Anti-Virus

用於惡意軟體、間諜軟體、病毒的伺服器端 url 掃描程序並保護我的訪問者

  • March 7, 2013

我有一個論壇/群組站點,其中包含許多外部 URL,有時是直接下載連結。我想保護我的訪問者免受來自惡意軟體網站的可能攻擊,因為他們不太可能點擊這些連結。目前我實現了 DBL (spamhaus),但這還不夠。我想先執行一個後台任務來檢查傳對外連結接。我在 StackOverflow (錯誤地發佈在那裡)和這裡查看了類似的問題,但沒有找到與我相同的問題或一個好的答案。

人們建議使用 ClamAV,我不相信它可以檢測 Web 託管的惡意軟體站點,並且它有很多漏檢。我查看了Google安全瀏覽服務( http://code.google.com/apis/safebrowsing/developers_guide_v2.html 實現或維護非常複雜,而且中途我迷路了:S)

我可以尋求商業解決方案,以保護訪問者和我的網站品牌。但我想听聽伺服器管理員的意見,以及是否有人實施了這樣的服務。

我的伺服器是基本的 CentOS LAMP 堆棧。

非常感謝你。

我在 crontab 腳本中使用 3 或 4 個外部站點檢查服務。這是用我的 lang (tcsh) 編寫的,但很容易轉換為 bash/sh

我每天執行一次。

可能一個困難的部分可能是組裝您連結到的外部站點的列表。

#!/bin/tcsh -f 
# simplistic after the fact check/test of our sites,being possible malware related.
#Mon Sep 20 18:52:15 GMT 2010,dianevm at gmail.com
# happened once when some bogus advert networks were used for 48 hours :-(
setenv TZ CST6CDT

set LINKS="links -no-references -no-numbering -dump-width 120 -dump "
set TMPF=/tmp/.malware.dmp.$$
#alias DBG 'echo -n DEBUG:; set PAUSE=$<'
alias DBG 'echo -n " "'
set NOW=`date +%T`

alias OKOUT 'set NOW=`date +%T`;printf %-8s \!*;echo " $NOW"'


set SITES2CHECK="toplevel.com external2.com varioussite3.com etc.com"

foreach i ( $SITES2CHECK )

echo ___  $i ___  


printf %-20s GOOGLE 
$LINKS "http://www.google.com/safebrowsing/diagnostic?site=$i" >! $TMPF

set GOOGLEOK=`grep 'This site is not currently listed as suspicious' $TMPF |wc -l` 
if  ( "$GOOGLEOK" == "1" )then 
   OKOUT ok
else
  tcsh ~/malwarefail $i GOOGLE $TMPF
endif

printf %-20s SiteAdvisor  
$LINKS http://www.siteadvisor.com/sites/$i >! $TMPF
set SITEADVOK=`grep 'tested this site and didn.t find any significant problems.' $TMPF|wc -l` 
set SITEADVUNKNOWN=`grep 'we haven.t tested this one yet.' $TMPF|wc -l` 
if ($SITEADVOK == "1" || "$SITEADVUNKNOWN" == "1") then
   OKOUT  ok  
else
  tcsh ~/malwarefail $i SITEADV $TMPF
endif

printf %-20s  Norton 
$LINKS "http://safeweb.norton.com/report/show?url=$i"  >! $TMPF
set NORTONOK=`grep 'Norton Safe Web found no issues with this site' $TMPF|wc -l` 
set NORTONUNKNOWN=`grep ' This site has not been tested yet' $TMPF|wc -l` 
if ($NORTONOK == "1" ||$NORTONUNKNOWN  == "1" ) then
   OKOUT  ok  
else 
   tcsh ~/malwarefail $i NORTON $TMPF
endif
printf %-20s  BRWSDEFNDR 
$LINKS "http://www.browserdefender.com/site/$i/">! $TMPF
set BRWSDEFNDROK=`grep 'Our testing of this site found no dangerous downloads' $TMPF|wc -l` 
set BRWSDEFNDRUNKNOWN=`grep 'Not yet rated' $TMPF|head -1|wc -l` 
#note head added,2  instances 
if ($BRWSDEFNDROK == "1" ||$BRWSDEFNDRUNKNOWN  == "1" ) then
   OKOUT  ok  
else 
   tcsh ~/malwarefail $i BRWSDEFNDR $TMPF
endif
end
~
## note malwarefail just emails people the output of the dump files

引用自:https://serverfault.com/questions/249449