Google

在 ClamAV 中啟用 Google 安全瀏覽

  • June 21, 2017

我正在嘗試使用 ClamAV 在我的郵件伺服器上啟用 Google 安全瀏覽反網路釣魚/惡意軟體過濾。我在freshclam.conf 中啟用了它,並且在我的datadir 中獲得了一個全新的safebrowsing.cld 文件。但是當我通過 clamscan 或 clamdscan 執行掃描時,它不會檢測到壞連結。我使用 http://**malware.testing ** .google.test ** /testing/malware/ 進行了測試,這是 Google 提供的一個範例惡意軟體 URL,它讓我的 Firefox 尖叫得要死,我還測試了其他一些壞的網址也是。

SafeBrowsing 支持是否仍然可用並在目前的 ClamAV 引擎中工作?我必須在我的 conf 文件中啟用一些特殊的東西嗎?

謝謝你的幫助 !

以下是有關我的測試案例的一些調試資訊:

main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cld is up to date (version: 12620, sigs: 35178, f-level: 58, builder: ccordes)
safebrowsing.cld is up to date (version: 27036, sigs: 544427, f-level: 58, builder: google)
bytecode.cld is up to date (version: 123, sigs: 29, f-level: 58, builder: edwin)

root@b /var/lib/clamav # ls -al
total 94920
drwxr-xr-x  2 clamav clamav     4096 2011-02-03 10:34 .
drwxr-xr-x 39 root   root       4096 2010-11-30 01:22 ..
-rw-r--r--  1 clamav clamav   437248 2011-01-23 15:25 bytecode.cld
-rw-r--r--  1 clamav clamav  2311680 2011-02-03 07:25 daily.cld
-rw-r--r--  1 clamav clamav 65422336 2010-11-14 18:40 main.cld
-rw-------  1 clamav clamav      988 2011-02-03 10:34 mirrors.dat
-rw-r--r--  1 clamav clamav 28894720 2011-02-03 09:59 safebrowsing.cld

root@b /var/lib/clamav # clamscan /tmp/malware-test.eml
/tmp/malware-test.eml: OK

----------- SCAN SUMMARY -----------
Known viruses: 1424589
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.739 sec (0 m 2 s)

#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
StreamMaxLength 10M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true

我聯繫了 ClamAV 團隊,這是他們程式碼中的錯誤。

https://bugzilla.clamav.net/show_bug.cgi?id=2514

引用自:https://serverfault.com/questions/230560