I-ClamAV: I-antivirus ebalulekile yomthombo ovulekile we-Linux namaseva

  • I-ClamAV iyi-antivirus yamahhala nemithombo evulekile, elungele i-GNU/Linux, amaseva nezinhlelo ezixubile.
  • Isizindalwazi saso sivuselelwa njalo ngenxa yomphakathi omkhulu nokusekelwa kochwepheshe.
  • Ivumela ukuskena okuhleliwe, ukuhlanganiswa kumaseva e-imeyili, ukuphatha okuthuthukisiwe, nokwenza ngokwezifiso kuye ngezidingo.
Pablinux

Imizuzu ye-10

I-ClamAV

Ukuphepha kwekhompyutha kuyisihloko esiya ngokuya sihambisana endaweni yedijithali yanamuhla. Ukuvikela kumagciwane, ama-Trojan, nezinye izinsongo sekuyinto ehamba phambili kubo bobabili abasebenzisi abazimele namabhizinisi. Ukugcina amasistimu evikelekile kuyisihluthulelo sokugwema ukulahleka kwedatha, ukwephulwa kwezokuphepha, noma iziphazamiso zesevisi. Mayelana nalokhu, ukuba namathuluzi aqinile futhi anokwethenjelwa njenge I-ClamAV kubalulekile ekuvikelekeni okusebenzayo.

Enye yezinhlelo ezaziwa kakhulu nezisetshenziswa kabanzi zomthombo ovulekile wokuvikela amagciwane ku-Linux nezinhlelo ze-Unix yi-ClamAV eshiwo ngenhla. Nakuba izakhele udumo njengesixazululo esithandwayo samaseva e-imeyili nezinhlelo ze-GNU/Linux, ukufinyelela kwayo kubanzi kakhulu, kudlulela ku-Windows naku-macOS. Uma ufuna ukufunda okwengeziwe ngeClamAV, Isebenza kanjani, iphumelela kuphi, nokuthi ungayisebenzisa kanjaniQhubeka ufunda ngoba sizokutshela YONKE INTO, kuze kufike emininingwaneni emincane kakhulu.

Iyini i-ClamAV futhi ivelaphi?

I-ClamAV iyi-a i-antivirus yomthombo ovulekile, enikezwe ilayisense ngaphansi kwe-GPLv2, ihloselwe ukuthola nokukhipha amagciwane, ama-Trojan, uhlelo olungayilungele ikhompuyutha, nenye isofthiwe eyingozi. Isuka e-Poland, iphrojekthi yaqalwa ngu-Tomasz Kojm ngo-2001, futhi iye yathuthuka kancane kancane ukuze ibe uphawu lokuvikela ngokuyinhloko amaseva nezinhlelo ezisekelwe ku-GNU/Linux. Ku-2007, ithimba lezokuthuthukiswa lahlanganiswa ku-Sourcefire, futhi kamuva, ku-2013, laba yingxenye ye-Cisco, lapho manje ligcinwa yi-cybersecurity division, i-Talos.

Selokhu yasungulwa, i-ClamAV yamukele ifilosofi yokusebenzisana, evulekile, nesobala, eyitholele ukusekelwa amanyuvesi, izinkampani, kanye nomphakathi womhlaba wonke wabasebenzisi nabathuthukisi. Lo mphakathi omkhulu uqinisekisa ukusabela okusheshayo ezinsongweni ezintsha kanye nesizindalwazi segciwane esihlala sivuselelwa..

Izici zobuchwepheshe: yini eyenza ikhetheke?

I-ClamAV i ihlelwe ngokuyinhloko ngo-C no-C++. Itholakala ngokusemthethweni kumasistimu wokusebenza amaningi, okuhlanganisa I-GNU/Linux, iWindows, iFreeBSD, i-OpenBSD, iSolaris ne-macOS, ngaleyo ndlela ivumela ukusetshenziswa kwayo ezindaweni ezihlukahlukene ezihlukahlukene. Kubalulekile ukuqaphela ukuthi, nakuba isetshenziswa kakhulu ku-GNU/Linux, kukhona futhi i-graphical interfaces nokuhluka okuklanyelwe uhlelo ngalunye:

  • I-KlamAV yezindawo ze-KDE.
  • I-ClamXav ye-macOS.
  • I-ClamWin yeWindows.
  • Kapitano, yakamuva futhi ehlose ukuthatha indawo ye-ClamTK.

Isakhiwo seClamAV si modular, scalable futhi nezimoAmandla ayo amakhulu alele kuwo i-multithreaded core kanye nokusetshenziswa kwenqubo ye-daemon (i-clamav-daemon) esheshisa ukuskena, yenza kube lula ukuhlaziya ngasikhathi sinye amafayela amaningi nezinkomba ngaphandle kokunciphisa isistimu.

Imisebenzi esemqoka nezinsiza

I-ClamAV Yayiklanyelwe ukuskena ama-imeyili nezinanyathiselwa, yingakho isetshenziswa kakhulu eziphakelini ze-imeyili ukuze kutholwe futhi kuvinjwe ukusabalala kohlelo olungayilungele ikhompuyutha nge-imeyili. Ngokuhamba kwesikhathi, izicelo zayo ziye zanda, futhi okwamanje kuvumela lokhu:

  • Yenza ukuskena okudingekayo kakhulu noma okuhleliwe kumafayela, izinkomba, kanye namasistimu wonke
  • Ukuqapha kwesikhathi sangempela (ku-GNU/Linux) kokufinyelela kwefayela, ukutholwa ngokushesha kanye nokuhlukaniswa kwamafayela anegciwane
  • Ukuvuselelwa okuzenzakalelayo kwesizindalwazi esisayinda igciwane ngesevisi ye-FreshClam
  • Ukuskena amafayela nezingobo zomlando ezicindezelwe ngamafomethi ahlukahlukene njenge-ZIP, i-RAR, i-ARJ, i-TAR, i-GZ, i-BZ2, i-MS OLE2, i-CHM, i-CAB, i-BinHex, i-SIS noma i-AutoIt, phakathi kwabanye.
  • Ukusekelwa kwamafomethi amaningi we-imeyili namafayili akhethekile (HTML, RTF, PDF, uuencode, TNEF, njll.)
  • Ukuvalelwa kanye nokuphathwa kwezinto ezingamanga

Ukuhambisana kwefomethi yayo ebanzi nokugxila kuyo isivinini nokusebenza kahle (angaphezulu kuka-850.000 amasiginesha asohlwini) enza I-ClamAV iyisixazululo esiqinile ngisho nebhizinisi nezindawo ezibucayi.

Kungani usebenzisa i-ClamAV ku-Linux?

Nakuba kunombono oyiphutha ovamile wokuthi izinhlelo ze-GNU/Linux "azinawo amagciwane," iqiniso liwukuthi, nakuba zingavamile kakhulu kune-Windows, zikhona izinsongo. Indima ye-ClamAV ku-Linux Ivamise ukuxhunyaniswa kakhulu nomsebenzi wokuvimbela nowokuvikela wezinye izinhlelo:

  • Uma wabelana ngamafayela noma uthumela ama-imeyili ezinhlelweni ze-Windows kuseva yakho ye-Linux, i-ClamAV ithola izinsongo ezingase zithinte lawo makhompyutha, ngisho noma i-Linux yakho ingekho ebucayini ngokuqondile.
  • Esimeni sebhizinisi, ukuthola izitifiketi zokuphepha kungase kudinge isendlalelo se-antivirus, kungakhathaliseki ukuthi isistimu yokusebenza.
  • Thola ukutheleleka kumafayela alandiwe, okwabelwana ngawo, noma adlulisiwe, ukugwema ukuba yisiteshi esingaqondile sokusakazwa kwe-malware.

I-ClamAV isiza ukumisa ukusabalala kwamafayela anonya futhi iqinisekise izindinganiso zokuphepha ngisho nakumasistimu abhekwa njengevikeleke kakhulu.

Ukufakwa kanye nokuqaliswa kwe-ClamAV

Ukufaka i-ClamAV kunoma yikuphi ukusatshalaliswa kwe-GNU/Linux kulula kakhulu, njengoba iningi likufaka kumakhosombe abo asemthethweni. I-Debian, Ubuntu, CentOS, RHEL kanye nokuphuma kokunye kuvumela ukufakwa komyalo owodwa:

  • Ku-Ubuntu/Debian: sudo apt-get install clamav clamav-daemon.
  • Ku-CentOS/RHEL: sudo yum install clamav (idinga ukuthi inqolobane ye-EPEL inikwe amandla).
  • Ikhothamo: sudo pacman -S clamav.

Iphakheji i-clamav-daemon Kubalulekile ukuthi i-antivirus ikwazi ukusebenza njengesevisi yangemuva (i-daemon), ngaleyo ndlela ivumele ukuskena okuzenzakalelayo nesikhathi sangempela.

Ukuthuthukiswa kwesisekelo sedatha

Uma isifakiwe, isinyathelo sokuqala esibalulekile buyekeza i-virus database con sudo freshclam. Lokhu ukulanda futhi isebenzise amasiginesha akamuva ngokuzenzakalelayoNgokuzenzakalelayo, isevisi ye-freshclam iyasebenza ibuyekeza njalo ngehora, iqinisekisa ukuthi i-ClamAV ihlala ilungele ukuthola izinsongo zakamuva.

Qala futhi uvule i-daemon

Ngemuva kokufaka nokuvuselela, futhi uma uthanda, kufanele vumela futhi uqale i-daemon ye-ClamAV:

  • Nika amandla: sudo systemctl enable clamav-daemon
  • Qala: sudo systemctl start clamav-daemon

Kubalulekile ukukhumbula ukuthi nakuba isevisi ingase ibonakale 'njengesebenzayo', kungenzeka ukuthi isaqalaUma usebenzisa imiyalo efana ne-clamdscan ngokushesha kakhulu ngemva kokuqalisa, ungase uhlangabezane namaphutha esikhashana. Ukuze uthole ireferensi yokuthi ungayivikela kanjani kangcono isistimu yakho, bheka amathuluzi okuphepha ku-Linux.

Ungaqinisekisa ukuthi i-daemon isilungile ngokuhlola ukungena ngemvume /var/log/clamav/clamav.log noma ukuhlola ubukhona besokhethi phakathi /var/run/clamav/clamd.ctl.

Ukucushwa ngokwezifiso nezilungiselelo ezinconyiwe

Uma usune-ClamAV esebenzayo, kuwumqondo omuhle ukulungisa amapharamitha athile ukuze ugweme amaphutha futhi uthole okuningi kuyo. Ukuze uthuthukise ukuhlanganisa nokwenza kube lula ukuphatha, ungafunda kabanzi mayelana .

  • Ukuskena njengempande nokusebenzisa -fdpassNgokuzenzakalelayo, i-ClamAV isebenzisa umsebenzisi we-'clamav', ongakwazi ukufinyelela wonke amafayela. Ukuze uthole ukuskena okuphelele, kufanele usebenzise imiyalo njengempande noma usebenzise i-sudo bese wengeza inketho --fdpass.
  • Gwema izexwayiso kunkhombandlela ekhethekile: Imibhalo efana /proc, /sys, /run, /dev, /snap, /var/lib/lxcfs/cgroup, /var/spool/postfix/private|public|dev ingase ikhiqize izexwayiso ngoba iqukethe amasokhethi noma amafayela akhethekile angakwazi ukuncuzulwa. Ungabakhipha usebenzisa isiyalelo Khipha iPath en /etc/clamav/clamd.conf.
  • Ukuphinda kuhlu lwemibhalo olufakwe esidlekeniUma isistimu inezinhla zemibhalo eziningi ezifakiwe, umkhawulo wokuphindaphinda (okuzenzakalelayo 30) ungase ufinyelelwe. Ungahlola ukuthi mangaki amaleveli akhona futhi wandise ipharamitha. I-MaxDirectoryRecursion uma kunesidingo.
  • Ukufana nesivinini: Ngokuzenzakalelayo, kusetshenziswa inqubo eyodwa kuphela. Kuhlanganisa izinketho --fdpass --multiscan ukusizakala ngama-cores amaningi futhi usheshise ukuhlaziya.

Izibonelo ezisebenzayo zokusetshenziswa

  • Iskena uhla lwemibhalo oluthile noma ifayela: clamscan -r /ruta/del/directorio ('-r' iskena ngokuphindaphindiwe)
  • Ukuhlaziywa kwalo lonke uhlelo: clamscan -r / (kungathatha isikhashana kuye ngosayizi wediski)
  • Bonisa amafayela anegciwane kuphela: clamscan --infected
  • Thumela amafayela angenwe yileli gciwane ukuze avalelwe yedwa: clamscan --move=/ruta/cuarentena

Ezindaweni ezinomthamo omkhulu wolwazi, kuyanconywa ukuthi zisetshenziswe i-clamdscan kanye ne-daemon, njengoba ishesha kakhulu kune-clamscane ezimele.

Ukuzenzakalela kokuskena nezibuyekezo

Enye yezinzuzo ze-ClamAV ukuthi kulula kangakanani ukuhlela izikena ezijwayelekile ukuze ugcine isistimu yakho ihlanzekile ngaso sonke isikhathi. Kunezinketho ezimbili eziyinhloko ze-automation:

  • I-Cron: Ungadala imisebenzi ehleliwe esebenzisa iskena nsuku zonke, masonto onke, nanoma yisiphi esinye isikhawu, ugcina imiphumela kufayela lokungena ukuze ibuyekezwe kamuva.
  • Izibali-zikhathi zesistimuUma usebenzisa ukusatshalaliswa kwesimanjemanje, ungasebenzisa okuhle kwezibali-sikhathi zesistimu ukuze ube nezimo ezithe xaxa (ngisho nokubambezeleka okungahleliwe ukuze ugweme ukukhuphuka kokusetshenziswa kwensiza ngesikhathi esisodwa kumaseva amaningi).

Isibonelo, ungakha isevisi yangokwezifiso esebenzisa umyalo wokuskena ogcwele masonto onke futhi ilungise isaziso se-imeyili esizenzakalelayo uma kwenzeka yehluleka, konke kulawulwa yi-systemd.

Ukuphatha okuthuthukile: izaziso zamaphutha nokwenza ngokwezifiso

Uma ufuna ukuyisa ukuphepha ezingeni elilandelayo, kungenzeka Thola izaziso ze-imeyili ezizenzakalelayo mayelana nezinkinga zokuhlaziya ngezikhathi ezithileUkuze wenze lokhu, mane udale umbhalo orekhoda isimo sesevisi ngemva kokwenza ngakunye futhi usebenzise ithuluzi lokuposa (elifana ne-mailx noma i-sendmail) ukuze ukwazise nganoma yikuphi ukwehluleka. Izinsizakalo ze-Systemd nohlelo lwesikhathi luvumela ukuhlanganiswa okuhle nokuqinile kwalokhu kusebenza.

Ngaphezu kwalokho, nge izingodo ezinemininingwane ekhiqizwa yi-ClamAV, ungahlola umlando wokuskena, ubone ukuthi izinsongo zitholwe nini, futhi uqhubeke ulungisa amapharamitha okusebenza nawokuvala ngokusekelwe ekusebenziseni kwakho isistimu ethile.

Ilayisensi neminikelo

I-ClamAV ijabulela a Ilayisense ye-GPLv2, okusho ukuthi ukusetshenziswa kwayo kumahhala ngokuphelele, kokubili ezingeni lomuntu siqu nelomsebenzi. Ukuthuthuka kwayo okuvulekile kuvumela noma ngubani ukuthi anikele ngekhodi, ukuthuthukiswa noma imibhalo.. Ngaphezu kwalokho, ihlanganisa izingxenye ezihlukile ezingaphansi kwamalayisensi ahambisanayo njenge-Apache, MIT, BSD, ne-LGPL, okukunikeza ukuguquguquka okukhulu nokuqina. Isibonelo, ihlanganisa amamojula afana ne-Yara (yemithetho yangokwezifiso), i-zlib, i-bzip2, i-libmpack, namanye, wonke abalulekile ekuhlaziyeni amafayela acindezelwe nezinhlobo eziyinkimbinkimbi ze-malware.

Umphakathi we-ClamAV usebenza kakhulu. Ungafinyelela kumamanuwali, imihlahlandlela yokubhala amasiginesha ngokwezifiso, ubambe iqhaza ohlwini lwama-imeyili, ezingxoxweni ze-Discord, futhi ufake isandla ekuthuthukiseni iphrojekthi ngezinkundla ezifana ne-GitHub.

Inguqulo nokuziphendukela kwemvelo

Umjikelezo wokukhishwa kwe-ClamAV usebenza kakhulu. Izinguqulo ezizinzile neze-beta zikhishwa njalo, zilungisa iziphazamisi futhi zengeze izici ezintsha. Isizindalwazi se-malware sibuyekezwa izikhathi ezimbalwa ngosuku, futhi zonke izici ezintsha zimenyezelwa kubhulogi esemthethweni nakwezinye iziteshi zomphakathi. Ukukhishwa kwakamuva kufaka phakathi ukuhambisana okuthuthukisiwe nezakhiwo zesimanje (x86_64, ARM64), ukuhlanganiswa kwe-Docker, kanye nokufaka kalula kusetshenziswa amaphakheji aqondene nesistimu yokusebenza.

I-ClamAV isiphenduke indinganiso ye-de facto kumaseva amaningi e-Linux nengqalasizinda yenethiwekhi yebhizinisi emhlabeni jikelele., ngenxa yalokhu kuziphendukela kwemvelo okuqhubekayo kanye nokusabela okusheshayo ezinsongweni ezintsha.

I-ClamAV Yonjiniyela Nabaphathi: Ukuhlanganiswa Nokusekela

Ngaphezu kokusetshenziswa kwayo okuqondile njenge-antivirus, i-ClamAV iphinde ibe yi- ngokwezifiso kanye nezimo injini yokuhlaziya I-Docker ingahlanganiswa kalula nezixazululo zebhizinisi noma amathuluzi akho. Imibhalo yezobuchwepheshe kanye namamanuwali aku-inthanethi ahlanganisa yonke into kusukela ekufakweni okuyisisekelo nokucushwa kuya ekudaleni amasiginesha ngokwezifiso nokuhlaziya okuthuthukile. Kukhona izinsiza ezithile zokusebenza ne-Docker, ezipakishwe kuwo wonke amasistimu, kanye ne-API evumela ukusebenzisana okuhleliwe nenjini.

Ukwesekwa konjiniyela nabaphathi kuhle kakhulu, kusukela ezingosini, uhlu lwamakheli, nezingxoxo zomphakathi kuya kusizindalwazi esiphelele semibhalo ngisho nesiphazamisi nesistimu yokulandelela isicelo.

Izinzuzo kanye nokulinganiselwa okungenzeka kwe-ClamAV

Amandla:

  • 100% umthombo ovulekile, mahhala futhi ngaphandle kokukhangisa
  • I-Multiplatform futhi ihlanganiswe kalula
  • Umphakathi omkhulu, izibuyekezo eziqhubekayo, kanye nokusabela okusheshayo ezinsongweni ezintsha
  • Ikhono lokuskena izinhlobo eziningi zamafomethi, kufaka phakathi amafayela acindezelwe ayinkimbinkimbi
  • Ilungele ama-forensics, amaseva e-imeyili, ukwabelana ngamafayela, nokuningi

Imikhawulo engaba khona:

  • Akubandakanyi, ngokuzenzakalelayo, izici ezithuthukile ezijwayelekile zezixazululo zezentengiso (ukuvikelwa kwewebhu, i-firewall, i-sandboxing, njll.)
  • Ukutholwa kwayo, nakuba kusebenza kahle, kungase kudlulwe ezinye izixazululo esigabeni sedeskithophu kubasebenzisi basekhaya uma ufuna ukuvikela okugcwele, kwesikhathi sangempela sokusebenza (ku-Linux, ukuvikela ekufinyeleleni kuyinketho futhi kudinga ukucushwa okwengeziwe).

Kunoma yikuphi, I-ClamAV iyithuluzi elisebenza kahle kakhulu lokuthola ngokushesha uhlelo olungayilungele ikhompuyutha, ikakhulukazi kumaseva nasezindaweni okwabelwana ngazo..

I-ClamAV Kuyisixazululo esiqinile se-antivirus, eguquguqukayo, futhi enomphakathi onohlonze ngemuva kwayo. Ikhono layo lokuzivumelanisa cishe nanoma iyiphi indawo kanye nesivinini umphakathi obuyekeza ngaso amasiginesha awo kuyenza ibe enye yezinketho ezingcono kakhulu zokuvikela izinhlelo ze-Linux, amaseva e-imeyili, namafayela abelwe. Uma ufuna ithuluzi lamahhala, elinamandla, nelihlala lisesikhathini samanje, i-ClamAV inguzakwethu omuhle ongacatshangelwa.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.