Inhaltsverzeichnis
Apache HTTP Server CentOS 6 - mod_clamav - Virenscanner Einbindung
Das Apache HTTPD Server-Modul mod_clamav
ermöglicht das Durchsuchen von Datei-Uploads nach Viren durch den Virenscanner ClamAV, welches ein Antivirus Toolkit für Unix das unter der GPL Lizenz steht ist, für den Apache HTTPD Server.
Der Apache HTTPD Server ermöglicht die Einbindung von Filtern, welche es erlauben, Inhalte zu modifizieren, die z.B. durch Apache HTTPD Server-Module erstellt worden sind. mod_clamav ist so ein Apache HTTPD Server-Filter, welcher Inhalte, die durch das Apache HTTPD Server-Modul mod_proxy zur Verfügung gestellt werden, unter Zuhilfenahme des Virenscanners ClamAV, welches ein Antivirus Toolkit für Unix das unter der GPL Lizenz darstellt, nach Viren zu durchsuchen.
Die Projekt-Seite, welche hinter dem Apache HTTPD Server-Modul mod_clamav
steht, kann unter nachfolgendem externen Link aufgerufen werden:
Ab hier werden root
-Rechte zur Ausführung der nachfolgenden Befehle benötigt. Um root
zu werden geben Sie bitte folgenden Befehl ein:
$ su - Password:
Vorbereitungen
Da es sich bei der zur heruntergeladenen Datei nicht um ein rpm
-Paket handelt, sondern um eine tar
-Archivdatei handelt und dies die Quellen (Sourcen) des Apache HTTPD Server-Moduls mod_clamav
handelt, ist es erforderlich das Apache HTTPD Server-Modul mod_clamav
noch zu kompilieren.
Nachfolgende Systemvoraussetzungen sind dafür erforderlich:
gcc
- Compilerhttpd
- Apache HTTPD Serverhttpd-devel
- Apache HTTPD Server-Entwicklungs-Quellenclamav
- ClamAV Virenscannerclamav-devel
- ClamAV Virenscanner-Entwicklungs-Quellenmake
- Werkzeug zur Erstellung von kompilierbaren Codes
Zusätzlich ist es ebenfalls erforderlich ein Repository eines Drittanbieter einzubinden, in diesem Falls soll hier das EPEL-Repository zum Einsatz kommen. Wie dies Eingebunden werden kann, kann unter nachfolgendem internen Link nachgelesen werden:
Nachfolgender Befehl installiert die grundsätzlich benötigten Abhängigkeiten:
# yum install gcc httpd httpd-devel clamav clamav-devel make Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile 85 packages excluded due to repository priority protections Setting up Install Process Package 1:make-3.81-20.el6.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package clamav.x86_64 0:0.98.3-1.el6 will be installed --> Processing Dependency: clamav-db = 0.98.3-1.el6 for package: clamav-0.98.3-1.el6.x86_64 ---> Package clamav-devel.x86_64 0:0.98.3-1.el6 will be installed ---> Package gcc.x86_64 0:4.4.7-4.el6 will be installed --> Processing Dependency: libgomp = 4.4.7-4.el6 for package: gcc-4.4.7-4.el6.x86_64 --> Processing Dependency: cpp = 4.4.7-4.el6 for package: gcc-4.4.7-4.el6.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-4.el6.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-4.el6.x86_64 --> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-4.el6.x86_64 ---> Package httpd.x86_64 0:2.2.15-30.el6.centos will be installed --> Processing Dependency: httpd-tools = 2.2.15-30.el6.centos for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-30.el6.centos.x86_64 ---> Package httpd-devel.x86_64 0:2.2.15-30.el6.centos will be installed --> Processing Dependency: apr-util-devel for package: httpd-devel-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: apr-devel for package: httpd-devel-2.2.15-30.el6.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-devel.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package apr-util-devel.x86_64 0:1.3.9-3.el6_0.1 will be installed --> Processing Dependency: openldap-devel for package: apr-util-devel-1.3.9-3.el6_0.1.x86_64 --> Processing Dependency: expat-devel for package: apr-util-devel-1.3.9-3.el6_0.1.x86_64 --> Processing Dependency: db4-devel for package: apr-util-devel-1.3.9-3.el6_0.1.x86_64 ---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package clamav-db.x86_64 0:0.98.3-1.el6 will be installed ---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 ---> Package cpp.x86_64 0:4.4.7-4.el6 will be installed --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-4.el6.x86_64 ---> Package glibc-devel.x86_64 0:2.12-1.132.el6_5.1 will be installed --> Processing Dependency: glibc-headers = 2.12-1.132.el6_5.1 for package: glibc-devel-2.12-1.132.el6_5.1.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.132.el6_5.1.x86_64 ---> Package httpd-tools.x86_64 0:2.2.15-30.el6.centos will be installed ---> Package libgomp.x86_64 0:4.4.7-4.el6 will be installed ---> Package mailcap.noarch 0:2.1.31-2.el6 will be installed --> Running transaction check ---> Package db4-devel.x86_64 0:4.7.25-18.el6_4 will be installed --> Processing Dependency: db4-cxx = 4.7.25-18.el6_4 for package: db4-devel-4.7.25-18.el6_4.x86_64 --> Processing Dependency: libdb_cxx-4.7.so()(64bit) for package: db4-devel-4.7.25-18.el6_4.x86_64 ---> Package expat-devel.x86_64 0:2.0.1-11.el6_2 will be installed ---> Package glibc-headers.x86_64 0:2.12-1.132.el6_5.1 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.132.el6_5.1.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.132.el6_5.1.x86_64 ---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed ---> Package openldap-devel.x86_64 0:2.4.23-34.el6_5.1 will be installed --> Processing Dependency: cyrus-sasl-devel >= 2.1 for package: openldap-devel-2.4.23-34.el6_5.1.x86_64 ---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed --> Running transaction check ---> Package cyrus-sasl-devel.x86_64 0:2.1.23-13.el6_3.1 will be installed ---> Package db4-cxx.x86_64 0:4.7.25-18.el6_4 will be installed ---> Package kernel-headers.x86_64 0:2.6.32-431.17.1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: clamav x86_64 0.98.3-1.el6 epel 1.4 M clamav-devel x86_64 0.98.3-1.el6 epel 19 k gcc x86_64 4.4.7-4.el6 base 10 M httpd x86_64 2.2.15-30.el6.centos updates 821 k httpd-devel x86_64 2.2.15-30.el6.centos updates 150 k Installing for dependencies: apr x86_64 1.3.9-5.el6_2 base 123 k apr-devel x86_64 1.3.9-5.el6_2 base 176 k apr-util x86_64 1.3.9-3.el6_0.1 base 87 k apr-util-devel x86_64 1.3.9-3.el6_0.1 base 69 k apr-util-ldap x86_64 1.3.9-3.el6_0.1 base 15 k clamav-db x86_64 0.98.3-1.el6 epel 84 M cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k cpp x86_64 4.4.7-4.el6 base 3.7 M cyrus-sasl-devel x86_64 2.1.23-13.el6_3.1 base 302 k db4-cxx x86_64 4.7.25-18.el6_4 base 588 k db4-devel x86_64 4.7.25-18.el6_4 base 6.6 M expat-devel x86_64 2.0.1-11.el6_2 base 120 k glibc-devel x86_64 2.12-1.132.el6_5.1 updates 978 k glibc-headers x86_64 2.12-1.132.el6_5.1 updates 608 k httpd-tools x86_64 2.2.15-30.el6.centos updates 73 k kernel-headers x86_64 2.6.32-431.17.1.el6 updates 2.9 M libgomp x86_64 4.4.7-4.el6 base 118 k mailcap noarch 2.1.31-2.el6 base 27 k mpfr x86_64 2.4.1-6.el6 base 157 k openldap-devel x86_64 2.4.23-34.el6_5.1 updates 1.1 M ppl x86_64 0.10.2-11.el6 base 1.3 M Transaction Summary ================================================================================ Install 26 Package(s) Total download size: 116 M Installed size: 164 M Is this ok [y/N]: y Downloading Packages: (1/26): apr-1.3.9-5.el6_2.x86_64.rpm | 123 kB 00:00 (2/26): apr-devel-1.3.9-5.el6_2.x86_64.rpm | 176 kB 00:00 (3/26): apr-util-1.3.9-3.el6_0.1.x86_64.rpm | 87 kB 00:00 (4/26): apr-util-devel-1.3.9-3.el6_0.1.x86_64.rpm | 69 kB 00:00 (5/26): apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm | 15 kB 00:00 (6/26): clamav-0.98.3-1.el6.x86_64.rpm | 1.4 MB 00:00 (7/26): clamav-db-0.98.3-1.el6.x86_64.rpm | 84 MB 00:01 (8/26): clamav-devel-0.98.3-1.el6.x86_64.rpm | 19 kB 00:00 (9/26): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00 (10/26): cpp-4.4.7-4.el6.x86_64.rpm | 3.7 MB 00:00 (11/26): cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64.rpm | 302 kB 00:00 (12/26): db4-cxx-4.7.25-18.el6_4.x86_64.rpm | 588 kB 00:00 (13/26): db4-devel-4.7.25-18.el6_4.x86_64.rpm | 6.6 MB 00:00 (14/26): expat-devel-2.0.1-11.el6_2.x86_64.rpm | 120 kB 00:00 (15/26): gcc-4.4.7-4.el6.x86_64.rpm | 10 MB 00:00 (16/26): glibc-devel-2.12-1.132.el6_5.1.x86_64.rpm | 978 kB 00:00 (17/26): glibc-headers-2.12-1.132.el6_5.1.x86_64.rpm | 608 kB 00:00 (18/26): httpd-2.2.15-30.el6.centos.x86_64.rpm | 821 kB 00:00 (19/26): httpd-devel-2.2.15-30.el6.centos.x86_64.rpm | 150 kB 00:00 (20/26): httpd-tools-2.2.15-30.el6.centos.x86_64.rpm | 73 kB 00:00 (21/26): kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm | 2.9 MB 00:00 (22/26): libgomp-4.4.7-4.el6.x86_64.rpm | 118 kB 00:00 (23/26): mailcap-2.1.31-2.el6.noarch.rpm | 27 kB 00:00 (24/26): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00 (25/26): openldap-devel-2.4.23-34.el6_5.1.x86_64.rpm | 1.1 MB 00:00 (26/26): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00 -------------------------------------------------------------------------------- Total 37 MB/s | 116 MB 00:03 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : apr-1.3.9-5.el6_2.x86_64 1/26 Installing : apr-util-1.3.9-3.el6_0.1.x86_64 2/26 Installing : apr-devel-1.3.9-5.el6_2.x86_64 3/26 Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 4/26 Installing : httpd-tools-2.2.15-30.el6.centos.x86_64 5/26 Installing : ppl-0.10.2-11.el6.x86_64 6/26 Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 7/26 Installing : mailcap-2.1.31-2.el6.noarch 8/26 Installing : httpd-2.2.15-30.el6.centos.x86_64 9/26 Installing : db4-cxx-4.7.25-18.el6_4.x86_64 10/26 Installing : db4-devel-4.7.25-18.el6_4.x86_64 11/26 Installing : libgomp-4.4.7-4.el6.x86_64 12/26 Installing : clamav-db-0.98.3-1.el6.x86_64 13/26 Installing : clamav-0.98.3-1.el6.x86_64 14/26 Installing : expat-devel-2.0.1-11.el6_2.x86_64 15/26 Installing : mpfr-2.4.1-6.el6.x86_64 16/26 Installing : cpp-4.4.7-4.el6.x86_64 17/26 Installing : kernel-headers-2.6.32-431.17.1.el6.x86_64 18/26 Installing : glibc-headers-2.12-1.132.el6_5.1.x86_64 19/26 Installing : glibc-devel-2.12-1.132.el6_5.1.x86_64 20/26 Installing : cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 21/26 Installing : openldap-devel-2.4.23-34.el6_5.1.x86_64 22/26 Installing : apr-util-devel-1.3.9-3.el6_0.1.x86_64 23/26 Installing : httpd-devel-2.2.15-30.el6.centos.x86_64 24/26 Installing : gcc-4.4.7-4.el6.x86_64 25/26 Installing : clamav-devel-0.98.3-1.el6.x86_64 26/26 Verifying : httpd-2.2.15-30.el6.centos.x86_64 1/26 Verifying : glibc-headers-2.12-1.132.el6_5.1.x86_64 2/26 Verifying : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 3/26 Verifying : httpd-tools-2.2.15-30.el6.centos.x86_64 4/26 Verifying : cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 5/26 Verifying : kernel-headers-2.6.32-431.17.1.el6.x86_64 6/26 Verifying : cpp-4.4.7-4.el6.x86_64 7/26 Verifying : mpfr-2.4.1-6.el6.x86_64 8/26 Verifying : expat-devel-2.0.1-11.el6_2.x86_64 9/26 Verifying : openldap-devel-2.4.23-34.el6_5.1.x86_64 10/26 Verifying : clamav-db-0.98.3-1.el6.x86_64 11/26 Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 12/26 Verifying : apr-util-1.3.9-3.el6_0.1.x86_64 13/26 Verifying : apr-devel-1.3.9-5.el6_2.x86_64 14/26 Verifying : libgomp-4.4.7-4.el6.x86_64 15/26 Verifying : clamav-devel-0.98.3-1.el6.x86_64 16/26 Verifying : apr-1.3.9-5.el6_2.x86_64 17/26 Verifying : apr-util-devel-1.3.9-3.el6_0.1.x86_64 18/26 Verifying : db4-cxx-4.7.25-18.el6_4.x86_64 19/26 Verifying : db4-devel-4.7.25-18.el6_4.x86_64 20/26 Verifying : gcc-4.4.7-4.el6.x86_64 21/26 Verifying : mailcap-2.1.31-2.el6.noarch 22/26 Verifying : glibc-devel-2.12-1.132.el6_5.1.x86_64 23/26 Verifying : ppl-0.10.2-11.el6.x86_64 24/26 Verifying : clamav-0.98.3-1.el6.x86_64 25/26 Verifying : httpd-devel-2.2.15-30.el6.centos.x86_64 26/26 Installed: clamav.x86_64 0:0.98.3-1.el6 clamav-devel.x86_64 0:0.98.3-1.el6 gcc.x86_64 0:4.4.7-4.el6 httpd.x86_64 0:2.2.15-30.el6.centos httpd-devel.x86_64 0:2.2.15-30.el6.centos Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-devel.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-devel.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 clamav-db.x86_64 0:0.98.3-1.el6 cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-4.el6 cyrus-sasl-devel.x86_64 0:2.1.23-13.el6_3.1 db4-cxx.x86_64 0:4.7.25-18.el6_4 db4-devel.x86_64 0:4.7.25-18.el6_4 expat-devel.x86_64 0:2.0.1-11.el6_2 glibc-devel.x86_64 0:2.12-1.132.el6_5.1 glibc-headers.x86_64 0:2.12-1.132.el6_5.1 httpd-tools.x86_64 0:2.2.15-30.el6.centos kernel-headers.x86_64 0:2.6.32-431.17.1.el6 libgomp.x86_64 0:4.4.7-4.el6 mailcap.noarch 0:2.1.31-2.el6 mpfr.x86_64 0:2.4.1-6.el6 openldap-devel.x86_64 0:2.4.23-34.el6_5.1 ppl.x86_64 0:0.10.2-11.el6 Complete!
Herunterladen
Der noch zu kompilierenden Quelle-Code des Apache HTTPD Server-Moduls mod_clamav
kann unter nachfolgender URL heruntergeladen werden:
- externen original Link http://software.othello.ch/mod_clamav/
Dazu sollte zuerst mit nachfolgendem Befehl in das Verzeichnis /tmp
gewechselt werden:
# cd /tmp
Der nachfolgende Befehl kann dazu genutzt werden den Quelle-Code des Apache HTTPD Server-Moduls mod_clamav
herunterzuladen:
# wget http://software.othello.ch/mod_clamav/mod_clamav-0.23.tar.gz --2014-05-23 08:55:15-- http://software.othello.ch/mod_clamav/mod_clamav-0.23.tar.gz Connecting to 172.25.10.220:8082... connected. Proxy request sent, awaiting response... 200 OK Length: 344930 (337K) [application/x-gzip] Saving to: “mod_clamav-0.23.tar.gz” 100%[======================================>] 344,930 53.1K/s in 6.3s 2014-05-23 08:55:21 (53.6 KB/s) - “mod_clamav-0.23.tar.gz” saved [344930/344930]
Anschließend kann mit nachfolgendem Befehl die tar
-Archivdatei entpackt werden:
# tar xzvf mod_clamav-0.23.tar.gz -C /tmp mod_clamav-0.23/ mod_clamav-0.23/install-sh mod_clamav-0.23/ChangeLog mod_clamav-0.23/INSTALL mod_clamav-0.23/init.c mod_clamav-0.23/mod_clamav.h mod_clamav-0.23/COPYING mod_clamav-0.23/config.sub mod_clamav-0.23/message.conf mod_clamav-0.23/mod_clamav.c mod_clamav-0.23/Makefile.am mod_clamav-0.23/TODO mod_clamav-0.23/shmem.c mod_clamav-0.23/filter.c mod_clamav-0.23/mod_clamav.html.in mod_clamav-0.23/missing mod_clamav-0.23/mod_clamav.css mod_clamav-0.23/mod_clamav_version.h.in mod_clamav-0.23/locking.c mod_clamav-0.23/NEWS mod_clamav-0.23/handler.c mod_clamav-0.23/config.h.in mod_clamav-0.23/ltmain.sh mod_clamav-0.23/safepatterns.conf mod_clamav-0.23/sample.conf mod_clamav-0.23/config.guess mod_clamav-0.23/bypass.c mod_clamav-0.23/config.c mod_clamav-0.23/AUTHORS mod_clamav-0.23/README mod_clamav-0.23/depcomp mod_clamav-0.23/configure.in mod_clamav-0.23/aclocal.m4 mod_clamav-0.23/configure mod_clamav-0.23/Makefile.in
Der nachfolgende Befehl dient dazu, in das durch das entpacken der tar
-Archivdatei neu entstandene Verzeichnis /tmp/mod_clamav-0.23
zu wechseln:
# cd /tmp/mod_clamav-0.23
Der Inhalt des Verzeichnisses /tmp/mod_clamav-0.23
sollte dann wie folgt aussehen:
# ls -l /tmp/mod_clamav-0.23 total 1492 -rw-r--r-- 1 1000 wheel 266567 Apr 11 2009 aclocal.m4 -rw-r--r-- 1 1000 wheel 613 Mar 28 2004 AUTHORS -rw-r--r-- 1 1000 wheel 4308 Apr 11 2009 bypass.c -rw-r--r-- 1 1000 wheel 5153 Apr 29 2004 ChangeLog -rw-r--r-- 1 1000 wheel 13682 Apr 11 2009 config.c -rwxr-xr-x 1 1000 wheel 44466 Sep 21 2007 config.guess -rw-r--r-- 1 1000 wheel 2420 Apr 11 2009 config.h.in -rwxr-xr-x 1 1000 wheel 32560 Sep 21 2007 config.sub -rwxr-xr-x 1 1000 wheel 684009 Apr 11 2009 configure -rw-r--r-- 1 1000 wheel 1814 Apr 11 2009 configure.in -rw-r--r-- 1 1000 wheel 17992 Feb 28 2003 COPYING -rwxr-xr-x 1 1000 wheel 17574 Jan 21 2008 depcomp -rw-r--r-- 1 1000 wheel 29273 Apr 11 2009 filter.c -rw-r--r-- 1 1000 wheel 11623 Apr 11 2009 handler.c -rw-r--r-- 1 1000 wheel 6426 Apr 11 2009 init.c -rw-r--r-- 1 1000 wheel 9871 Jan 8 2004 INSTALL -rwxr-xr-x 1 1000 wheel 13184 Jan 21 2008 install-sh -rw-r--r-- 1 1000 wheel 1400 Apr 11 2009 locking.c -rw-r--r-- 1 1000 wheel 198965 Sep 21 2007 ltmain.sh -rw-r--r-- 1 1000 wheel 1454 Apr 11 2009 Makefile.am -rw-r--r-- 1 1000 wheel 29277 Apr 11 2009 Makefile.in -rw-r--r-- 1 1000 wheel 646 Mar 14 2004 message.conf -rwxr-xr-x 1 1000 wheel 11135 Jan 21 2008 missing -rw-r--r-- 1 1000 wheel 1231 Apr 11 2009 mod_clamav.c -rw-r--r-- 1 1000 wheel 290 Apr 11 2009 mod_clamav.css -rw-r--r-- 1 1000 wheel 7978 Apr 11 2009 mod_clamav.h -rw-r--r-- 1 1000 wheel 20969 Apr 11 2009 mod_clamav.html.in -rw-r--r-- 1 1000 wheel 238 Apr 11 2009 mod_clamav_version.h.in -rw-r--r-- 1 1000 wheel 653 Apr 11 2009 NEWS -rw-r--r-- 1 1000 wheel 631 Nov 11 2003 README -rw-r--r-- 1 1000 wheel 2782 Mar 19 2004 safepatterns.conf -rw-r--r-- 1 1000 wheel 2264 Mar 22 2004 sample.conf -rw-r--r-- 1 1000 wheel 1713 Apr 11 2009 shmem.c -rw-r--r-- 1 1000 wheel 100 Apr 11 2009 TODO
Kompilieren
Nachfolgende Vorgehensweise beschreibt eine Möglichkeit den Quelle-Code des Apache HTTPD Server-Moduls mod_clamav
zu kompilieren und das Apache HTTPD Server-Modul mod_clamav
zu erhalten.
./configure
Im Verzeichnis /tmp/mod_clamav-0.23
kann nachfolgender Befehl dazu genutzt werden, um die Konfiguration des späteren Kompiliervorgangs durchzuführen, dabei sind mindestens nachfolgende Parameter zu setzen:
# ./configure --with-apache=/usr/sbin/httpd --with-apxs=/usr/sbin/apxs checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for APXS tool... using /usr/sbin/apxs checking for apr-1-config tool... checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking for a sed that does not truncate output... /bin/sed checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ld used by gcc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking whether ln -s works... yes checking how to recognize dependent libraries... pass_all checking how to run the C preprocessor... gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking for g++... no checking for c++... no checking for gpp... no checking for aCC... no checking for CC... no checking for cxx... no checking for cc++... no checking for cl.exe... no checking for FCC... no checking for KCC... no checking for RCC... no checking for xlC_r... no checking for xlC... no checking whether we are using the GNU C++ compiler... no checking whether g++ accepts -g... no checking dependency style of g++... none checking for g77... no checking for xlf... no checking for f77... no checking for frt... no checking for pgf77... no checking for cf77... no checking for fort77... no checking for fl32... no checking for af77... no checking for xlf90... no checking for f90... no checking for pgf90... no checking for pghpf... no checking for epcf90... no checking for gfortran... no checking for g95... no checking for xlf95... no checking for f95... no checking for fort... no checking for ifort... no checking for ifc... no checking for efc... no checking for pgf95... no checking for lf95... no checking for ftn... no checking whether we are using the GNU Fortran 77 compiler... no checking whether accepts -g... no checking the maximum length of command line arguments... 1966080 checking command to parse /usr/bin/nm -B output from gcc object... ok checking for objdir... .libs checking for ar... ar checking for ranlib... ranlib checking for strip... strip checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc static flag -static works... no checking if gcc supports -c -o file.o... yes checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no configure: creating libtool appending configuration tag "CXX" to libtool appending configuration tag "F77" to libtool checking for cl_scanfile in -lclamav... yes checking for mkstemp... yes checking alloca.h usability... yes checking alloca.h presence... yes checking for alloca.h... yes checking regex.h usability... yes checking regex.h presence... yes checking for regex.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking ctype.h usability... yes checking ctype.h presence... yes checking for ctype.h... yes checking sys/un.h usability... yes checking sys/un.h presence... yes checking for sys/un.h... yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking for string.h... (cached) yes checking errno.h usability... yes checking errno.h presence... yes checking for errno.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking clamav.h usability... yes checking clamav.h presence... yes checking for clamav.h... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking netinet/in.h usability... yes checking netinet/in.h presence... yes checking for netinet/in.h... yes configure: creating ./config.status config.status: creating Makefile config.status: creating mod_clamav_version.h config.status: creating mod_clamav.html config.status: creating config.h config.status: executing depfiles commands
make
Die nachfolgenden Parameter haben folgende Bedeutung:
–with-apxs=/usr/sbin/apxs
- Pfad zum Apache eXtenSion Tool
Nach Abschluss der Vorbereitungen des Kompiliervorgangs, kann das eigentlichen kompilieren mit nachfolgendem Befehl durchgeführt werden:
# make make all-am make[1]: Entering directory `/tmp/mod_clamav-0.23' /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-config.lo -MD -MP -MF .deps/mod_clamav_la-config.Tpo -c -o mod_clamav_la-config.lo `test -f 'config.c' || echo './'`config.c mkdir .libs gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-config.lo -MD -MP -MF .deps/mod_clamav_la-config.Tpo -c config.c -fPIC -DPIC -o .libs/mod_clamav_la-config.o mv -f .deps/mod_clamav_la-config.Tpo .deps/mod_clamav_la-config.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-locking.lo -MD -MP -MF .deps/mod_clamav_la-locking.Tpo -c -o mod_clamav_la-locking.lo `test -f 'locking.c' || echo './'`locking.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-locking.lo -MD -MP -MF .deps/mod_clamav_la-locking.Tpo -c locking.c -fPIC -DPIC -o .libs/mod_clamav_la-locking.o mv -f .deps/mod_clamav_la-locking.Tpo .deps/mod_clamav_la-locking.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-handler.lo -MD -MP -MF .deps/mod_clamav_la-handler.Tpo -c -o mod_clamav_la-handler.lo `test -f 'handler.c' || echo './'`handler.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-handler.lo -MD -MP -MF .deps/mod_clamav_la-handler.Tpo -c handler.c -fPIC -DPIC -o .libs/mod_clamav_la-handler.o mv -f .deps/mod_clamav_la-handler.Tpo .deps/mod_clamav_la-handler.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-shmem.lo -MD -MP -MF .deps/mod_clamav_la-shmem.Tpo -c -o mod_clamav_la-shmem.lo `test -f 'shmem.c' || echo './'`shmem.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-shmem.lo -MD -MP -MF .deps/mod_clamav_la-shmem.Tpo -c shmem.c -fPIC -DPIC -o .libs/mod_clamav_la-shmem.o mv -f .deps/mod_clamav_la-shmem.Tpo .deps/mod_clamav_la-shmem.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-init.lo -MD -MP -MF .deps/mod_clamav_la-init.Tpo -c -o mod_clamav_la-init.lo `test -f 'init.c' || echo './'`init.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-init.lo -MD -MP -MF .deps/mod_clamav_la-init.Tpo -c init.c -fPIC -DPIC -o .libs/mod_clamav_la-init.o mv -f .deps/mod_clamav_la-init.Tpo .deps/mod_clamav_la-init.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-filter.lo -MD -MP -MF .deps/mod_clamav_la-filter.Tpo -c -o mod_clamav_la-filter.lo `test -f 'filter.c' || echo './'`filter.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-filter.lo -MD -MP -MF .deps/mod_clamav_la-filter.Tpo -c filter.c -fPIC -DPIC -o .libs/mod_clamav_la-filter.o mv -f .deps/mod_clamav_la-filter.Tpo .deps/mod_clamav_la-filter.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-bypass.lo -MD -MP -MF .deps/mod_clamav_la-bypass.Tpo -c -o mod_clamav_la-bypass.lo `test -f 'bypass.c' || echo './'`bypass.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-bypass.lo -MD -MP -MF .deps/mod_clamav_la-bypass.Tpo -c bypass.c -fPIC -DPIC -o .libs/mod_clamav_la-bypass.o mv -f .deps/mod_clamav_la-bypass.Tpo .deps/mod_clamav_la-bypass.Plo /bin/sh ./libtool --tag=CC --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I. `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-mod_clamav.lo -MD -MP -MF .deps/mod_clamav_la-mod_clamav.Tpo -c -o mod_clamav_la-mod_clamav.lo `test -f 'mod_clamav.c' || echo './'`mod_clamav.c gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-mod_clamav.lo -MD -MP -MF .deps/mod_clamav_la-mod_clamav.Tpo -c mod_clamav.c -fPIC -DPIC -o .libs/mod_clamav_la-mod_clamav.o mv -f .deps/mod_clamav_la-mod_clamav.Tpo .deps/mod_clamav_la-mod_clamav.Plo /bin/sh ./libtool --tag=CC --mode=link `/usr/sbin/apxs -q CC` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 `apr-1-config --ldflags` -module `/usr/sbin/apxs -q LDFLAGS_SHLIB` -o mod_clamav.la -rpath /usr/local/lib mod_clamav_la-config.lo mod_clamav_la-locking.lo mod_clamav_la-handler.lo mod_clamav_la-shmem.lo mod_clamav_la-init.lo mod_clamav_la-filter.lo mod_clamav_la-bypass.lo mod_clamav_la-mod_clamav.lo -lclamav gcc -shared .libs/mod_clamav_la-config.o .libs/mod_clamav_la-locking.o .libs/mod_clamav_la-handler.o .libs/mod_clamav_la-shmem.o .libs/mod_clamav_la-init.o .libs/mod_clamav_la-filter.o .libs/mod_clamav_la-bypass.o .libs/mod_clamav_la-mod_clamav.o -lclamav -pthread -Wl,-soname -Wl,mod_clamav.so.0 -o .libs/mod_clamav.so.0.0.0 (cd .libs && rm -f mod_clamav.so.0 && ln -s mod_clamav.so.0.0.0 mod_clamav.so.0) (cd .libs && rm -f mod_clamav.so && ln -s mod_clamav.so.0.0.0 mod_clamav.so) creating mod_clamav.la (cd .libs && rm -f mod_clamav.la && ln -s ../mod_clamav.la mod_clamav.la) make[1]: Leaving directory `/tmp/mod_clamav-0.23'
Nach dem erfolgreichen kompilieren des Apache HTTPD Server-Moduls mod_clamav
, sollte der Inhalt des Verzeichnisses wie folgt aussehen:
# ls -l /tmp/mod_clamav-0.23 total 1864 -rw-r--r-- 1 1000 wheel 266567 Apr 11 2009 aclocal.m4 -rw-r--r-- 1 1000 wheel 613 Mar 28 2004 AUTHORS -rw-r--r-- 1 1000 wheel 4308 Apr 11 2009 bypass.c -rw-r--r-- 1 1000 wheel 5153 Apr 29 2004 ChangeLog -rw-r--r-- 1 1000 wheel 13682 Apr 11 2009 config.c -rwxr-xr-x 1 1000 wheel 44466 Sep 21 2007 config.guess -rw-r--r-- 1 root root 2590 May 23 07:28 config.h -rw-r--r-- 1 1000 wheel 2420 Apr 11 2009 config.h.in -rw-r--r-- 1 root root 29225 May 23 07:28 config.log -rwxr-xr-x 1 root root 31668 May 23 07:28 config.status -rwxr-xr-x 1 1000 wheel 32560 Sep 21 2007 config.sub -rwxr-xr-x 1 1000 wheel 684009 Apr 11 2009 configure -rw-r--r-- 1 1000 wheel 1814 Apr 11 2009 configure.in -rw-r--r-- 1 1000 wheel 17992 Feb 28 2003 COPYING -rwxr-xr-x 1 1000 wheel 17574 Jan 21 2008 depcomp -rw-r--r-- 1 1000 wheel 29273 Apr 11 2009 filter.c -rw-r--r-- 1 1000 wheel 11623 Apr 11 2009 handler.c -rw-r--r-- 1 1000 wheel 6426 Apr 11 2009 init.c -rw-r--r-- 1 1000 wheel 9871 Jan 8 2004 INSTALL -rwxr-xr-x 1 1000 wheel 13184 Jan 21 2008 install-sh -rwxr-xr-x 1 root root 209712 May 23 07:28 libtool -rw-r--r-- 1 1000 wheel 1400 Apr 11 2009 locking.c -rw-r--r-- 1 1000 wheel 198965 Sep 21 2007 ltmain.sh -rw-r--r-- 1 root root 27373 May 23 07:28 Makefile -rw-r--r-- 1 1000 wheel 1454 Apr 11 2009 Makefile.am -rw-r--r-- 1 1000 wheel 29277 Apr 11 2009 Makefile.in -rw-r--r-- 1 1000 wheel 646 Mar 14 2004 message.conf -rwxr-xr-x 1 1000 wheel 11135 Jan 21 2008 missing -rw-r--r-- 1 1000 wheel 1231 Apr 11 2009 mod_clamav.c -rw-r--r-- 1 1000 wheel 290 Apr 11 2009 mod_clamav.css -rw-r--r-- 1 1000 wheel 7978 Apr 11 2009 mod_clamav.h -rw-r--r-- 1 root root 20934 May 23 07:28 mod_clamav.html -rw-r--r-- 1 1000 wheel 20969 Apr 11 2009 mod_clamav.html.in -rw-r--r-- 1 root root 810 May 23 07:30 mod_clamav.la -rw-r--r-- 1 root root 331 May 23 07:30 mod_clamav_la-bypass.lo -rw-r--r-- 1 root root 331 May 23 07:30 mod_clamav_la-config.lo -rw-r--r-- 1 root root 331 May 23 07:30 mod_clamav_la-filter.lo -rw-r--r-- 1 root root 333 May 23 07:30 mod_clamav_la-handler.lo -rw-r--r-- 1 root root 327 May 23 07:30 mod_clamav_la-init.lo -rw-r--r-- 1 root root 333 May 23 07:30 mod_clamav_la-locking.lo -rw-r--r-- 1 root root 339 May 23 07:30 mod_clamav_la-mod_clamav.lo -rw-r--r-- 1 root root 329 May 23 07:30 mod_clamav_la-shmem.lo -rw-r--r-- 1 root root 233 May 23 07:28 mod_clamav_version.h -rw-r--r-- 1 1000 wheel 238 Apr 11 2009 mod_clamav_version.h.in -rw-r--r-- 1 1000 wheel 653 Apr 11 2009 NEWS -rw-r--r-- 1 1000 wheel 631 Nov 11 2003 README -rw-r--r-- 1 1000 wheel 2782 Mar 19 2004 safepatterns.conf -rw-r--r-- 1 1000 wheel 2264 Mar 22 2004 sample.conf -rw-r--r-- 1 1000 wheel 1713 Apr 11 2009 shmem.c -rw-r--r-- 1 root root 23 May 23 07:28 stamp-h1 -rw-r--r-- 1 1000 wheel 100 Apr 11 2009 TODO
* Dabei sind alle Dateien, welche dem Benutzer un der Gruppe root
gehören, neu dazu gekommen!
Installieren
Nachdem das Kompilieren erfolgreich abgeschlossen wurde, muss mit nachfolgendem Befehl das Apache HTTPD Server-Modul mod_clamav
- erstellt - werden.
make install
Mit nachfolgendem Befehl wird die eigentliche Erstellung des Apache HTTPD Server-Modul mod_clamav
durchgeführt:
# make install make[1]: Entering directory `/tmp/mod_clamav-0.23' make all-am make[2]: Entering directory `/tmp/mod_clamav-0.23' make[2]: Leaving directory `/tmp/mod_clamav-0.23' /usr/sbin/apxs -i -a -n 'clamav' .libs/mod_clamav.so /usr/lib64/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib64/apr-1/build/libtool' .libs/mod_clamav.so /usr/lib64/httpd/modules /usr/lib64/apr-1/build/libtool --mode=install cp .libs/mod_clamav.so /usr/lib64/httpd/modules/ libtool: install: cp .libs/mod_clamav.so /usr/lib64/httpd/modules/mod_clamav.so Warning! dlname not found in /usr/lib64/httpd/modules/mod_clamav.so. Assuming installing a .so rather than a libtool archive. chmod 755 /usr/lib64/httpd/modules/mod_clamav.so [activating module `clamav' in /etc/httpd/conf/httpd.conf] make[1]: Nothing to be done for `install-data-am'. make[1]: Leaving directory `/tmp/mod_clamav-0.23'
Nach Abschluss dieses Befehls sind folgende Dateien und Konfigurationen entstanden.
/usr/lib64/httpd/modules/mod_clamav.so
In nachfolgendem Verzeichnis befindet sich nun das Apache HTTPD Server-Modul mod_clamav
mit nachfolgendem Namen:
/usr/lib64/httpd/modules/mod_clamav.so
Dies kann mit nachfolgendem Befehl überprüft werden:
# ls -l /usr/lib64/httpd/modules/mod_clamav.so -rwxr-xr-x 1 root root 171758 May 23 07:38 /usr/lib64/httpd/modules/mod_clamav.so
/etc/httpd/conf/httpd.conf
Die Hauptkonfigurationsdatei des Apache HTTPD Server wurde an entsprechender Stelle um eine Konfiguration erweitert, welche das Laden des Apache HTTPD Server-Moduls mod_clamav
beim Starten des Apache HTTPD Server veranlasst.
/etc/httpd/conf/httpd.conf
(Nur relevanter Ausschnitt)
...
LoadModule clamav_module /usr/lib64/httpd/modules/mod_clamav.so
...
Konfiguration
Um das neue Apache HTTPD Server-Modul mod_clamav
in den Apache HTTPD Server, oder einen VHOST einbinden zu können, ist die Konfiguration des Apache HTTPD Server-Modul mod_clamav
notwendig.
Dazu wird eine Beispielkonfiguration im Verzeichnis /tmp/mod_clamav-0.23
mit nachfolgendem Namen mitgeliefert
/tmp/mod_clamav-0.23/sample.conf
und eine zusätzliche Datei mit „Pattern“-Definitionen
tmp/mod_clamav-0.23/safepatterns.conf
Der Inhalt dieser Beispielkonfigurationen, kann mit nachfolgenden Befehlen zur Anzeige gebracht werden:
# cat /tmp/mod_clamav-0.23/sample.conf # # sample mod_clamav configuration # # (c) 2004 Dr. Andreas Mueller, Beratung und Entwicklung # # $Id: sample.conf,v 1.1 2004/03/21 23:25:53 afm Exp $ # # during make install, includes the module in httpd.conf, so the fllowing # load directive is very seldom needed LoadModule clamav_module modules/mod_clamav.so # specify the directory where the module should place files durin download ClamavTmpdir /var/tmp/clamav # the db directory is only needed in local mode ClamavDbdir /usr/local/share/clamav # bypass scanning of jpeg images ClamavSafetypes image/jpg # make sure we use the clamav daemon on socket /tmp/clamd ClamavMode daemon ClamavSocket /tmp/clamd # send something to the browser every 10 seconds, and don't scan more than # 1 MB of large files ClamavTrickleInterval 10 ClamavTrickleSize 1024 ClamavSizelimit 1000000 # names for shared memory and mutex. Note that we don't know exactly what # apache does in the background. However, we should make sure that apache # can create these files if necessary ClamavShm /usr/local/apache2/logs/clamav.shm ClamavMutex /usr/local/apache2/logs/clamav.lock # if the daemon crashes, we will have a problem connecting to it. Since # we don't have any PCs, we are not very paranoid about this ClamavAcceptDaemonproblem on # we would laike to get a more complete log file ClamavExtendedLogging on LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats CustomLog logs/scan_log clamav_stats # make sure proxy data is filtered <Proxy *> SetOutputFilter CLAMAV </Proxy> # define the location for status information <Location /clamav> SetHandler clamav allow from all </Location> # safe patterns is much better than ClamavSavetypes Include conf/safepatterns.conf # we have a customized message in case we find a virus ClamavMessage "\ <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\ <html>\ <head>\ <title>%i found virus</title>\ </head>\ <body text=\"#000000\" bgcolor=\"#ffffff\">\ <basefont size=\"4\">\ <h1><center>%i found virus</center></h1>\ <p>The virus <b>%v</b> was found while downloading <i>%u</i>.\ The transfer has been aborted.</p>\ </basefont>\ </body>\ </html>\ "
# cat /tmp/mod_clamav-0.23/safepatterns.conf # # Start of ClamavSafepatterns # # The first entry matches all objects that contain only ASCII # characters (0x20<=char<=0x74 qnd CR,LF,TAB) in the first # 16 bytes. All other entries are derived from the magic # patterns of the file(1) utility. # # (c) 2004 Andreas Steinmetz, contributed to the mod_clamav project # $Id: safepatterns.conf,v 1.2 2004/03/18 23:36:20 afm Exp $ # <IfModule mod_clamav.c> # This pattern means that text is acceptable. This causes all .html (with # java script included), all *.js and *.vbs to be bypassed. Maybe not # very secure, hence switched of by default. BTW, with this enabled # eicar.com will no longer be recognized, as eicar.com is a text file. #ClamavSafepattern text # with some paranoia, you will not trust a PDF, since at least in principle # it has the ability to run certain scripts ClamavSafepattern pdf "%PDF" ClamavSafepattern dvi "\xf7\x02" # image formats are quite safe ClamavSafepattern jpeg-jfif "\xff\xf8\x00\x00\x00\x00JFIF" "\xff\xff\x00\x00\x00\x00" ClamavSafepattern jpeg-exif "\xff\xf8\x00\x00\x00\x00Exif" "\xff\xff\x00\x00\x00\x00" ClamavSafepattern jpeg-2000 "\x00\x00\x00\x0c\x6a\x50\x20\x20\x0d\x0a\x87\x0a" ClamavSafepattern gif87a "GIF87a" ClamavSafepattern gif89a "GIF89a" ClamavSafepattern png "\x89PNG\x0d\x0a\x1a\x0a" # streaming formats: they are a real pain with trend micro viruswall ClamavSafepattern mpeg-video "\x00\x00\x01\xb3" ClamavSafepattern mpeg-system "\x00\x00\x01\xba" ClamavSafepattern mpeg-transport "\x47\x40\x00\x10" "\xff\x5f\xff\x1f" ClamavSafepattern mpeg1-l3 "\xff\xfa" "\xff\xfe" ClamavSafepattern mpeg1-l2 "\xff\xfc" "\xff\xfe" ClamavSafepattern mpeg2-l3 "\xff\xf2" "\xff\xfa" ClamavSafepattern mpeg2-l2 "\xff\xf4" "\xff\xfc" ClamavSafepattern dif "\x1f\x07\x00" ClamavSafepattern asf "\x30\x26\xb2\x75" ClamavSafepattern mng "\x8aMNG\x0d\x0a\x1a\x0a" ClamavSafepattern riff "RIFF" ClamavSafepattern ogg "OggS" ClamavSafepattern realaudio "\x2e\x72\x61\xfd" ClamavSafepattern realmedia ".RMF" ClamavSafepattern midi "MThd" ClamavSafepattern quicktime "MOVI" ClamavSafepattern quicktime "moov" ClamavSafepattern quicktime "mdat" ClamavSafepattern flash "FWS" ClamavSafepattern smjpeg "\x00\x0aSMJPEG" ClamavSafepattern flac "fLaC" ClamavSafepattern sunaudio ".snd" ClamavSafepattern decaudio "\x2e\x73\x64\x00" ClamavSafepattern mp3-id3v2 "ID3" ClamavSafepattern nesaudio "NESM\x1a" ClamavSafepattern ac3 "\x0b\x77" ClamavSafepattern iff "FORM" ClamavSafepattern tiff-le "II\x2a\x00" ClamavSafepattern tiff-be "MM\x00\x2a" ClamavSafepattern miff "id=ImageMagick" ClamavSafepattern bmp "BM" # There does exist some Java malware, so you may not want to enable this, # it is turned of by default #ClamavSafepattern java "\xca\xfe\xba\xbe" </IfModule> # # End of ClamavSafepatterns #
/etc/httpd/conf/httpd.conf
Um das Apache HTTPD Server-Modul mod_clamav
unter CentOS nutzen zu können, sind nachfolgende Änderungen notwendig.
In nachfolgendem Beispiel, soll das Apache HTTPD Server-Modul mod_clamav
in die Konfigurationsdatei des Apache HTTPD Server
/etc/httpd/conf/httpd.conf
mit den entsprechenden Anpassungen für das Betriebssystem CentOS und dem aus dem EPEL-Repository installierten ClamAV eingebunden werden.
Dazu wird zur Vorbereitung die Konfigurationsdatei
/tmp/mod_clamav-0.23/safepatterns.conf
mit nachfolgendem Befehl, in nachfolgendes Apache HTTPD Server Verzeichnis
/etc/httpd/conf
kopiert:
# cp -a /tmp/mod_clamav-0.23/safepatterns.conf /etc/httpd/conf/safepatterns.conf
Anschließend kann in der Apache HTTPD Server Konfigurationsdatei
/etc/httpd/conf/httpd.conf
nachfolgende angepasste Konfiguration ergänzt werden:
(Nur relevanter Ausschnitt)
... # Tachtler - clamav <IfModule mod_proxy.c> ProxyRequests On <Proxy *> SetOutputFilter CLAMAV Order deny,allow Deny from all Allow from 127.0.0.1 </Proxy> ProxyVia On </IfModule> <IfModule mod_clamav.c> # specify the directory where the module should place files durin download ClamavTmpdir /var/tmp # the db directory is only needed in local mode ClamavDbdir /var/lib/clamav # make sure we use the clamav daemon on socket ClamavMode daemon ClamavSocket /var/run/clamav/clamd.sock # send something to the browser every 1 seconds, and don't scan more than # 20 MB of large files ClamavTrickleInterval 1 ClamavTrickleSize 1024 ClamavSizelimit 20480000 # names for shared memory and mutex. Note that we don't know exactly what # apache does in the background. However, we should make sure that apache # can create these files if necessary ClamavShm logs/clamav.shm ClamavMutex logs/clamav.lock # if the daemon crashes, we will have a problem connecting to it. Since # we don't have any PCs, we are not very paranoid about this ClamavAcceptDaemonproblem on # we would laike to get a more complete log file ClamavExtendedLogging on LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats CustomLog logs/scan_log clamav_stats # make sure proxy data is filtered <Proxy *> SetOutputFilter CLAMAV </Proxy> # define the location for status information <Location /clamav> SetHandler clamav allow from all </Location> # bypass scanning of jpeg images ClamavSafetypes image/jpg # safe patterns is much better than ClamavSavetypes Include conf/safepatterns.conf # we have a customized message in case we find a virus ClamavMessage "\ <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\ <html>\ <head>\ <title>%i found virus</title>\ </head>\ <body text=\"#000000\" bgcolor=\"#ffffff\">\ <basefont size=\"4\">\ <h1><center>%i found virus</center></h1>\ <p>The virus <b>%v</b> was found while uploading <i>%u</i>.\ The transfer has been aborted.</p>\ </basefont>\ </body>\ </html>\ " </IfModule> ...
Neustart Apache HTTP Server
Ein erneuter oder erster Start des Apache HTTP Server mit folgenden Befehl für eine erstmaligen Start
# service httpd start
oder einen erneuten Start des Apache HTTP Server mit folgendem Befehl
# service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]
macht die oben beschriebenen Konfigurationen für den Apache HTTP Server wirksam.