python 使用ClamAV實現病毒掃描（pyClamad）

標籤：clamav   pyclamad   

首先安裝clamav

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

sed -i  's/^Example/#Example/g' /etc/freshclam.conf        #必須關閉Example 否則啟動會失敗

sed -i  's/^Example/#Example/g' /etc/clamd.d/scan.conf

systemctl enable [email protected]

ln -s /usr/lib/systemd/system/[email protected] /etc/systemd/system/multi-user.target.wants/[email protected]

修改配置

cat /etc/clamd.d/scan.conf |grep -v "#"|grep -v "^$"

LogSyslog yes

LocalSocket /var/run/clamd.scan/clamd.sock        #使用本地socket

TCPAddr 0.0.0.0        #監聽地址

User clamscan

AllowSupplementaryGroups yes

更新病毒庫

/usr/bin/freshclam  

啟動

systemctl start [email protected]

systemctl status [email protected]

##注意：被檢測的機器必須安裝並啟動[email protected]    3310連接埠正常  才能被下面例子中的指令碼檢測

安裝pyClamd

下載模組

開啟 https://pypi.org/project/pyClamd/#files

wget https://files.pythonhosted.org/packages/13/73/97a0518b59f1b6aefa2ac851566038d2c9128f8a5503bcf4cd0adf8b0072/pyClamd-0.4.0.tar.gz

tar zxf pyClamd-0.4.0.tar.gz

cd pyClamd-0.4.0

python setup.py install

檢測指令碼樣本：

#!/usr/bin/env python# -*- coding: utf-8 -*-import timeimport pyclamdfrom threading import Threadclass Scan(Thread):        def __init__ (self,IP,scan_type,file):                Thread.__init__(self)                self.IP=IP                self.scan_type=scan_type                self.file=file                self.connstr=""                self.scanresult=""        def run(self):                try:                        cd=pyclamd.ClamdNetworkSocket(self.IP,3310)                        if cd.ping():                                self.connstr=self.IP+" connection [ok]"                                cd.reload()                                if self.scan_type=="contscan_file":                                        self.scanresult="{0}\n".format(cd.contscan_file(self.file))                                elif self.scan_type=="multiscan_file":                                        self.scanresult="{0}\n".format(cd.multiscan_file(self.file))                                elif self.scan_type=="scan_file":                                        self.scanresult="{0}\n".format(cd.scan_file(self.file))                                time.sleep(1)                        else:                                self.connstr=self.IP+" ping error,exit"                                return                except Exception,e:                        self.connstr=self.IP+" "+str(e)IPS=['192.168.1.124','192.168.1.116']scantype="multiscan_file"scanfile="/home/python/test"i=1threadnum=2scanlist=[]for ip in IPS:        currp=Scan(ip,scantype,scanfile)        scanlist.append(currp)        if i%threadnum==0 or i==len(IPS):                for task in scanlist:                        task.start()                for task in scanlist:                        task.join()                        print task.connstr                        print task.scanresult                scanlist=[]        i+=1

執行命令 生產病毒測試檔案

Python 2.7.5 (default, Oct 11 2015, 17:47:16) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2Type "help", "copyright", "credits" or "license" for more information.>>> import pyclamd>>> cd=pyclamd.ClamdNetworkSocket()>>> void = open('/home/python/test/EICAR','w').write(cd.EICAR())>>>

執行指令碼檢測病毒

python clamd.py192.168.1.124 connection [ok]{u'/home/python/test/EICAR': ('FOUND', 'Eicar-Test-Signature')}192.168.1.116 Could not reach clamd using network (192.168.16.116, 3310)

資訊顯示1.124機器上發現病毒測試檔案

1.116機器上沒有串連成功         #被檢測機器上必須安裝clamav 並啟動了3310連接埠

python 使用ClamAV實現病毒掃描（pyClamad）