$ vi clamdownloader.pl
#!/usr/bin/env perl## File name: clamdownloader.pl# Author: Frederic Vanden Poel###############################################################################use strict;use warnings;use Net::DNS;my$clamdb="/data/nginx/html/clamdb";#修改此目录为代理服务家目录# mirror where files such as daily-12133.cdiff existmy$mirror="http://database.clamav.net";# get the TXT record for current.cvd.clamav.netmy$txt= getTXT("current.cvd.clamav.net");
exit unless$txt;
chdir($clamdb)||die("Can't chdir to $clamdb : $!\n");# dump the record in a fileprint"TXT from DNS: $txt\n";
open D,">dns.txt";print D "$txt";
close D;# temp dir for wget updates
mkdir("$clamdb/temp");# get what we needmy($clamv,$mainv,$dailyv,$x, $y, $z, $safebrowsingv,$bytecodev)= split /:/,$txt;print"FIELDS main=$mainv daily=$dailyv bytecode=$bytecodev\n";
updateFile('main',$mainv);
updateFile('daily',$dailyv);
updateFile('bytecode',$bytecodev);sub getTXT{use Net::DNS;my$domain= shift @_;my$rr;my$res= Net::DNS::Resolver->new;my$txt_query=$res->query($domain,"TXT");if($txt_query){
return ($txt_query->answer)[0]->txtdata;}else{
warn "Unable to get TXT Record : ",$res->errorstring,"\n";
return 0;}}sub getLocalVersion{my$file=shift @_;my$cmd="sigtool -i $clamdb/$file.cvd";
open P,"$cmd |"||die("Can't run $cmd : $!");while(<P>){nextunless/Version: (\d+)/;
return $1;}
return -1;}sub updateFile{my$file=shift @_;my$currentversion=shift @_;my$old=0;if(!-e"$file.cvd"){
warn "file $file.cvd does not exists, skipping\n";}if(!-z"$file.cvd"){$old= getLocalVersion($file);if($old>0){print"$file old: $old current: $currentversion\n";# mirror all the diffsfor(my$count=$old+1;$count<=$currentversion;$count++){print`wget -nH -nd -N -nv $mirror/$file-$count.cdiff 2>&1`;}}else{
warn "file $file.cvd version unknown, skipping cdiffs\n";}}else{
warn "file $file.cvd is zero, skipping cdiffs\n";}
return if($currentversion==$old);# update the full file using a copy, then move backprint`cp -v -a $file.cvd temp/$file.cvd 2>&1`;print`cd temp && wget -nH -nd -N -nv $mirror/$file.cvd 2>&1`;if(-e"temp/$file.cvd"&&!-z"temp/$file.cvd"){if((stat("temp/$file.cvd"))[9]>(stat("$file.cvd"))[9]){print"file temp/$file.cvd is newer than $file.cvd\n";print`mv -v temp/$file.cvd $file.cvd 2>&1`;}else{print"file temp/$file.cvd not touched by wget\n";print`rm -v temp/$file.cvd`;}}else{
warn "temp/$file.cvd is not valid, not copying back !\n";
unlink "temp/$file.cvd";}}
3. 下载最新病毒库
$ ./clamdownloader.pl
TXT from DNS: 0.102.3:59:25844:1592303341:1:63:49191:331
FIELDS main=59 daily=25844 bytecode=331
file main.cvd does not exists, skipping
LibClamAV Error: cl_cvdhead: Can't open file /data/nginx/html/clamdb/main.cvd
ERROR: cvdinfo: Can't read/parse CVD header of /data/nginx/html/clamdb/main.cvd
file main.cvd version unknown, skipping cdiffs
cp: cannot stat ‘main.cvd’: No such file or directory
2020-06-16 18:56:16 URL:http://database.clamav.net/main.cvd [117859675/117859675] ->"main.cvd"[1]
Use of uninitialized value in numeric gt (>) at ./clamdownloader.pl line 94.
file temp/main.cvd is newer than main.cvd
‘temp/main.cvd’ -> ‘main.cvd’
file daily.cvd does not exists, skipping
LibClamAV Error: cl_cvdhead: Can't open file /data/nginx/html/clamdb/daily.cvd
ERROR: cvdinfo: Can't read/parse CVD header of /data/nginx/html/clamdb/daily.cvd
file daily.cvd version unknown, skipping cdiffs
cp: cannot stat ‘daily.cvd’: No such file or directory
2020-06-16 18:56:41 URL:http://database.clamav.net/daily.cvd [70240083/70240083] ->"daily.cvd"[1]
Use of uninitialized value in numeric gt (>) at ./clamdownloader.pl line 94.
file temp/daily.cvd is newer than daily.cvd
‘temp/daily.cvd’ -> ‘daily.cvd’
file bytecode.cvd does not exists, skipping
LibClamAV Error: cl_cvdhead: Can't open file /data/nginx/html/clamdb/bytecode.cvd
ERROR: cvdinfo: Can't read/parse CVD header of /data/nginx/html/clamdb/bytecode.cvd
file bytecode.cvd version unknown, skipping cdiffs
cp: cannot stat ‘bytecode.cvd’: No such file or directory
2020-06-16 18:56:44 URL:http://database.clamav.net/bytecode.cvd [296388/296388] ->"bytecode.cvd"[1]
Use of uninitialized value in numeric gt (>) at ./clamdownloader.pl line 94.
file temp/bytecode.cvd is newer than bytecode.cvd
‘temp/bytecode.cvd’ -> ‘bytecode.cvd’
[root@GJSK-FIN-PRD-BJ-G-MON-NODE-001 scripts]# ./clamdownloader.pl
TXT from DNS: 0.102.3:59:25844:1592303341:1:63:49191:331
FIELDS main=59 daily=25844 bytecode=331
main old: 59 current: 59
daily old: 25844 current: 25844
bytecode old: 331 current: 331
$ sudo freshclam
ClamAV update process started at Tue Jun 16 20:09:18 2020
WARNING: DNS Update Info disabled. Falling back to HTTP mode.
Reading CVD header (daily.cld): Time: 0.0s, ETA: 0.0s [=============================>] 153B/153B
WARNING: remote_cvdhead: file not found: http://clamav.server_name.local/daily.cld
Reading CVD header (daily.cvd): Time: 0.0s, ETA: 0.0s [=============================>] 512B/512B
OK
daily database available for download (remote version: 25844)
Time: 0.1s, ETA: 0.0s [=============================>] 66.99MiB/66.99MiB
Testing database: '/data/clamav/database/tmp.5e011/clamav-9990037da7d632bfdb6b1b111037a3f1.tmp-daily.cvd'...
Database test passed.
daily.cvd updated (version: 25844, sigs: 2622498, f-level: 63, builder: raynman)
Reading CVD header (main.cld): Time: 0.0s, ETA: 0.0s [=============================>] 153B/153B
WARNING: remote_cvdhead: file not found: http://clamav.server_name.local/main.cld
Time: 0.0s, ETA: 0.0s [=============================>] 512B/512B ] 0B/512B
OK
main database available for download (remote version: 59)
Time: 0.2s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB
Testing database: '/data/clamav/database/tmp.5e011/clamav-93133aa81442761a171df91da930a58b.tmp-main.cvd'...
Database test passed.
main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Reading CVD header (bytecode.cld): Time: 0.0s, ETA: 0.0s [=============================>] 153B/153B
WARNING: remote_cvdhead: file not found: http://clamav.server_name.local/bytecode.cld
Time: 0.0s, ETA: 0.0s [=============================>] 512B/512B ] 0B/512B
OK
bytecode database available for download (remote version: 331)
Time: 0.0s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB
Testing database: '/data/clamav/database/tmp.5e011/clamav-fe11fe78069738b81b242f3466cce6d6.tmp-bytecode.cvd'...
Database test passed.
bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
4. 启动服务
$ systemctl start clamav-freshclam.service
$ systemctl enable clamav-freshclam.service
Created symlink from /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service to /usr/lib/systemd/system/clamav-freshclam.service.
$ systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-06-16 23:21:53 CST; 14s ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 20137 (freshclam)
CGroup: /system.slice/clamav-freshclam.service
└─20137 /usr/bin/freshclam -d --foreground=true
Jun 16 23:21:53 NODE-001 freshclam[20137]: WARNING: DNS Update Info disabled. Falling ba...de.
Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (daily.cld): WARNING: remo...cld
Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (daily.cvd): OK
Jun 16 23:21:53 NODE-001 freshclam[20137]: daily.cvd database is up to date(version: 25...an)
Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (main.cld): WARNING: remot...cld
Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (main.cvd): OK
Jun 16 23:21:53 NODE-001 freshclam[20137]: main.cvd database is up to date(version: 59,...gr)
Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (bytecode.cld): WARNING: r...cld
Jun 16 23:21:53 NODE-001 freshclam[20137]: Reading CVD header (bytecode.cvd): OK
Jun 16 23:21:53 NODE-001 freshclam[20137]: bytecode.cvd database is up to date(version:...eg)
Hint: Some lines were ellipsized, use -l to show in full.
三、 本地扫描
$ clamscan -r /data/nginx
/data/nginx/sbin/nginx: OK
/data/nginx/conf/koi-win: OK
/data/nginx/conf/koi-utf: OK
/data/nginx/conf/win-utf: OK
/data/nginx/conf/mime.types: OK
/data/nginx/conf/mime.types.default: OK
/data/nginx/conf/fastcgi_params: OK
/data/nginx/conf/fastcgi_params.default: OK
/data/nginx/conf/fastcgi.conf: OK
/data/nginx/conf/fastcgi.conf.default: OK
/data/nginx/conf/uwsgi_params: OK
/data/nginx/conf/uwsgi_params.default: OK
/data/nginx/conf/scgi_params: OK
/data/nginx/conf/scgi_params.default: OK
/data/nginx/conf/nginx.conf.default: OK
/data/nginx/conf/nginx.conf: OK
/data/nginx/logs/error.log: OK
/data/nginx/logs/access.log: OK
/data/nginx/html/50x.html: OK
/data/nginx/html/index.html: OK
/data/nginx/html/clamdb/dns.txt: OK
/data/nginx/html/clamdb/main.cvd: OK
/data/nginx/html/clamdb/daily.cvd: OK
/data/nginx/html/clamdb/bytecode.cvd: OK
/data/nginx/html/clamdb/daily-25845.cdiff: OK
/data/nginx/nginx.pid: OK
----------- SCAN SUMMARY -----------
Known viruses: 7200353
Engine version: 0.102.3
Scanned directories: 12
Scanned files: 26
Infected files: 0
Data scanned: 7.77 MB
Data read: 186.57 MB (ratio 0.04:1)
Time: 16.177 sec (0 m 16 s)