1. 程式人生 > >python 使用ClamAV實現病毒掃描(pyClamad)

python 使用ClamAV實現病毒掃描(pyClamad)

clamav pyclamad

首先安裝clamav


yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

sed -i 's/^Example/#Example/g' /etc/freshclam.conf #必須關閉Example 否則啟動會失敗

sed -i 's/^Example/#Example/g' /etc/clamd.d/scan.conf

systemctl enable clamd@scan

ln -s /usr/lib/systemd/system/[email protected] /etc/systemd/system/multi-user.target.wants/[email protected]

修改配置

cat /etc/clamd.d/scan.conf |grep -v "#"|grep -v "^$"

LogSyslog yes

LocalSocket /var/run/clamd.scan/clamd.sock #使用本地socket

TCPAddr 0.0.0.0 #監聽地址

User clamscan

AllowSupplementaryGroups yes

更新病毒庫

/usr/bin/freshclam

啟動

systemctl start clamd@scan

systemctl status clamd@scan

##註意:被檢測的機器必須安裝並啟動clamd@scan 3310端口正常 才能被下面例子中的腳本檢測

安裝pyClamd

下載模塊

打開 https://pypi.org/project/pyClamd/#files

wget https://files.pythonhosted.org/packages/13/73/97a0518b59f1b6aefa2ac851566038d2c9128f8a5503bcf4cd0adf8b0072/pyClamd-0.4.0.tar.gz

tar zxf pyClamd-0.4.0.tar.gz

cd pyClamd-0.4.0

python setup.py install


檢測腳本示例:

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import time
import pyclamd
from threading import Thread

class Scan(Thread):
        def __init__ (self,IP,scan_type,file):
                Thread.__init__(self)
                self.IP=IP
                self.scan_type=scan_type
                self.file=file
                self.connstr=""
                self.scanresult=""

        def run(self):
                try:
                        cd=pyclamd.ClamdNetworkSocket(self.IP,3310)
                        if cd.ping():
                                self.connstr=self.IP+" connection [ok]"
                                cd.reload()
                                if self.scan_type=="contscan_file":
                                        self.scanresult="{0}\n".format(cd.contscan_file(self.file))
                                elif self.scan_type=="multiscan_file":
                                        self.scanresult="{0}\n".format(cd.multiscan_file(self.file))
                                elif self.scan_type=="scan_file":
                                        self.scanresult="{0}\n".format(cd.scan_file(self.file))
                                time.sleep(1)
                        else:
                                self.connstr=self.IP+" ping error,exit"
                                return
                except Exception,e:
                        self.connstr=self.IP+" "+str(e)

IPS=['192.168.1.124','192.168.1.116']
scantype="multiscan_file"
scanfile="/home/python/test"
i=1

threadnum=2
scanlist=[]

for ip in IPS:
        currp=Scan(ip,scantype,scanfile)
        scanlist.append(currp)
        if i%threadnum==0 or i==len(IPS):
                for task in scanlist:
                        task.start()
                for task in scanlist:
                        task.join()
                        print task.connstr
                        print task.scanresult
                scanlist=[]
        i+=1


執行命令 生產病毒測試文件

Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyclamd
>>> cd=pyclamd.ClamdNetworkSocket()
>>> void = open('/home/python/test/EICAR','w').write(cd.EICAR())
>>>


執行腳本檢測病毒


python clamd.py
192.168.1.124 connection [ok]
{u'/home/python/test/EICAR': ('FOUND', 'Eicar-Test-Signature')}

192.168.1.116 Could not reach clamd using network (192.168.16.116, 3310)

信息顯示1.124機器上發現病毒測試文件

1.116機器上沒有連接成功 #被檢測機器上必須安裝clamav 並啟動了3310端口






python 使用ClamAV實現病毒掃描(pyClamad)