なんだこれは

はてなダイアリーから移転しました。

ClamAVのupdateとFreshClamDaemonの共存

結局こうしてみた。updateclam.shがclamAVを上書きインストールするから仕方ないんよ。責任は自己負担だ!!FreshClamDaemonバージョンが何かっていうと、okamuraさんのページのリンクをたどってくれ。ちなみにテストしてませんから!!


updateclam.sh

clamAVをダウンロードとインストールするScript。updateclam.shは/usr/local/clamXav/以外ならばどこに置いても良い。/usr/local/sbinにおいた。ここに出てくる、変数clambkdirはfreshclam.confの退避directoryでここではclambkdir

2006 05 11 のupdateclam.sh for FreshClamDaemonバージョン。たぶん、FleshCramDaemonがなくても動くはず。

http://d.hatena.ne.jp/fu7mu4/12000102に続く。

#!/bin/sh
#############################################
# Documentation:
## This script downloads the latest version of clamav and installs
## it compatibly with ClamXav based on work here
## http://www.macosxhints.com/article.php?story=20060409060940665&query=clam
## My example uses a download from the east coast - see
## http://prdownloads.sourceforge.net/clamav/ clamav-0.88.2.tar.gz?download
## for an example of the possible downloads as of version 0.88.2
#
# note the download urls are not displayed but check the path of the actual download
## most of my comments follow the line of code
## I document for learning as well as documenting purposes
## the next thing this should do I think is hide all the text flying by,
## report success or not## and be included as a program or plugin to clamXav
## note this only updates the engine. An installation of ClamXav will do other things
## and should be done BEFORE doing this update.#
# fu7mu4 modified 2006:05:10
# clambkdir variable is a store directory for freshclam.conf
# adding FreshClamDaemon stop/start ; its author is yuji_okamura 
#   http://homepage.mac.com/yuji_okamura/iblog/DotMac/Tips/\
#   C1181169702/E20060502200534/index.html
# fu7mu4 modified 2006:05:08
# changing download site to jaist Japan mirror
# adding sudo command in front of chmod,chgrp,chown
############################################
clambkdir="/usr/local/clambk"
# stop FreshClamDaemon
if [ -f /Library/StartupItems/FreshClamDaemon/FreshClamDaemon ]; then
       printf "Stop FreshClamDaemon"       
sudo /Library/StartupItems/FreshClamDaemon/FreshClamDaemon stop
fi
#url="http://superb-east.dl.sourceforge.net/sourceforge/clamav/clamav-"
url="http://jaist.dl.sourceforge.net/sourceforge/clamav/clamav-"
# this is a variable which has most of the download url, it's missing the
# version number
# the following line downloads a url as a file in the default location 
# and it will have the latest version in the html of the file downloaded
latest=`curl -O "http://www.clamav.net/stable.php#pagestart" \
; grep "released (" stable.php* | awk '{print $2}' | head -1`
# this line searches the file named stable.php{anything} for "released ("
# and backs up to the version number in this line of text
curl -O $url$latest.tar.gz && \
# this downloads the resulting file name as a file of the same name
printf "The latest version of clamav or %s has been downloaded!\n" $latest && \
tar zxvf clamav-$latest.tar.gz && \
cd clamav-$latest
./configure --prefix=/usr/local/clamXav &&
# this tells the compiler to install the comilation in the clamXav compatible location
make && \
sudo make install && \
# the following lines reset permissions as needed by clamXav as documented at
# http://markallan.co.uk/clamXav/index.php?page=byo
sudo chown -R root  /usr/local/clamXav
sudo chgrp -R admin /usr/local/clamXav
sudo chmod -R 666   /usr/local/clamXav/etc/freshclam.conf
sudo chmod u+s      /usr/local/clamXav/bin/freshclam
sudo chmod a+wr     /usr/local/clamXav/share/clamav/freshclam.log
sudo chown -R clamav /usr/local/clamXav/share/clamav
sudo chgrp -R clamav /usr/local/clamXav/share/clamav
sudo chmod -R g+w   /usr/local/clamXav/share/clamav
sudo chmod -R u+w   /usr/local/clamXav/share/clamav
printf "Ok I am updating to the latest virus definitions for \
version %s by running freshclam.", $latest && \
/usr/local/clamXav/bin/freshclam && \
# these steps clean up all the stuff downloaded and or created
cd ..
rm -Rf clamav-$latest
rm -f clamav-$latest.tar.gz
rm -f stable.php*

# start FreshClamDaemon
if [ -f /Library/StartupItems/FreshClamDaemon/FreshClamDaemon ]; then   
   if [ -f "${clambkdir}/README" ]; then
       sudo cp -r "${clambkdir}"/README \
       /usr/local/clamXav/etc/READMEforFreshClamDaemon
   fi   
   if [ -f "/usr/local/clamXav/etc/freshclam.conf" ]; then
       sudo cp -r /usr/local/clamXav/etc/freshclam.conf \
       /usr/local/clamXav/etc/freshclam.conf.org
   fi
   if [ -f "${clambkdir}/freshclam.conf" ]; then
       sudo cp -r "${clambkdir}"/freshclam.conf \
       /usr/local/clamXav/etc/freshclam.conf   
   fi
       printf "Start FreshClamDaemon"       
   sudo /Library/StartupItems/FreshClamDaemon/FreshClamDaemon start
fi

cronscan

cronscanは/usr/local/sbinに置いた。ドコでもいいけど、/etc/daily.localと/etc/weekly.localで指定されることを忘れるな。

#!/bin/sh
# This is cron-like clamscan script
# Original Author Okamura Yuji
# is based by 
# http://homepage.mac.com/yuji_okamura/iblog/DotMac/Tips/ \
# C1181169702/E20060502200534/index.html
#
 /usr/local/clamXav/bin/clamscan -r \
--stdout \
--infected \
--log="/var/log/clamav-scan.log" \
--move=/ClamXavBox \
--max-ratio=500 \
--exclude='/clamav-[0-9]+(\.[0-9]+)*\.tar\.gz$' \
--exclude='[^/]+\.iso$' \
--exclude='[^/]+\.dmg$' \
--exclude='[^/]+\.dmg\.gz$' \
--exclude='[^/]+\.dmg\.bz2$' \
--exclude='^/+mach_kernel$' \
--exclude='^/+mach.sym$' \
--exclude='^/+mach$' \
--exclude-dir='^/+ClamXavBox$' \
--exclude-dir='^/+\.Spotlight_V100$' \
--exclude-dir='^/+\.vol$' \
--exclude-dir='^/+dev$' \
--exclude-dir='^/+afs$' \
--exclude-dir='^/+Network$' \
--exclude-dir='^/+Volumes$' \
--exclude-dir='^/+automount$' \
--exclude-dir='^/+Library$' \
--exclude-dir='^/+Developer$' \
--exclude-dir='^/+etc$' \
--exclude-dir='^/+var$' \
--exclude-dir='^/+private$' \
$*

freshclam.conf for FreshClamDaemon

/usr/local/clambkをつくってそこに、freshclam.confを置いた。/usr/local/clambkは /usr/local/sbin/updateclamの変数clambkdirで指定されるディレクトリ。忘れない為にREADMEファイルを置いておく。なくても可。updateclam.shで/usr/local/clamXav/etcにコピーされる。

daily.local

add for 以下を/etc/local.dailyに追加した。cronscanをフルパスで指定。

#!/bin/sh
## daily.local - cron script

for i in /etc/cron.daily/* ;
 do
    if [ -r $i ]; then
       . $i
    fi
done

unset i

## add for clamav-scanning 2006/05/10
if [ `date +%w` -ne 6 ]; then
    /usr/local/clamXav/bin/freshclam --quiet \
       --log="/usr/local/clamXav/share/clamav/freshclam.log" 
    /usr/local/sbin/cronscan /Users
fi

weekly.local

同じく、clam-scanning以下を/etc/weekly.localに追加。

#!/bin/sh
## daily.local - cron script

for i in /etc/cron.weekly/* ;
do
   if [ -r $i ]; then
	. $i
   fi
done

unset i

## clam-scaninng

/usr/local/clamXav/bin/freshclam --quiet \
   --log="/usr/local/clamXav/share/clamav/freshclam.log"
/usr/local/sbin/cronscan /

あとはFreshClamDaemonの設定をすればよい。