Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:apache_http_server_centos_6_-_mod_clamav_-_virenscanner_einbindung

Apache HTTP Server CentOS 6 - mod_clamav - Virenscanner Einbindung

Das Apache HTTPD Server-Modul mod_clamav ermöglicht das Durchsuchen von Datei-Uploads nach Viren durch den Virenscanner ClamAV, welches ein Antivirus Toolkit für Unix das unter der GPL Lizenz steht ist, für den Apache HTTPD Server.

Der Apache HTTPD Server ermöglicht die Einbindung von Filtern, welche es erlauben, Inhalte zu modifizieren, die z.B. durch Apache HTTPD Server-Module erstellt worden sind. mod_clamav ist so ein Apache HTTPD Server-Filter, welcher Inhalte, die durch das Apache HTTPD Server-Modul mod_proxy zur Verfügung gestellt werden, unter Zuhilfenahme des Virenscanners ClamAV, welches ein Antivirus Toolkit für Unix das unter der GPL Lizenz darstellt, nach Viren zu durchsuchen.

Die Projekt-Seite, welche hinter dem Apache HTTPD Server-Modul mod_clamav steht, kann unter nachfolgendem externen Link aufgerufen werden:

Ab hier werden root-Rechte zur Ausführung der nachfolgenden Befehle benötigt. Um root zu werden geben Sie bitte folgenden Befehl ein:

$ su -
Password: 

Vorbereitungen

Da es sich bei der zur heruntergeladenen Datei nicht um ein rpm-Paket handelt, sondern um eine tar-Archivdatei handelt und dies die Quellen (Sourcen) des Apache HTTPD Server-Moduls mod_clamav handelt, ist es erforderlich das Apache HTTPD Server-Modul mod_clamav noch zu kompilieren.

Nachfolgende Systemvoraussetzungen sind dafür erforderlich:

Zusätzlich ist es ebenfalls erforderlich ein Repository eines Drittanbieter einzubinden, in diesem Falls soll hier das EPEL-Repository zum Einsatz kommen. Wie dies Eingebunden werden kann, kann unter nachfolgendem internen Link nachgelesen werden:

Nachfolgender Befehl installiert die grundsätzlich benötigten Abhängigkeiten:

# yum install gcc httpd httpd-devel clamav clamav-devel make
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
85 packages excluded due to repository priority protections
Setting up Install Process
Package 1:make-3.81-20.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.98.3-1.el6 will be installed
--> Processing Dependency: clamav-db = 0.98.3-1.el6 for package: clamav-0.98.3-1.el6.x86_64
---> Package clamav-devel.x86_64 0:0.98.3-1.el6 will be installed
---> Package gcc.x86_64 0:4.4.7-4.el6 will be installed
--> Processing Dependency: libgomp = 4.4.7-4.el6 for package: gcc-4.4.7-4.el6.x86_64
--> Processing Dependency: cpp = 4.4.7-4.el6 for package: gcc-4.4.7-4.el6.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-4.el6.x86_64
--> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-4.el6.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-4.el6.x86_64
---> Package httpd.x86_64 0:2.2.15-30.el6.centos will be installed
--> Processing Dependency: httpd-tools = 2.2.15-30.el6.centos for package: httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-30.el6.centos.x86_64
---> Package httpd-devel.x86_64 0:2.2.15-30.el6.centos will be installed
--> Processing Dependency: apr-util-devel for package: httpd-devel-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: apr-devel for package: httpd-devel-2.2.15-30.el6.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed
---> Package apr-devel.x86_64 0:1.3.9-5.el6_2 will be installed
---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed
---> Package apr-util-devel.x86_64 0:1.3.9-3.el6_0.1 will be installed
--> Processing Dependency: openldap-devel for package: apr-util-devel-1.3.9-3.el6_0.1.x86_64
--> Processing Dependency: expat-devel for package: apr-util-devel-1.3.9-3.el6_0.1.x86_64
--> Processing Dependency: db4-devel for package: apr-util-devel-1.3.9-3.el6_0.1.x86_64
---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed
---> Package clamav-db.x86_64 0:0.98.3-1.el6 will be installed
---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed
--> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64
--> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64
---> Package cpp.x86_64 0:4.4.7-4.el6 will be installed
--> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-4.el6.x86_64
---> Package glibc-devel.x86_64 0:2.12-1.132.el6_5.1 will be installed
--> Processing Dependency: glibc-headers = 2.12-1.132.el6_5.1 for package: glibc-devel-2.12-1.132.el6_5.1.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.132.el6_5.1.x86_64
---> Package httpd-tools.x86_64 0:2.2.15-30.el6.centos will be installed
---> Package libgomp.x86_64 0:4.4.7-4.el6 will be installed
---> Package mailcap.noarch 0:2.1.31-2.el6 will be installed
--> Running transaction check
---> Package db4-devel.x86_64 0:4.7.25-18.el6_4 will be installed
--> Processing Dependency: db4-cxx = 4.7.25-18.el6_4 for package: db4-devel-4.7.25-18.el6_4.x86_64
--> Processing Dependency: libdb_cxx-4.7.so()(64bit) for package: db4-devel-4.7.25-18.el6_4.x86_64
---> Package expat-devel.x86_64 0:2.0.1-11.el6_2 will be installed
---> Package glibc-headers.x86_64 0:2.12-1.132.el6_5.1 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.132.el6_5.1.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.132.el6_5.1.x86_64
---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed
---> Package openldap-devel.x86_64 0:2.4.23-34.el6_5.1 will be installed
--> Processing Dependency: cyrus-sasl-devel >= 2.1 for package: openldap-devel-2.4.23-34.el6_5.1.x86_64
---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed
--> Running transaction check
---> Package cyrus-sasl-devel.x86_64 0:2.1.23-13.el6_3.1 will be installed
---> Package db4-cxx.x86_64 0:4.7.25-18.el6_4 will be installed
---> Package kernel-headers.x86_64 0:2.6.32-431.17.1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package               Arch        Version                   Repository    Size
================================================================================
Installing:
 clamav                x86_64      0.98.3-1.el6              epel         1.4 M
 clamav-devel          x86_64      0.98.3-1.el6              epel          19 k
 gcc                   x86_64      4.4.7-4.el6               base          10 M
 httpd                 x86_64      2.2.15-30.el6.centos      updates      821 k
 httpd-devel           x86_64      2.2.15-30.el6.centos      updates      150 k
Installing for dependencies:
 apr                   x86_64      1.3.9-5.el6_2             base         123 k
 apr-devel             x86_64      1.3.9-5.el6_2             base         176 k
 apr-util              x86_64      1.3.9-3.el6_0.1           base          87 k
 apr-util-devel        x86_64      1.3.9-3.el6_0.1           base          69 k
 apr-util-ldap         x86_64      1.3.9-3.el6_0.1           base          15 k
 clamav-db             x86_64      0.98.3-1.el6              epel          84 M
 cloog-ppl             x86_64      0.15.7-1.2.el6            base          93 k
 cpp                   x86_64      4.4.7-4.el6               base         3.7 M
 cyrus-sasl-devel      x86_64      2.1.23-13.el6_3.1         base         302 k
 db4-cxx               x86_64      4.7.25-18.el6_4           base         588 k
 db4-devel             x86_64      4.7.25-18.el6_4           base         6.6 M
 expat-devel           x86_64      2.0.1-11.el6_2            base         120 k
 glibc-devel           x86_64      2.12-1.132.el6_5.1        updates      978 k
 glibc-headers         x86_64      2.12-1.132.el6_5.1        updates      608 k
 httpd-tools           x86_64      2.2.15-30.el6.centos      updates       73 k
 kernel-headers        x86_64      2.6.32-431.17.1.el6       updates      2.9 M
 libgomp               x86_64      4.4.7-4.el6               base         118 k
 mailcap               noarch      2.1.31-2.el6              base          27 k
 mpfr                  x86_64      2.4.1-6.el6               base         157 k
 openldap-devel        x86_64      2.4.23-34.el6_5.1         updates      1.1 M
 ppl                   x86_64      0.10.2-11.el6             base         1.3 M

Transaction Summary
================================================================================
Install      26 Package(s)

Total download size: 116 M
Installed size: 164 M
Is this ok [y/N]: y
Downloading Packages:
(1/26): apr-1.3.9-5.el6_2.x86_64.rpm                     | 123 kB     00:00     
(2/26): apr-devel-1.3.9-5.el6_2.x86_64.rpm               | 176 kB     00:00     
(3/26): apr-util-1.3.9-3.el6_0.1.x86_64.rpm              |  87 kB     00:00     
(4/26): apr-util-devel-1.3.9-3.el6_0.1.x86_64.rpm        |  69 kB     00:00     
(5/26): apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm         |  15 kB     00:00     
(6/26): clamav-0.98.3-1.el6.x86_64.rpm                   | 1.4 MB     00:00     
(7/26): clamav-db-0.98.3-1.el6.x86_64.rpm                |  84 MB     00:01     
(8/26): clamav-devel-0.98.3-1.el6.x86_64.rpm             |  19 kB     00:00     
(9/26): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm              |  93 kB     00:00     
(10/26): cpp-4.4.7-4.el6.x86_64.rpm                      | 3.7 MB     00:00     
(11/26): cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64.rpm   | 302 kB     00:00     
(12/26): db4-cxx-4.7.25-18.el6_4.x86_64.rpm              | 588 kB     00:00     
(13/26): db4-devel-4.7.25-18.el6_4.x86_64.rpm            | 6.6 MB     00:00     
(14/26): expat-devel-2.0.1-11.el6_2.x86_64.rpm           | 120 kB     00:00     
(15/26): gcc-4.4.7-4.el6.x86_64.rpm                      |  10 MB     00:00     
(16/26): glibc-devel-2.12-1.132.el6_5.1.x86_64.rpm       | 978 kB     00:00     
(17/26): glibc-headers-2.12-1.132.el6_5.1.x86_64.rpm     | 608 kB     00:00     
(18/26): httpd-2.2.15-30.el6.centos.x86_64.rpm           | 821 kB     00:00     
(19/26): httpd-devel-2.2.15-30.el6.centos.x86_64.rpm     | 150 kB     00:00     
(20/26): httpd-tools-2.2.15-30.el6.centos.x86_64.rpm     |  73 kB     00:00     
(21/26): kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm   | 2.9 MB     00:00     
(22/26): libgomp-4.4.7-4.el6.x86_64.rpm                  | 118 kB     00:00     
(23/26): mailcap-2.1.31-2.el6.noarch.rpm                 |  27 kB     00:00     
(24/26): mpfr-2.4.1-6.el6.x86_64.rpm                     | 157 kB     00:00     
(25/26): openldap-devel-2.4.23-34.el6_5.1.x86_64.rpm     | 1.1 MB     00:00     
(26/26): ppl-0.10.2-11.el6.x86_64.rpm                    | 1.3 MB     00:00     
--------------------------------------------------------------------------------
Total                                            37 MB/s | 116 MB     00:03     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : apr-1.3.9-5.el6_2.x86_64                                    1/26 
  Installing : apr-util-1.3.9-3.el6_0.1.x86_64                             2/26 
  Installing : apr-devel-1.3.9-5.el6_2.x86_64                              3/26 
  Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64                        4/26 
  Installing : httpd-tools-2.2.15-30.el6.centos.x86_64                     5/26 
  Installing : ppl-0.10.2-11.el6.x86_64                                    6/26 
  Installing : cloog-ppl-0.15.7-1.2.el6.x86_64                             7/26 
  Installing : mailcap-2.1.31-2.el6.noarch                                 8/26 
  Installing : httpd-2.2.15-30.el6.centos.x86_64                           9/26 
  Installing : db4-cxx-4.7.25-18.el6_4.x86_64                             10/26 
  Installing : db4-devel-4.7.25-18.el6_4.x86_64                           11/26 
  Installing : libgomp-4.4.7-4.el6.x86_64                                 12/26 
  Installing : clamav-db-0.98.3-1.el6.x86_64                              13/26 
  Installing : clamav-0.98.3-1.el6.x86_64                                 14/26 
  Installing : expat-devel-2.0.1-11.el6_2.x86_64                          15/26 
  Installing : mpfr-2.4.1-6.el6.x86_64                                    16/26 
  Installing : cpp-4.4.7-4.el6.x86_64                                     17/26 
  Installing : kernel-headers-2.6.32-431.17.1.el6.x86_64                  18/26 
  Installing : glibc-headers-2.12-1.132.el6_5.1.x86_64                    19/26 
  Installing : glibc-devel-2.12-1.132.el6_5.1.x86_64                      20/26 
  Installing : cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64                  21/26 
  Installing : openldap-devel-2.4.23-34.el6_5.1.x86_64                    22/26 
  Installing : apr-util-devel-1.3.9-3.el6_0.1.x86_64                      23/26 
  Installing : httpd-devel-2.2.15-30.el6.centos.x86_64                    24/26 
  Installing : gcc-4.4.7-4.el6.x86_64                                     25/26 
  Installing : clamav-devel-0.98.3-1.el6.x86_64                           26/26 
  Verifying  : httpd-2.2.15-30.el6.centos.x86_64                           1/26 
  Verifying  : glibc-headers-2.12-1.132.el6_5.1.x86_64                     2/26 
  Verifying  : apr-util-ldap-1.3.9-3.el6_0.1.x86_64                        3/26 
  Verifying  : httpd-tools-2.2.15-30.el6.centos.x86_64                     4/26 
  Verifying  : cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64                   5/26 
  Verifying  : kernel-headers-2.6.32-431.17.1.el6.x86_64                   6/26 
  Verifying  : cpp-4.4.7-4.el6.x86_64                                      7/26 
  Verifying  : mpfr-2.4.1-6.el6.x86_64                                     8/26 
  Verifying  : expat-devel-2.0.1-11.el6_2.x86_64                           9/26 
  Verifying  : openldap-devel-2.4.23-34.el6_5.1.x86_64                    10/26 
  Verifying  : clamav-db-0.98.3-1.el6.x86_64                              11/26 
  Verifying  : cloog-ppl-0.15.7-1.2.el6.x86_64                            12/26 
  Verifying  : apr-util-1.3.9-3.el6_0.1.x86_64                            13/26 
  Verifying  : apr-devel-1.3.9-5.el6_2.x86_64                             14/26 
  Verifying  : libgomp-4.4.7-4.el6.x86_64                                 15/26 
  Verifying  : clamav-devel-0.98.3-1.el6.x86_64                           16/26 
  Verifying  : apr-1.3.9-5.el6_2.x86_64                                   17/26 
  Verifying  : apr-util-devel-1.3.9-3.el6_0.1.x86_64                      18/26 
  Verifying  : db4-cxx-4.7.25-18.el6_4.x86_64                             19/26 
  Verifying  : db4-devel-4.7.25-18.el6_4.x86_64                           20/26 
  Verifying  : gcc-4.4.7-4.el6.x86_64                                     21/26 
  Verifying  : mailcap-2.1.31-2.el6.noarch                                22/26 
  Verifying  : glibc-devel-2.12-1.132.el6_5.1.x86_64                      23/26 
  Verifying  : ppl-0.10.2-11.el6.x86_64                                   24/26 
  Verifying  : clamav-0.98.3-1.el6.x86_64                                 25/26 
  Verifying  : httpd-devel-2.2.15-30.el6.centos.x86_64                    26/26 

Installed:
  clamav.x86_64 0:0.98.3-1.el6              clamav-devel.x86_64 0:0.98.3-1.el6 
  gcc.x86_64 0:4.4.7-4.el6                  httpd.x86_64 0:2.2.15-30.el6.centos
  httpd-devel.x86_64 0:2.2.15-30.el6.centos

Dependency Installed:
  apr.x86_64 0:1.3.9-5.el6_2                                                    
  apr-devel.x86_64 0:1.3.9-5.el6_2                                              
  apr-util.x86_64 0:1.3.9-3.el6_0.1                                             
  apr-util-devel.x86_64 0:1.3.9-3.el6_0.1                                       
  apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1                                        
  clamav-db.x86_64 0:0.98.3-1.el6                                               
  cloog-ppl.x86_64 0:0.15.7-1.2.el6                                             
  cpp.x86_64 0:4.4.7-4.el6                                                      
  cyrus-sasl-devel.x86_64 0:2.1.23-13.el6_3.1                                   
  db4-cxx.x86_64 0:4.7.25-18.el6_4                                              
  db4-devel.x86_64 0:4.7.25-18.el6_4                                            
  expat-devel.x86_64 0:2.0.1-11.el6_2                                           
  glibc-devel.x86_64 0:2.12-1.132.el6_5.1                                       
  glibc-headers.x86_64 0:2.12-1.132.el6_5.1                                     
  httpd-tools.x86_64 0:2.2.15-30.el6.centos                                     
  kernel-headers.x86_64 0:2.6.32-431.17.1.el6                                   
  libgomp.x86_64 0:4.4.7-4.el6                                                  
  mailcap.noarch 0:2.1.31-2.el6                                                 
  mpfr.x86_64 0:2.4.1-6.el6                                                     
  openldap-devel.x86_64 0:2.4.23-34.el6_5.1                                     
  ppl.x86_64 0:0.10.2-11.el6                                                    

Complete!

Herunterladen

Der noch zu kompilierenden Quelle-Code des Apache HTTPD Server-Moduls mod_clamav kann unter nachfolgender URL heruntergeladen werden:

Dazu sollte zuerst mit nachfolgendem Befehl in das Verzeichnis /tmp gewechselt werden:

# cd /tmp

Der nachfolgende Befehl kann dazu genutzt werden den Quelle-Code des Apache HTTPD Server-Moduls mod_clamav herunterzuladen:

# wget http://software.othello.ch/mod_clamav/mod_clamav-0.23.tar.gz
--2014-05-23 08:55:15--  http://software.othello.ch/mod_clamav/mod_clamav-0.23.tar.gz
Connecting to 172.25.10.220:8082... connected.
Proxy request sent, awaiting response... 200 OK
Length: 344930 (337K) [application/x-gzip]
Saving to: “mod_clamav-0.23.tar.gz”

100%[======================================>] 344,930     53.1K/s   in 6.3s    

2014-05-23 08:55:21 (53.6 KB/s) - “mod_clamav-0.23.tar.gz” saved [344930/344930]

Anschließend kann mit nachfolgendem Befehl die tar-Archivdatei entpackt werden:

# tar xzvf mod_clamav-0.23.tar.gz -C /tmp
mod_clamav-0.23/
mod_clamav-0.23/install-sh
mod_clamav-0.23/ChangeLog
mod_clamav-0.23/INSTALL
mod_clamav-0.23/init.c
mod_clamav-0.23/mod_clamav.h
mod_clamav-0.23/COPYING
mod_clamav-0.23/config.sub
mod_clamav-0.23/message.conf
mod_clamav-0.23/mod_clamav.c
mod_clamav-0.23/Makefile.am
mod_clamav-0.23/TODO
mod_clamav-0.23/shmem.c
mod_clamav-0.23/filter.c
mod_clamav-0.23/mod_clamav.html.in
mod_clamav-0.23/missing
mod_clamav-0.23/mod_clamav.css
mod_clamav-0.23/mod_clamav_version.h.in
mod_clamav-0.23/locking.c
mod_clamav-0.23/NEWS
mod_clamav-0.23/handler.c
mod_clamav-0.23/config.h.in
mod_clamav-0.23/ltmain.sh
mod_clamav-0.23/safepatterns.conf
mod_clamav-0.23/sample.conf
mod_clamav-0.23/config.guess
mod_clamav-0.23/bypass.c
mod_clamav-0.23/config.c
mod_clamav-0.23/AUTHORS
mod_clamav-0.23/README
mod_clamav-0.23/depcomp
mod_clamav-0.23/configure.in
mod_clamav-0.23/aclocal.m4
mod_clamav-0.23/configure
mod_clamav-0.23/Makefile.in

Der nachfolgende Befehl dient dazu, in das durch das entpacken der tar-Archivdatei neu entstandene Verzeichnis /tmp/mod_clamav-0.23 zu wechseln:

# cd /tmp/mod_clamav-0.23

Der Inhalt des Verzeichnisses /tmp/mod_clamav-0.23 sollte dann wie folgt aussehen:

# ls -l /tmp/mod_clamav-0.23
total 1492
-rw-r--r-- 1 1000 wheel 266567 Apr 11  2009 aclocal.m4
-rw-r--r-- 1 1000 wheel    613 Mar 28  2004 AUTHORS
-rw-r--r-- 1 1000 wheel   4308 Apr 11  2009 bypass.c
-rw-r--r-- 1 1000 wheel   5153 Apr 29  2004 ChangeLog
-rw-r--r-- 1 1000 wheel  13682 Apr 11  2009 config.c
-rwxr-xr-x 1 1000 wheel  44466 Sep 21  2007 config.guess
-rw-r--r-- 1 1000 wheel   2420 Apr 11  2009 config.h.in
-rwxr-xr-x 1 1000 wheel  32560 Sep 21  2007 config.sub
-rwxr-xr-x 1 1000 wheel 684009 Apr 11  2009 configure
-rw-r--r-- 1 1000 wheel   1814 Apr 11  2009 configure.in
-rw-r--r-- 1 1000 wheel  17992 Feb 28  2003 COPYING
-rwxr-xr-x 1 1000 wheel  17574 Jan 21  2008 depcomp
-rw-r--r-- 1 1000 wheel  29273 Apr 11  2009 filter.c
-rw-r--r-- 1 1000 wheel  11623 Apr 11  2009 handler.c
-rw-r--r-- 1 1000 wheel   6426 Apr 11  2009 init.c
-rw-r--r-- 1 1000 wheel   9871 Jan  8  2004 INSTALL
-rwxr-xr-x 1 1000 wheel  13184 Jan 21  2008 install-sh
-rw-r--r-- 1 1000 wheel   1400 Apr 11  2009 locking.c
-rw-r--r-- 1 1000 wheel 198965 Sep 21  2007 ltmain.sh
-rw-r--r-- 1 1000 wheel   1454 Apr 11  2009 Makefile.am
-rw-r--r-- 1 1000 wheel  29277 Apr 11  2009 Makefile.in
-rw-r--r-- 1 1000 wheel    646 Mar 14  2004 message.conf
-rwxr-xr-x 1 1000 wheel  11135 Jan 21  2008 missing
-rw-r--r-- 1 1000 wheel   1231 Apr 11  2009 mod_clamav.c
-rw-r--r-- 1 1000 wheel    290 Apr 11  2009 mod_clamav.css
-rw-r--r-- 1 1000 wheel   7978 Apr 11  2009 mod_clamav.h
-rw-r--r-- 1 1000 wheel  20969 Apr 11  2009 mod_clamav.html.in
-rw-r--r-- 1 1000 wheel    238 Apr 11  2009 mod_clamav_version.h.in
-rw-r--r-- 1 1000 wheel    653 Apr 11  2009 NEWS
-rw-r--r-- 1 1000 wheel    631 Nov 11  2003 README
-rw-r--r-- 1 1000 wheel   2782 Mar 19  2004 safepatterns.conf
-rw-r--r-- 1 1000 wheel   2264 Mar 22  2004 sample.conf
-rw-r--r-- 1 1000 wheel   1713 Apr 11  2009 shmem.c
-rw-r--r-- 1 1000 wheel    100 Apr 11  2009 TODO

Kompilieren

Nachfolgende Vorgehensweise beschreibt eine Möglichkeit den Quelle-Code des Apache HTTPD Server-Moduls mod_clamav zu kompilieren und das Apache HTTPD Server-Modul mod_clamav zu erhalten.

./configure

Im Verzeichnis /tmp/mod_clamav-0.23 kann nachfolgender Befehl dazu genutzt werden, um die Konfiguration des späteren Kompiliervorgangs durchzuführen, dabei sind mindestens nachfolgende Parameter zu setzen:

# ./configure --with-apache=/usr/sbin/httpd --with-apxs=/usr/sbin/apxs
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for APXS tool... using /usr/sbin/apxs
checking for apr-1-config tool... checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking for g++... no
checking for c++... no
checking for gpp... no
checking for aCC... no
checking for CC... no
checking for cxx... no
checking for cc++... no
checking for cl.exe... no
checking for FCC... no
checking for KCC... no
checking for RCC... no
checking for xlC_r... no
checking for xlC... no
checking whether we are using the GNU C++ compiler... no
checking whether g++ accepts -g... no
checking dependency style of g++... none
checking for g77... no
checking for xlf... no
checking for f77... no
checking for frt... no
checking for pgf77... no
checking for cf77... no
checking for fort77... no
checking for fl32... no
checking for af77... no
checking for xlf90... no
checking for f90... no
checking for pgf90... no
checking for pghpf... no
checking for epcf90... no
checking for gfortran... no
checking for g95... no
checking for xlf95... no
checking for f95... no
checking for fort... no
checking for ifort... no
checking for ifc... no
checking for efc... no
checking for pgf95... no
checking for lf95... no
checking for ftn... no
checking whether we are using the GNU Fortran 77 compiler... no
checking whether  accepts -g... no
checking the maximum length of command line arguments... 1966080
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
configure: creating libtool
appending configuration tag "CXX" to libtool
appending configuration tag "F77" to libtool
checking for cl_scanfile in -lclamav... yes
checking for mkstemp... yes
checking alloca.h usability... yes
checking alloca.h presence... yes
checking for alloca.h... yes
checking regex.h usability... yes
checking regex.h presence... yes
checking for regex.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking for string.h... (cached) yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking clamav.h usability... yes
checking clamav.h presence... yes
checking for clamav.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating mod_clamav_version.h
config.status: creating mod_clamav.html
config.status: creating config.h
config.status: executing depfiles commands

make

Die nachfolgenden Parameter haben folgende Bedeutung:

  • –with-apache=/usr/sbin/httpd - Stammverzeichnis des Apache HTTPD Server-Installation unter CentOS.
  • –with-apxs=/usr/sbin/apxs - Pfad zum Apache eXtenSion Tool

Nach Abschluss der Vorbereitungen des Kompiliervorgangs, kann das eigentlichen kompilieren mit nachfolgendem Befehl durchgeführt werden:

# make
make  all-am
make[1]: Entering directory `/tmp/mod_clamav-0.23'
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-config.lo -MD -MP -MF .deps/mod_clamav_la-config.Tpo -c -o mod_clamav_la-config.lo `test -f 'config.c' || echo './'`config.c
mkdir .libs
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-config.lo -MD -MP -MF .deps/mod_clamav_la-config.Tpo -c config.c  -fPIC -DPIC -o .libs/mod_clamav_la-config.o
mv -f .deps/mod_clamav_la-config.Tpo .deps/mod_clamav_la-config.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-locking.lo -MD -MP -MF .deps/mod_clamav_la-locking.Tpo -c -o mod_clamav_la-locking.lo `test -f 'locking.c' || echo './'`locking.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-locking.lo -MD -MP -MF .deps/mod_clamav_la-locking.Tpo -c locking.c  -fPIC -DPIC -o .libs/mod_clamav_la-locking.o
mv -f .deps/mod_clamav_la-locking.Tpo .deps/mod_clamav_la-locking.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-handler.lo -MD -MP -MF .deps/mod_clamav_la-handler.Tpo -c -o mod_clamav_la-handler.lo `test -f 'handler.c' || echo './'`handler.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-handler.lo -MD -MP -MF .deps/mod_clamav_la-handler.Tpo -c handler.c  -fPIC -DPIC -o .libs/mod_clamav_la-handler.o
mv -f .deps/mod_clamav_la-handler.Tpo .deps/mod_clamav_la-handler.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-shmem.lo -MD -MP -MF .deps/mod_clamav_la-shmem.Tpo -c -o mod_clamav_la-shmem.lo `test -f 'shmem.c' || echo './'`shmem.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-shmem.lo -MD -MP -MF .deps/mod_clamav_la-shmem.Tpo -c shmem.c  -fPIC -DPIC -o .libs/mod_clamav_la-shmem.o
mv -f .deps/mod_clamav_la-shmem.Tpo .deps/mod_clamav_la-shmem.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-init.lo -MD -MP -MF .deps/mod_clamav_la-init.Tpo -c -o mod_clamav_la-init.lo `test -f 'init.c' || echo './'`init.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-init.lo -MD -MP -MF .deps/mod_clamav_la-init.Tpo -c init.c  -fPIC -DPIC -o .libs/mod_clamav_la-init.o
mv -f .deps/mod_clamav_la-init.Tpo .deps/mod_clamav_la-init.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-filter.lo -MD -MP -MF .deps/mod_clamav_la-filter.Tpo -c -o mod_clamav_la-filter.lo `test -f 'filter.c' || echo './'`filter.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-filter.lo -MD -MP -MF .deps/mod_clamav_la-filter.Tpo -c filter.c  -fPIC -DPIC -o .libs/mod_clamav_la-filter.o
mv -f .deps/mod_clamav_la-filter.Tpo .deps/mod_clamav_la-filter.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-bypass.lo -MD -MP -MF .deps/mod_clamav_la-bypass.Tpo -c -o mod_clamav_la-bypass.lo `test -f 'bypass.c' || echo './'`bypass.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-bypass.lo -MD -MP -MF .deps/mod_clamav_la-bypass.Tpo -c bypass.c  -fPIC -DPIC -o .libs/mod_clamav_la-bypass.o
mv -f .deps/mod_clamav_la-bypass.Tpo .deps/mod_clamav_la-bypass.Plo
/bin/sh ./libtool --tag=CC   --mode=compile `/usr/sbin/apxs -q CC` -DHAVE_CONFIG_H -I.  `apr-1-config --cppflags` `apr-1-config --includes` -I`/usr/sbin/apxs -q INCLUDEDIR`  `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 -MT mod_clamav_la-mod_clamav.lo -MD -MP -MF .deps/mod_clamav_la-mod_clamav.Tpo -c -o mod_clamav_la-mod_clamav.lo `test -f 'mod_clamav.c' || echo './'`mod_clamav.c
 gcc -DHAVE_CONFIG_H -I. -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/httpd -pthread -g -O2 -MT mod_clamav_la-mod_clamav.lo -MD -MP -MF .deps/mod_clamav_la-mod_clamav.Tpo -c mod_clamav.c  -fPIC -DPIC -o .libs/mod_clamav_la-mod_clamav.o
mv -f .deps/mod_clamav_la-mod_clamav.Tpo .deps/mod_clamav_la-mod_clamav.Plo
/bin/sh ./libtool --tag=CC   --mode=link `/usr/sbin/apxs -q CC` `apr-1-config --cflags` `/usr/sbin/apxs -q CFLAGS_SHLIB` -g -O2 `apr-1-config --ldflags` -module `/usr/sbin/apxs -q LDFLAGS_SHLIB`  -o mod_clamav.la -rpath /usr/local/lib mod_clamav_la-config.lo mod_clamav_la-locking.lo mod_clamav_la-handler.lo mod_clamav_la-shmem.lo mod_clamav_la-init.lo mod_clamav_la-filter.lo mod_clamav_la-bypass.lo mod_clamav_la-mod_clamav.lo  -lclamav 
gcc -shared  .libs/mod_clamav_la-config.o .libs/mod_clamav_la-locking.o .libs/mod_clamav_la-handler.o .libs/mod_clamav_la-shmem.o .libs/mod_clamav_la-init.o .libs/mod_clamav_la-filter.o .libs/mod_clamav_la-bypass.o .libs/mod_clamav_la-mod_clamav.o  -lclamav  -pthread -Wl,-soname -Wl,mod_clamav.so.0 -o .libs/mod_clamav.so.0.0.0
(cd .libs && rm -f mod_clamav.so.0 && ln -s mod_clamav.so.0.0.0 mod_clamav.so.0)
(cd .libs && rm -f mod_clamav.so && ln -s mod_clamav.so.0.0.0 mod_clamav.so)
creating mod_clamav.la
(cd .libs && rm -f mod_clamav.la && ln -s ../mod_clamav.la mod_clamav.la)
make[1]: Leaving directory `/tmp/mod_clamav-0.23'

Nach dem erfolgreichen kompilieren des Apache HTTPD Server-Moduls mod_clamav, sollte der Inhalt des Verzeichnisses wie folgt aussehen:

# ls -l /tmp/mod_clamav-0.23
total 1864
-rw-r--r-- 1 1000 wheel 266567 Apr 11  2009 aclocal.m4
-rw-r--r-- 1 1000 wheel    613 Mar 28  2004 AUTHORS
-rw-r--r-- 1 1000 wheel   4308 Apr 11  2009 bypass.c
-rw-r--r-- 1 1000 wheel   5153 Apr 29  2004 ChangeLog
-rw-r--r-- 1 1000 wheel  13682 Apr 11  2009 config.c
-rwxr-xr-x 1 1000 wheel  44466 Sep 21  2007 config.guess
-rw-r--r-- 1 root root    2590 May 23 07:28 config.h
-rw-r--r-- 1 1000 wheel   2420 Apr 11  2009 config.h.in
-rw-r--r-- 1 root root   29225 May 23 07:28 config.log
-rwxr-xr-x 1 root root   31668 May 23 07:28 config.status
-rwxr-xr-x 1 1000 wheel  32560 Sep 21  2007 config.sub
-rwxr-xr-x 1 1000 wheel 684009 Apr 11  2009 configure
-rw-r--r-- 1 1000 wheel   1814 Apr 11  2009 configure.in
-rw-r--r-- 1 1000 wheel  17992 Feb 28  2003 COPYING
-rwxr-xr-x 1 1000 wheel  17574 Jan 21  2008 depcomp
-rw-r--r-- 1 1000 wheel  29273 Apr 11  2009 filter.c
-rw-r--r-- 1 1000 wheel  11623 Apr 11  2009 handler.c
-rw-r--r-- 1 1000 wheel   6426 Apr 11  2009 init.c
-rw-r--r-- 1 1000 wheel   9871 Jan  8  2004 INSTALL
-rwxr-xr-x 1 1000 wheel  13184 Jan 21  2008 install-sh
-rwxr-xr-x 1 root root  209712 May 23 07:28 libtool
-rw-r--r-- 1 1000 wheel   1400 Apr 11  2009 locking.c
-rw-r--r-- 1 1000 wheel 198965 Sep 21  2007 ltmain.sh
-rw-r--r-- 1 root root   27373 May 23 07:28 Makefile
-rw-r--r-- 1 1000 wheel   1454 Apr 11  2009 Makefile.am
-rw-r--r-- 1 1000 wheel  29277 Apr 11  2009 Makefile.in
-rw-r--r-- 1 1000 wheel    646 Mar 14  2004 message.conf
-rwxr-xr-x 1 1000 wheel  11135 Jan 21  2008 missing
-rw-r--r-- 1 1000 wheel   1231 Apr 11  2009 mod_clamav.c
-rw-r--r-- 1 1000 wheel    290 Apr 11  2009 mod_clamav.css
-rw-r--r-- 1 1000 wheel   7978 Apr 11  2009 mod_clamav.h
-rw-r--r-- 1 root root   20934 May 23 07:28 mod_clamav.html
-rw-r--r-- 1 1000 wheel  20969 Apr 11  2009 mod_clamav.html.in
-rw-r--r-- 1 root root     810 May 23 07:30 mod_clamav.la
-rw-r--r-- 1 root root     331 May 23 07:30 mod_clamav_la-bypass.lo
-rw-r--r-- 1 root root     331 May 23 07:30 mod_clamav_la-config.lo
-rw-r--r-- 1 root root     331 May 23 07:30 mod_clamav_la-filter.lo
-rw-r--r-- 1 root root     333 May 23 07:30 mod_clamav_la-handler.lo
-rw-r--r-- 1 root root     327 May 23 07:30 mod_clamav_la-init.lo
-rw-r--r-- 1 root root     333 May 23 07:30 mod_clamav_la-locking.lo
-rw-r--r-- 1 root root     339 May 23 07:30 mod_clamav_la-mod_clamav.lo
-rw-r--r-- 1 root root     329 May 23 07:30 mod_clamav_la-shmem.lo
-rw-r--r-- 1 root root     233 May 23 07:28 mod_clamav_version.h
-rw-r--r-- 1 1000 wheel    238 Apr 11  2009 mod_clamav_version.h.in
-rw-r--r-- 1 1000 wheel    653 Apr 11  2009 NEWS
-rw-r--r-- 1 1000 wheel    631 Nov 11  2003 README
-rw-r--r-- 1 1000 wheel   2782 Mar 19  2004 safepatterns.conf
-rw-r--r-- 1 1000 wheel   2264 Mar 22  2004 sample.conf
-rw-r--r-- 1 1000 wheel   1713 Apr 11  2009 shmem.c
-rw-r--r-- 1 root root      23 May 23 07:28 stamp-h1
-rw-r--r-- 1 1000 wheel    100 Apr 11  2009 TODO

* Dabei sind alle Dateien, welche dem Benutzer un der Gruppe root gehören, neu dazu gekommen!

Installieren

Nachdem das Kompilieren erfolgreich abgeschlossen wurde, muss mit nachfolgendem Befehl das Apache HTTPD Server-Modul mod_clamav - erstellt - werden.

make install

Mit nachfolgendem Befehl wird die eigentliche Erstellung des Apache HTTPD Server-Modul mod_clamav durchgeführt:

# make install
make[1]: Entering directory `/tmp/mod_clamav-0.23'
make  all-am
make[2]: Entering directory `/tmp/mod_clamav-0.23'
make[2]: Leaving directory `/tmp/mod_clamav-0.23'
/usr/sbin/apxs -i -a -n 'clamav' .libs/mod_clamav.so
/usr/lib64/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib64/apr-1/build/libtool' .libs/mod_clamav.so /usr/lib64/httpd/modules
/usr/lib64/apr-1/build/libtool --mode=install cp .libs/mod_clamav.so /usr/lib64/httpd/modules/
libtool: install: cp .libs/mod_clamav.so /usr/lib64/httpd/modules/mod_clamav.so
Warning!  dlname not found in /usr/lib64/httpd/modules/mod_clamav.so.
Assuming installing a .so rather than a libtool archive.
chmod 755 /usr/lib64/httpd/modules/mod_clamav.so
[activating module `clamav' in /etc/httpd/conf/httpd.conf]
make[1]: Nothing to be done for `install-data-am'.
make[1]: Leaving directory `/tmp/mod_clamav-0.23'

Nach Abschluss dieses Befehls sind folgende Dateien und Konfigurationen entstanden.

/usr/lib64/httpd/modules/mod_clamav.so

In nachfolgendem Verzeichnis befindet sich nun das Apache HTTPD Server-Modul mod_clamav mit nachfolgendem Namen:

  • /usr/lib64/httpd/modules/mod_clamav.so

Dies kann mit nachfolgendem Befehl überprüft werden:

# ls -l /usr/lib64/httpd/modules/mod_clamav.so
-rwxr-xr-x 1 root root 171758 May 23 07:38 /usr/lib64/httpd/modules/mod_clamav.so

/etc/httpd/conf/httpd.conf

Die Hauptkonfigurationsdatei des Apache HTTPD Server wurde an entsprechender Stelle um eine Konfiguration erweitert, welche das Laden des Apache HTTPD Server-Moduls mod_clamav beim Starten des Apache HTTPD Server veranlasst.

  • /etc/httpd/conf/httpd.conf

(Nur relevanter Ausschnitt)

...
LoadModule clamav_module      /usr/lib64/httpd/modules/mod_clamav.so
...

Konfiguration

Um das neue Apache HTTPD Server-Modul mod_clamav in den Apache HTTPD Server, oder einen VHOST einbinden zu können, ist die Konfiguration des Apache HTTPD Server-Modul mod_clamav notwendig.

Dazu wird eine Beispielkonfiguration im Verzeichnis /tmp/mod_clamav-0.23 mit nachfolgendem Namen mitgeliefert

  • /tmp/mod_clamav-0.23/sample.conf

und eine zusätzliche Datei mit „Pattern“-Definitionen

  • tmp/mod_clamav-0.23/safepatterns.conf

Der Inhalt dieser Beispielkonfigurationen, kann mit nachfolgenden Befehlen zur Anzeige gebracht werden:

# cat /tmp/mod_clamav-0.23/sample.conf 
#
# sample mod_clamav configuration
#
# (c) 2004 Dr. Andreas Mueller, Beratung und Entwicklung
#
# $Id: sample.conf,v 1.1 2004/03/21 23:25:53 afm Exp $
#
 
# during make install, includes the module in httpd.conf, so the fllowing
# load directive is very seldom needed
LoadModule clamav_module      modules/mod_clamav.so
 
# specify the directory where the module should place files durin download
ClamavTmpdir    /var/tmp/clamav
 
# the db directory is only needed in local mode
ClamavDbdir     /usr/local/share/clamav
 
# bypass scanning of jpeg images
ClamavSafetypes image/jpg
 
# make sure we use the clamav daemon on socket /tmp/clamd
ClamavMode      daemon
ClamavSocket    /tmp/clamd
 
# send something to the browser every 10 seconds, and don't scan more than
# 1 MB of large files
ClamavTrickleInterval	10
ClamavTrickleSize	1024
ClamavSizelimit		1000000
 
# names for shared memory and mutex. Note that we don't know exactly what
# apache does in the background. However, we should make sure that apache
# can create these files if necessary
ClamavShm	/usr/local/apache2/logs/clamav.shm
ClamavMutex	/usr/local/apache2/logs/clamav.lock
 
# if the daemon crashes, we will have a problem connecting to it. Since
# we don't have any PCs, we are not very paranoid about this
ClamavAcceptDaemonproblem	on
 
#  we would laike to get a more complete log file
ClamavExtendedLogging	on
LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats
CustomLog logs/scan_log clamav_stats
 
# make sure proxy data is filtered
<Proxy *>
    SetOutputFilter     CLAMAV
</Proxy>
 
# define the location for status information
<Location /clamav>
	SetHandler	clamav
	allow from all
</Location>
 
# safe patterns is much better than ClamavSavetypes
Include conf/safepatterns.conf
 
# we have a customized message in case we find a virus
ClamavMessage "\
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\
<html>\
<head>\
<title>%i found virus</title>\
</head>\
<body text=\"#000000\" bgcolor=\"#ffffff\">\
<basefont size=\"4\">\
<h1><center>%i found virus</center></h1>\
<p>The virus <b>%v</b> was found while downloading <i>%u</i>.\
The transfer has been aborted.</p>\
</basefont>\
</body>\
</html>\
"

# cat /tmp/mod_clamav-0.23/safepatterns.conf 
#
# Start of ClamavSafepatterns
#
# The first entry matches all objects that contain only ASCII
# characters (0x20<=char<=0x74 qnd CR,LF,TAB) in the first
# 16 bytes. All other entries are derived from the magic
# patterns of the file(1) utility.
#
# (c) 2004 Andreas Steinmetz, contributed to the mod_clamav project
# $Id: safepatterns.conf,v 1.2 2004/03/18 23:36:20 afm Exp $
#
<IfModule mod_clamav.c>
# This pattern means that text is acceptable. This causes all .html (with
# java script included), all *.js and *.vbs to be bypassed. Maybe not
# very secure, hence switched of by default. BTW, with this enabled
# eicar.com will no longer be recognized, as eicar.com is a text file.
#ClamavSafepattern text
 
# with some paranoia, you will not trust a PDF, since at least in principle
# it has the ability to run certain scripts
ClamavSafepattern pdf "%PDF"
ClamavSafepattern dvi "\xf7\x02"
# image formats are quite safe
ClamavSafepattern jpeg-jfif "\xff\xf8\x00\x00\x00\x00JFIF" "\xff\xff\x00\x00\x00\x00"
ClamavSafepattern jpeg-exif "\xff\xf8\x00\x00\x00\x00Exif" "\xff\xff\x00\x00\x00\x00"
ClamavSafepattern jpeg-2000 "\x00\x00\x00\x0c\x6a\x50\x20\x20\x0d\x0a\x87\x0a"
ClamavSafepattern gif87a "GIF87a"
ClamavSafepattern gif89a "GIF89a"
ClamavSafepattern png "\x89PNG\x0d\x0a\x1a\x0a"
 
# streaming formats: they are a real pain with trend micro viruswall
ClamavSafepattern mpeg-video "\x00\x00\x01\xb3"
ClamavSafepattern mpeg-system "\x00\x00\x01\xba"
ClamavSafepattern mpeg-transport "\x47\x40\x00\x10" "\xff\x5f\xff\x1f"
ClamavSafepattern mpeg1-l3 "\xff\xfa" "\xff\xfe"
ClamavSafepattern mpeg1-l2 "\xff\xfc" "\xff\xfe"
ClamavSafepattern mpeg2-l3 "\xff\xf2" "\xff\xfa"
ClamavSafepattern mpeg2-l2 "\xff\xf4" "\xff\xfc"
ClamavSafepattern dif "\x1f\x07\x00"
ClamavSafepattern asf "\x30\x26\xb2\x75"
ClamavSafepattern mng "\x8aMNG\x0d\x0a\x1a\x0a"
ClamavSafepattern riff "RIFF"
ClamavSafepattern ogg "OggS"
ClamavSafepattern realaudio "\x2e\x72\x61\xfd"
ClamavSafepattern realmedia ".RMF"
ClamavSafepattern midi "MThd"
ClamavSafepattern quicktime "MOVI"
ClamavSafepattern quicktime "moov"
ClamavSafepattern quicktime "mdat"
ClamavSafepattern flash "FWS"
ClamavSafepattern smjpeg "\x00\x0aSMJPEG" 
ClamavSafepattern flac "fLaC"
ClamavSafepattern sunaudio ".snd"
ClamavSafepattern decaudio "\x2e\x73\x64\x00"
ClamavSafepattern mp3-id3v2 "ID3"
ClamavSafepattern nesaudio "NESM\x1a"
ClamavSafepattern ac3 "\x0b\x77"
ClamavSafepattern iff "FORM"
ClamavSafepattern tiff-le "II\x2a\x00"
ClamavSafepattern tiff-be "MM\x00\x2a"
ClamavSafepattern miff "id=ImageMagick"
ClamavSafepattern bmp "BM"
 
# There does exist some Java malware, so you may not want to enable this,
# it is turned of by default
#ClamavSafepattern java "\xca\xfe\xba\xbe"
</IfModule>
#
# End of ClamavSafepatterns
#

/etc/httpd/conf/httpd.conf

Um das Apache HTTPD Server-Modul mod_clamav unter CentOS nutzen zu können, sind nachfolgende Änderungen notwendig.

In nachfolgendem Beispiel, soll das Apache HTTPD Server-Modul mod_clamav in die Konfigurationsdatei des Apache HTTPD Server

  • /etc/httpd/conf/httpd.conf

mit den entsprechenden Anpassungen für das Betriebssystem CentOS und dem aus dem EPEL-Repository installierten ClamAV eingebunden werden.

Dazu wird zur Vorbereitung die Konfigurationsdatei

  • /tmp/mod_clamav-0.23/safepatterns.conf

mit nachfolgendem Befehl, in nachfolgendes Apache HTTPD Server Verzeichnis

  • /etc/httpd/conf

kopiert:

# cp -a /tmp/mod_clamav-0.23/safepatterns.conf /etc/httpd/conf/safepatterns.conf

Anschließend kann in der Apache HTTPD Server Konfigurationsdatei

  • /etc/httpd/conf/httpd.conf

nachfolgende angepasste Konfiguration ergänzt werden:

(Nur relevanter Ausschnitt)

...
        # Tachtler - clamav
 
        <IfModule mod_proxy.c>
                ProxyRequests On
 
                <Proxy *>
                        SetOutputFilter CLAMAV
                        Order deny,allow
                        Deny from all
                        Allow from 127.0.0.1
                </Proxy>        
 
                ProxyVia On
        </IfModule>                
 
        <IfModule mod_clamav.c>
                # specify the directory where the module should place files durin download
                ClamavTmpdir    /var/tmp
                # the db directory is only needed in local mode
                ClamavDbdir     /var/lib/clamav
                # make sure we use the clamav daemon on socket 
                ClamavMode      daemon
                ClamavSocket    /var/run/clamav/clamd.sock
 
                # send something to the browser every 1 seconds, and don't scan more than
                # 20 MB of large files
                ClamavTrickleInterval   1
                ClamavTrickleSize       1024
                ClamavSizelimit         20480000
 
                # names for shared memory and mutex. Note that we don't know exactly what
                # apache does in the background. However, we should make sure that apache
                # can create these files if necessary
                ClamavShm       logs/clamav.shm
                ClamavMutex     logs/clamav.lock
 
                # if the daemon crashes, we will have a problem connecting to it. Since
                # we don't have any PCs, we are not very paranoid about this
                ClamavAcceptDaemonproblem       on
 
                #  we would laike to get a more complete log file
                ClamavExtendedLogging   on
                LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats
                CustomLog logs/scan_log clamav_stats
 
                # make sure proxy data is filtered
                <Proxy *>
                        SetOutputFilter     CLAMAV
                </Proxy>
 
                # define the location for status information
                <Location /clamav>
                        SetHandler      clamav
                        allow from all
                </Location>
 
                # bypass scanning of jpeg images
                ClamavSafetypes image/jpg
 
                # safe patterns is much better than ClamavSavetypes
                Include conf/safepatterns.conf
 
                # we have a customized message in case we find a virus
                ClamavMessage "\
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\
<html>\
<head>\
<title>%i found virus</title>\
</head>\
<body text=\"#000000\" bgcolor=\"#ffffff\">\
<basefont size=\"4\">\
<h1><center>%i found virus</center></h1>\
<p>The virus <b>%v</b> was found while uploading <i>%u</i>.\
The transfer has been aborted.</p>\
</basefont>\
</body>\
</html>\
"
 
        </IfModule>
...

Neustart Apache HTTP Server

Ein erneuter oder erster Start des Apache HTTP Server mit folgenden Befehl für eine erstmaligen Start

# service httpd start
oder einen erneuten Start des Apache HTTP Server mit folgendem Befehl
# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
macht die oben beschriebenen Konfigurationen für den Apache HTTP Server wirksam.

:!: FIXME :!:

Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
tachtler/apache_http_server_centos_6_-_mod_clamav_-_virenscanner_einbindung.txt · Zuletzt geändert: 2014/11/30 08:31 von klaus