python 使用ClamAV实现病毒扫

2023-01-31 05:41

短信预约 -IT技能 免费直播动态提醒

首先安装clamav

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

sed -i 's/^Example/#Example/g' /etc/freshclam.conf #必须关闭Example 否则启动会失败

sed -i 's/^Example/#Example/g' /etc/clamd.d/scan.conf

systemctl enable clamd@scan

ln -s /usr/lib/systemd/system/clamd@scan.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service

修改配置

cat /etc/clamd.d/scan.conf |grep -v "#"|grep -v "^$"

LogSyslog yes

LocalSocket /var/run/clamd.scan/clamd.sock #使用本地socket

TCPAddr 0.0.0.0 #监听地址

User clamscan

AllowSupplementaryGroups yes

更新病毒库

/usr/bin/freshclam

启动

systemctl start clamd@scan

systemctl status clamd@scan

##注意：被检测的机器必须安装并启动clamd@scan 3310端口正常才能被下面例子中的脚本检测

安装pyClamd

下载模块

打开 https://pypi.org/project/pyClamd/#files

wget https://files.pythonhosted.org/packages/13/73/97a0518b59f1b6aefa2ac851566038d2c9128f8a5503bcf4cd0adf8b0072/pyClamd-0.4.0.tar.gz

tar zxf pyClamd-0.4.0.tar.gz

cd pyClamd-0.4.0

python setup.py install

检测脚本示例：

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import time
import pyclamd
from threading import Thread

class Scan(Thread):
        def __init__ (self,IP,scan_type,file):
                Thread.__init__(self)
                self.IP=IP
                self.scan_type=scan_type
                self.file=file
                self.connstr=""
                self.scanresult=""

        def run(self):
                try:
                        cd=pyclamd.ClamdNetworkSocket(self.IP,3310)
                        if cd.ping():
                                self.connstr=self.IP+" connection [ok]"
                                cd.reload()
                                if self.scan_type=="contscan_file":
                                        self.scanresult="{0}\n".format(cd.contscan_file(self.file))
                                elif self.scan_type=="multiscan_file":
                                        self.scanresult="{0}\n".format(cd.multiscan_file(self.file))
                                elif self.scan_type=="scan_file":
                                        self.scanresult="{0}\n".format(cd.scan_file(self.file))
                                time.sleep(1)
                        else:
                                self.connstr=self.IP+" ping error,exit"
                                return
                except Exception,e:
                        self.connstr=self.IP+" "+str(e)

IPS=['192.168.1.124','192.168.1.116']
scantype="multiscan_file"
scanfile="/home/python/test"
i=1

threadnum=2
scanlist=[]

for ip in IPS:
        currp=Scan(ip,scantype,scanfile)
        scanlist.append(currp)
        if i%threadnum==0 or i==len(IPS):
                for task in scanlist:
                        task.start()
                for task in scanlist:
                        task.join()
                        print task.connstr
                        print task.scanresult
                scanlist=[]
        i+=1

执行命令生产病毒测试文件

Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyclamd
>>> cd=pyclamd.ClamdNetworkSocket()
>>> void = open('/home/python/test/EICAR','w').write(cd.EICAR())
>>>

执行脚本检测病毒

python clamd.py
192.168.1.124 connection [ok]
{u'/home/python/test/EICAR': ('FOUND', 'Eicar-Test-Signature')}

192.168.1.116 Could not reach clamd using network (192.168.16.116, 3310)

信息显示1.124机器上发现病毒测试文件

1.116机器上没有连接成功 #被检测机器上必须安装clamav 并启动了3310端口

免责声明：

① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的，并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据，供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。

② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341

病毒 python ClamAV

阅读原文内容投诉