPEL usebenze).
  • Ikhonkco: sudo pacman -S clamav.

Iphakheji iclamav-daemon Kubalulekile ukuba i-antivirus ikwazi ukusebenza njengenkonzo yangasemva (i-daemon), ngaloo ndlela ivumela ukuskena okuzenzekelayo kunye nexesha lokwenyani.

Ukuphuculwa kwesiseko sedatha

Nje ukuba ifakwe, inyathelo lokuqala elibalulekileyo hlaziya intsholongwane yedatha nge sudo freshclam. Oku ikhuphela kwaye isebenzise imisayino yamva nje ngokuzenzekelayoNgokuzenzekelayo, inkonzo ye-freshclam iyasebenza uhlaziyo iyure nganye, Ukuqinisekisa ukuba i-ClamAV ihlala ilungele ukubona izisongelo zamva nje.

Qala kwaye uvule i-daemon

Emva kofakelo kunye nohlaziyo, kwaye ukuba unqwenela, kufuneka yenza kwaye uqalise i-daemon yeClamAV:

  • Vuselela: sudo systemctl enable clamav-daemon
  • Qalisa: sudo systemctl start clamav-daemon

Kubalulekile ukukhumbula ukuba nangona inkonzo inokuvela 'njengesebenzayo', isenokuqalisaUkuba usebenzisa imiyalelo efana ne-clamdscan ngokukhawuleza emva kwe-boot, unokuhlangabezana neempazamo zexeshana. Ngesalathiso sendlela yokukhusela ngcono inkqubo yakho, bona izixhobo zokhuseleko kwi Linux.

Ungaqinisekisa ukuba i-daemon ilungile ngokujonga ukungena ngaphakathi /var/log/clamav/clamav.log okanye ukujonga ubukho besokethi ngaphakathi /var/run/clamav/clamd.ctl.

Ubumbeko oluqhelekileyo kunye nezicwangciso ezicetyiswayo

Nje ukuba ube neClamAV iphezulu kwaye isebenza, luluvo olulungileyo ukuhlengahlengisa ezinye iiparamitha ukunqanda iimpazamo kwaye ufumane okuninzi kuyo. Ukuphucula ukudibanisa kunye nokwenza kube lula ukulawula, unokufunda ngakumbi malunga .

  • Ukuskena njengengcambu kunye nokusebenzisa -fdpassNgokungagqibekanga, iClamAV isebenzisa umsebenzisi we-'clamav', ongenakho ukufikelela kuzo zonke iifayile. Kuvavanyo olubanzi, kufuneka usebenzise imiyalelo njengengcambu okanye sebenzisa i-sudo kwaye wongeze ukhetho --fdpass.
  • Ziphephe izilumkiso kubalawuli abakhethekileyo: Izalathisi ezifana /proc, /sys, /run, /dev, /snap, /var/lib/lxcfs/cgroup, /var/spool/postfix/private|public|dev zinokuvelisa izilumkiso kuba zineesokethi okanye iifayile ezikhethekileyo ezingenakwahlulwa. Ungabakhuphela ngaphandle usebenzisa umyalelo Ngaphandle kwePath en /etc/clamav/clamd.conf.
  • Ukuphindaphinda kuluhlu lwezalathisiUkuba isistim inabalawuli abaninzi abafakwe kwindlwane, umda wokuphinda ubuye (omiselweyo ngama-30) unokufikelelwa. Ungajonga ukuba mangaphi na amanqanaba okuzala akhoyo kwaye wandise iparamitha. MaxDirectoryRecursion ukuba kunyanzelekile.
  • Unxulumano kunye nesantya: Ngokungagqibekanga, inye kuphela inkqubo esetyenziswayo. Ibandakanya iinketho --fdpass --multiscan ukuthatha inzuzo yeecores ezininzi kunye nokukhawulezisa uhlalutyo.

Imizekelo esebenzayo yokusetyenziswa

  • Ukuskena uvimba weefayili okanye ifayile ethile: clamscan -r /ruta/del/directorio ('-r' uskena ngokuphindaphindiweyo)
  • Uhlalutyo lwenkqubo yonke: clamscan -r / (kungathatha ixesha ngokuxhomekeke kubungakanani bediski)
  • Bonisa kuphela iifayile ezosulelekileyo: clamscan --infected
  • Thumela iifayile zosulelo kwindawo yokuhlala yedwa: clamscan --move=/ruta/cuarentena

Kwiindawo ezinemithamo emikhulu yolwazi, kuyacetyiswa ukuba kusetyenziswe i-clamdscan kunye nedaemon, njengoko ikhawuleza kakhulu kuneclamscane ezimeleyo.

Ukuzenzekela kokuskena kunye nohlaziyo

Enye yeenzuzo zeClamAV yindlela ekulula ngayo ukucwangcisa iskeni rhoqo ukugcina inkqubo yakho icocekile ngamaxesha onke. Kukho iindlela ezimbini eziphambili zokuzenzela:

  • Ikron: Unokwenza imisebenzi ecwangcisiweyo eqhuba iskena mihla le, ngeveki, okanye ngalo naliphi na elinye ixesha, ugcine iziphumo kwifayile yelog ukuze uphononongwe kamva.
  • Izibali-xesha zeNkquboUkuba usebenzisa usasazo lwangoku, unokuthatha ithuba le-systemd timers ukuze ube bhetyebhetye ngakumbi (nokuba ulibaziseko olungenamkhethe ukunqanda ukusetyenziswa kobutyebi ngaxeshanye kwiiseva ezininzi).

Umzekelo, unokwenza inkonzo yesiko eqhuba umyalelo opheleleyo wokuskena ngeveki kwaye uqwalasele isaziso se-imeyile esizenzekelayo kwimeko yokusilela, zonke zilawulwa yi-systemd.

Ulawulo oluphezulu: izaziso zempazamo kunye nokwenza ngokwezifiso

Ukuba ufuna ukuthatha ukhuseleko kwinqanaba elilandelayo, kunokwenzeka Fumana izaziso ze-imeyile ezizenzekelayo malunga neengxaki kunye nohlalutyo lwamaxesha ngamaxeshaUkwenza oku, yenza ngokulula iskripthi esirekhoda ubume benkonzo emva kokuphunyezwa ngakunye kwaye usebenzise isixhobo sokuposa (esifana ne-mailx okanye i-sendmail) ukukwazisa ngako nakuphi na ukusilela. Iinkonzo ze-Systemd kunye nenkqubo yesibali-xesha ivumela udibaniso oluhle kunye noluqilima lo msebenzi.

Ngaphezu koko, kunye ne iinkuni ezineenkcukacha eveliswa yiClamAV, unokuphicotha imbali yokuskena, ubone ukuba izoyikiso zichongiwe nini, kwaye uhlengahlengise ngakumbi iiparamitha zokusebenza kunye nokukhutshelwa ngokusekwe kusetyenziso lwenkqubo yakho ethile.

Ilayisensi kunye neminikelo

UClamAV uyonwabela a Ilayisensi ye-GPLv2, oku kuthetha ukuba ukusetyenziswa kwayo kukhululekile ngokupheleleyo, zombini kwinqanaba lomntu kunye nezobugcisa. Uphuhliso lwayo oluvulekileyo luvumela nabani na ukuba anikele ngekhowudi, ukuphuculwa okanye uxwebhu.. Ukongeza, ibandakanya amacandelo akhethekileyo phantsi kweelayisensi ezihambelanayo ezifana ne-Apache, MIT, BSD, kunye ne-LGPL, inika ukuguquguquka okukhulu kunye nokomelela. Umzekelo, ibandakanya iimodyuli ezinje ngeYara (yemithetho yesiko), zlib, bzip2, libmspack, kunye nezinye, zonke eziyimfuneko ekuhlalutyeni iifayile ezicinezelekileyo kunye neentlobo ezintsonkothileyo zemalware.

Uluntu lweClamAV lusebenza kakhulu. Unokufikelela kwiimanyuwali, izikhokelo zokubhala iisignesha zesiko, ukuthatha inxaxheba kuluhlu lokuposa, iingxoxo zeDiscord, kunye negalelo ekuphuculeni iprojekthi ngokusebenzisa amaqonga afana neGitHub.

Inguqulelo kunye nendaleko

Umjikelo wokukhululwa weClamAV usebenza kakhulu. Iinguqulelo ezizinzileyo kunye ne-beta zikhutshwa rhoqo, zilungisa iziphene kunye nokongeza izinto ezintsha. I-database ye-malware ihlaziywa amaxesha amaninzi ngosuku, kwaye zonke izinto ezintsha zibhengezwa kwiblogi esemthethweni kunye namanye amajelo asekuhlaleni. Ukukhutshwa kwamva nje kubandakanya ukuhambelana okuphuculweyo kunye nolwakhiwo lwangoku (x86_64, ARM64), udibaniso lweDocker, kunye nokulula kofakelo kusetyenziswa iipakethe zenkqubo ethile yokusebenza.

I-ClamAV iye yaba ngumgangatho we-de facto kwiiseva ezininzi ze-Linux kunye neziseko zothungelwano lweshishini kwihlabathi liphela., ngenxa yolu tshintsho oluqhubekayo kunye nokuphendula ngokukhawuleza kwiisongelo ezintsha.

I-ClamAV yabaPhuhlisi kunye nabalawuli: Ukudibanisa kunye neNkxaso

Ukongeza ekusebenziseni ngokuthe ngqo njenge-antivirus, iClamAV ikwayiyo i-injini yokuhlalutya enokwenzeka kwaye iguquguqukayo I-Docker inokudityaniswa ngokulula kwizisombululo zenkampani okanye izixhobo zakho. Amaxwebhu obugcisa kunye neencwadana ze-intanethi zigubungela yonke into ukusuka kufakelo olusisiseko kunye noqwalaselo ekudaleni imisayino yesiko kunye nohlalutyo oluphambili. Kukho izinto eziluncedo ezithile zokusebenza kunye neDocker, ezipakishwe kuzo zonke iinkqubo, kunye ne-API evumela ukusebenzisana kwenkqubo kunye nenjini.

Inkxaso yabaphuhlisi kunye nabalawuli igqwesile, ukusuka kwiiforam, uluhlu lokuposa, kunye neengxoxo zoluntu ukuya kugcino lwedatha olubanzi lwamaxwebhu kunye nenkqubo yokulandelela ibug kunye nesicelo.

Izinto eziluncedo kunye nemida enokwenzeka yeClamAV

Amandla:

  • 100% umthombo ovulekileyo, simahla kwaye ngaphandle kwentengiso
  • I-Multiplatform kwaye idibanisa ngokulula
  • Uluntu olukhulu, uhlaziyo oluqhubekayo, kunye nokuphendula ngokukhawuleza kwizisongelo ezintsha
  • Ukukwazi ukuskena iintlobo ngeentlobo zeefomati, kubandakanya iifayile ezixinanisiweyo
  • Ifanelekile kwi-forensics, iiseva zeposi, ukwabelana ngefayile, kunye nokunye

Unyino olunokwenzeka:

  • Ayibandakanyi, ngokungagqibekanga, iimpawu eziphambili eziqhelekileyo zezisombululo zorhwebo (ukhuseleko lwewebhu, i-firewall, i-sandboxing, njl.
  • Ukufunyaniswa kwayo, nangona kusebenza, kunokugqithwa zezinye izisombululo kwicandelo le-desktop kubasebenzisi basekhaya ukuba ufuna ukhuseleko olupheleleyo, lwexesha lokwenyani (kwi-Linux, ukukhuselwa ekufikeleleni kuyakhethwa kwaye kufuna uqwalaselo olongezelelweyo).

Ngayiphi na imeko, I-ClamAV sisixhobo esisebenzayo kakhulu sokufunyanwa kwe-malware ekhawulezayo, ngakumbi kwiiseva kunye neendawo ekwabelwana ngazo..

ClamAV Sisisombululo esomeleleyo se-antivirus, bhetyebhetye, kunye noluntu oludlamkileyo emva kwayo. Ikhono layo lokuziqhelanisa phantse nakuphi na okusingqongileyo kunye nesantya apho uluntu luhlaziya utyikityo lwalo luyenza ibe yenye yezona ndlela zibalaseleyo zokukhusela iinkqubo zeLinux, iiseva ze-imeyile, kunye neefayile ekwabelwana ngazo. Ukuba ujonge isixhobo sasimahla, esinamandla, kwaye sihlala sisexesheni, iClamAV liqabane elikhulu ekufuneka liqwalaselwe.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.