インフラエンジニアbacchiのわかったことまとめ

bacchi.me

Linux Security

Linux向けの高機能アンチウイルスソフト『Sophos Anti-Virus for Linux』の無料版が出たので試した

更新日:

今までLinuxのフリーなアンチウイルスソフトといえばClamAVが定番でした。

2015年5月18日から『Sophos Anti-Virus for Linux』に無償版が提供され、選択肢が広がりました(ただし個人利用に限る)。

sophos_logo

インストール作業をメモったので晒します。

パッケージのDLとインストール

https://secure2.sophos.com/ja-jp/products/free-tools/sophos-antivirus-for-linux/download.aspx

でライセンスの同意やらを済ませてパッケージをダウンロードする。

Sophosをインストールするマシンと操作端末が異なる場合は、scpなりを使ってパッケージを転送する。

[root@kotori src]# pwd
/usr/local/src
[root@kotori src]# tar xvzf sav-linux-free-9.tgz
sophos-av/
sophos-av/sav.tar
sophos-av/talpa.tar
sophos-av/uncdownload.tar
sophos-av/install.sh
[root@kotori src]# ./sophos-av/install.sh



Sophos Anti-Virus
=================
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

Welcome to the Sophos Anti-Virus installer. Sophos Anti-Virus contains an on-access scanner, an on-demand command-line scanner, the Sophos Anti-Virus daemon, and the Sophos Anti-Virus GUI.

On-access scanner         Scans files as they are accessed, and grants access
                          to only those that are threat-free.
On-demand scanner         Scans the computer, or parts of the computer,
                          immediately.
Sophos Anti-Virus daemon  Background process that provides control, logging,
                          and email alerting for Sophos Anti-Virus.
Sophos Anti-Virus GUI     User interface accessed through a web browser.


Press  to display Licence. Then press  to scroll forward.
*********************************
NOTICE
This Sophos software contains software licensed by Sophos as well as software licensed by other parties. Some software license terms may grant You rights with respect to such software (including
distribution rights) which are in addition to those rights granted to You by Sophos with respect to this Sophos product in the Sophos End User License Agreement. Please review the Copyright section of
product documentation for further details regarding Your rights to any such software which has been provided to You and to view the respective copyright notices.
*********************************

省略


Do you accept the licence? Yes(Y)/No(N) [N]
> Y

Where do you want to install Sophos Anti-Virus? [/opt/sophos-av]
> /opt/sophos-av

Do you want to enable on-access scanning? Yes(Y)/No(N) [Y]
> Y

Sophos recommends that you configure Sophos Anti-Virus to auto-update.

It can update either from Sophos directly (requiring username/password details) or from your own server (directory or website (possibly requiring username/password)).

Which type of auto-updating do you want? From Sophos(s)/From own server(o)/None(n) [s]
> s

Updating directly from Sophos.
Do you wish to install the Free (f) or Supported (s) version of SAV for Linux? [s]
> f

The Free version of Sophos Anti-Virus for Linux comes with no support.
Forums are available for our free tools at http://openforum.sophos.com/
Do you need a proxy to access Sophos updates? Yes(Y)/No(N) [N]
> N

Fetching free update credentials.
Installing Sophos Anti-Virus....
Selecting appropriate kernel support...
When Sophos Anti-Virus starts, it updates itself to try to find a Sophos kernel interface module update. This might cause a significant delay.
Sophos Anti-Virus starts after installation.
Starting Sophos Anti-Virus daemon:                         [  OK  ]

Installation completed.
Your computer is now protected by Sophos Anti-Virus.

NOTE: You are running Sophos Anti-Virus on a kernel for which Sophos does not provide binary kernel modules. Therefore the kernel modules have been locally compiled. Please see KBA14377 for supported
platforms and kernels.

インストール後の確認

起動確認

きちんとプロセスが立ち上がっているか確認します。

[root@kotori src]# /etc/init.d/sav-protect status
Sophos Anti-Virus daemon is active

動作確認

ダミーのウイルスファイルをダウンロードしてみます。

[root@kotori ~]# wget http://files.trendmicro.com/products/eicar-file/eicar.com
--2015-07-23 21:44:25--  http://files.trendmicro.com/products/eicar-file/eicar.com
Resolving files.trendmicro.com... 104.75.169.18, 104.75.169.26
Connecting to files.trendmicro.com|104.75.169.18|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [text/plain]
Saving to: “eicar.com”

100%[==================================================================================================================================================================>] 68          --.-K/s   in 0s

2015-07-23 21:44:25 (6.03 MB/s) - “eicar.com” saved [68/68]

[root@kotori ~]#
********************** Sophos Anti-Virus Alert ***********************
Threat "EICAR-AV-Test" detected in file
"/root/eicar.com".

The file is still infected

**********************************************************************

ソッコー検知しましたね。

次にファイルを開いてみます。

[root@kotori ~]# cat eicar.com
cat: eicar.com: Operation not permitted
[root@kotori ~]#
********************** Sophos Anti-Virus Alert ***********************
Threat "EICAR-AV-Test" detected in file
"/root/eicar.com".

Access to the file has been denied

**********************************************************************

sophosがきちんとブロックしてくれました。

しっかり駆除してくれてるみたいっすね。

自動起動設定

サーバー起動時にSophosのdaemonが自動起動するように設定します。

デフォルトで有効になっているだろうけど、念のため・・

[root@kotori ~]# /opt/sophos-av/bin/savdctl enableOnBoot savd
Starting Sophos Anti-Virus daemon:                         [  OK  ]
[root@kotori ~]# /opt/sophos-av/bin/savdctl enableOnBoot sav-protect
Starting Sophos Anti-Virus daemon:                         [  OK  ]

自動スキャンの設定

デフォルトでは、Sophosはスケジュールスキャンを行う設定になっていません。

cronでスキャンを走らせるように設定を追加します。

# crontab -u root -e
---
55 2 * * * /opt/sophos-av/bin/savscan /

GUIの設定

残念ながら、9.10からGUIの環境はないそうなので、パス。

マニュアル

下記からSophos公式のマニュアルが見れます。

https://www.sophos.com/ja-jp/medialibrary/PDFs/documentation/savl_9_cgeng.pdf?la=ja-JP

Sponsor Link

スポンサーリンク

Sponsor Link

スポンサーリンク

-Linux, Security

Copyright© bacchi.me , 2020 AllRights Reserved.