python 使用ClamAV实现病毒扫描(pyClamad)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python 使用ClamAV实现病毒扫描(pyClamad)相关的知识,希望对你有一定的参考价值。
首先安装clamav
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
sed -i 's/^Example/#Example/g' /etc/freshclam.conf #必须关闭Example 否则启动会失败
sed -i 's/^Example/#Example/g' /etc/clamd.d/scan.conf
systemctl enable [email protected]
ln -s /usr/lib/systemd/system/[email protected] /etc/systemd/system/multi-user.target.wants/[email protected]
修改配置
cat /etc/clamd.d/scan.conf |grep -v "#"|grep -v "^$"
LogSyslog yes
LocalSocket /var/run/clamd.scan/clamd.sock #使用本地socket
TCPAddr 0.0.0.0 #监听地址
User clamscan
AllowSupplementaryGroups yes
更新病毒库
/usr/bin/freshclam
启动
systemctl start [email protected]
systemctl status [email protected]
##注意:被检测的机器必须安装并启动[email protected] 3310端口正常 才能被下面例子中的脚本检测
安装pyClamd
下载模块
打开 https://pypi.org/project/pyClamd/#files
tar zxf pyClamd-0.4.0.tar.gz
cd pyClamd-0.4.0
python setup.py install
检测脚本示例:
#!/usr/bin/env python # -*- coding: utf-8 -*- import time import pyclamd from threading import Thread class Scan(Thread): def __init__ (self,IP,scan_type,file): Thread.__init__(self) self.IP=IP self.scan_type=scan_type self.file=file self.connstr="" self.scanresult="" def run(self): try: cd=pyclamd.ClamdNetworkSocket(self.IP,3310) if cd.ping(): self.connstr=self.IP+" connection [ok]" cd.reload() if self.scan_type=="contscan_file": self.scanresult="{0}\n".format(cd.contscan_file(self.file)) elif self.scan_type=="multiscan_file": self.scanresult="{0}\n".format(cd.multiscan_file(self.file)) elif self.scan_type=="scan_file": self.scanresult="{0}\n".format(cd.scan_file(self.file)) time.sleep(1) else: self.connstr=self.IP+" ping error,exit" return except Exception,e: self.connstr=self.IP+" "+str(e) IPS=['192.168.1.124','192.168.1.116'] scantype="multiscan_file" scanfile="/home/python/test" i=1 threadnum=2 scanlist=[] for ip in IPS: currp=Scan(ip,scantype,scanfile) scanlist.append(currp) if i%threadnum==0 or i==len(IPS): for task in scanlist: task.start() for task in scanlist: task.join() print task.connstr print task.scanresult scanlist=[] i+=1
执行命令 生产病毒测试文件
Python 2.7.5 (default, Oct 11 2015, 17:47:16) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import pyclamd >>> cd=pyclamd.ClamdNetworkSocket() >>> void = open('/home/python/test/EICAR','w').write(cd.EICAR()) >>>
执行脚本检测病毒
python clamd.py 192.168.1.124 connection [ok] {u'/home/python/test/EICAR': ('FOUND', 'Eicar-Test-Signature')} 192.168.1.116 Could not reach clamd using network (192.168.16.116, 3310)
信息显示1.124机器上发现病毒测试文件
1.116机器上没有连接成功 #被检测机器上必须安装clamav 并启动了3310端口
以上是关于python 使用ClamAV实现病毒扫描(pyClamad)的主要内容,如果未能解决你的问题,请参考以下文章