Cara update ClamAV

Karena masalah malware kemarin akhirnya saya mencoba antivirus di Linux, yang paling populer tampaknya adalah ClamAV. Kalau masalah instalasinya sih mudah, yakin saya anda tidak mengalami masalah di CentOS, Debian, Ubuntu atau distro – distro Linux lainnya. Yang bikin saya penasaran di Windows rutin ada update database definisi malwarenya, buat deteksi ancaman bahaya baru. Ini ClamAV sudah jalan dan karena kita menggunakannya dalam server jadi tidak tahu statusnya. Haha. 😀

Jadi setelah baca – baca dokumentasinya ternyata setiap kali ClamAV direstart akan otomatis update juga:

/etc/init.d/clamav-freshclam restart

Atau bisa secara manual:

freshclam

Perintah alternatifnya:

clamav-freshclam

Bisa juga secara manual, tinggal download definisinya:

Pilih salah satu saja, download dan letakkan dalam direktori /var/lib/clamav menggantikan file yang lama.

Bagaimana kalau ingin otomatis update per waktu tertentu? Ada 2 caranya, pertama pakai cron:

crontab -e

Dan tambahkan:

30 01 * * * freshclam

Akan dijadwalkan per hari nantinya.

Atau lewat konfigurasi ClamAV (/etc/clamav/freshclam.conf):

Checks 24
##Notify clamd to reload it self
NotifyClamd /etc/clamav/clamd.conf

Dan saya baru tahu setelah membaca setting ClamAV ternyata defaultnya cek update sejam sekali… ngapain saya bahas update manualnya. Haha. 😀 Yah… belajar hal baru lah.

Semoga bermanfaat. 🙂

2 pemikiran pada “Cara update ClamAV

  1. Mas mau tanya,, waktu saya jalankan perintah berikut:

    tcpdump -nn -i eth0 "tcp[tcpflags] & (tcp-syn) != 0" | grep ".80:"

    keluar log seperti ini,, terus menerus tanpa henti.. iini kenapa ya?

    11:45:37.932223 IP 45.77.47.189.45490 > 50.205.193.20.80: Flags [S], seq 4196968735, win 29200, options [mss 1460,sackOK,TS val 56506065 ecr 0,nop,wscale 7], length 0
    11:45:37.942437 IP 45.77.47.189.43732 > 103.51.140.88.80: Flags [S], seq 121782248, win 29200, options [mss 1460,sackOK,TS val 56506076 ecr 0,nop,wscale 7], length 0
    11:45:37.949955 IP 45.77.47.189.58182 > 118.67.248.167.80: Flags [S], seq 1898672086, win 29200, options [mss 1460,sackOK,TS val 56506083 ecr 0,nop,wscale 7], length 0
    11:45:37.966732 IP 45.77.47.189.59618 > 40.68.164.44.80: Flags [S], seq 3693354226, win 29200, options [mss 1460,sackOK,TS val 56506100 ecr 0,nop,wscale 7], length 0
    11:45:37.973001 IP 45.77.47.189.37914 > 217.160.0.3.80: Flags [S], seq 2250720979, win 29200, options [mss 1460,sackOK,TS val 56506106 ecr 0,nop,wscale 7], length 0
    11:45:37.976185 IP 45.77.47.189.40584 > 151.80.101.183.80: Flags [S], seq 607492619, win 29200, options [mss 1460,sackOK,TS val 56506109 ecr 0,nop,wscale 7], length 0
    11:45:37.997250 IP 45.77.47.189.48128 > 85.95.237.78.80: Flags [S], seq 2646244610, win 29200, options [mss 1460,sackOK,TS val 56506131 ecr 0,nop,wscale 7], length 0
    11:45:38.025673 IP 45.77.47.189.36652 > 77.92.75.5.80: Flags [S], seq 2194327545, win 29200, options [mss 1460,sackOK,TS val 56506159 ecr 0,nop,wscale 7], length 0
    11:45:38.028221 IP 45.77.47.189.48696 > 93.90.147.101.80: Flags [S], seq 2159889222, win 29200, options [mss 1460,sackOK,TS val 56506161 ecr 0,nop,wscale 7], length 0
    11:45:38.036377 IP 45.77.47.189.55802 > 192.74.131.47.80: Flags [S], seq 264550557, win 29200, options [mss 1460,sackOK,TS val 56506170 ecr 0,nop,wscale 7], length 0
    11:45:38.042533 IP 45.77.47.189.51164 > 206.222.17.195.80: Flags [S], seq 2236960066, win 29200, options [mss 1460,sackOK,TS val 56506176 ecr 0,nop,wscale 7], length 0
    11:45:38.049552 IP 45.77.47.189.52732 > 74.208.236.144.80: Flags [S], seq 2463472187, win 29200, options [mss 1460,sackOK,TS val 56506183 ecr 0,nop,wscale 7], length 0
    11:45:38.073122 IP 45.77.47.189.54394 > 212.227.247.127.80: Flags [S], seq 1203610141, win 29200, options [mss 1460,sackOK,TS val 56506206 ecr 0,nop,wscale 7], length 0
    11:45:38.113102 IP 45.77.47.189.40108 > 208.113.210.0.80: Flags [S], seq 1850771153, win 29200, options [mss 1460,sackOK,TS val 56506246 ecr 0,nop,wscale 7], length 0
    11:45:38.115321 IP 45.77.47.189.32976 > 80.237.132.26.80: Flags [S], seq 7080783, win 29200, options [mss 1460,sackOK,TS val 56506249 ecr 0,nop,wscale 7], length 0
    11:45:38.118816 IP 45.77.47.189.32990 > 46.30.213.168.80: Flags [S], seq 3791806176, win 29200, options [mss 1460,sackOK,TS val 56506252 ecr 0,nop,wscale 7], length 0
    11:45:38.122267 IP 45.77.47.189.60716 > 149.202.214.15.80: Flags [S], seq 3041449755, win 29200, options [mss 1460,sackOK,TS val 56506256 ecr 0,nop,wscale 7], length 0
    11:45:38.124236 IP 45.77.47.189.57774 > 46.252.149.102.80: Flags [S], seq 3730274056, win 29200, options [mss 1460,sackOK,TS val 56506258 ecr 0,nop,wscale 7], length 0
    11:45:38.129631 IP 45.77.47.189.37930 > 162.210.102.230.80: Flags [S], seq 3942706502, win 29200, options [mss 1460,sackOK,TS val 56506263 ecr 0,nop,wscale 7], length 0
    11:45:38.134254 IP 45.77.47.189.43878 > 5.157.84.5.80: Flags [S], seq 453118149, win 29200, options [mss 1460,sackOK,TS val 56506268 ecr 0,nop,wscale 7], length 0
    11:45:38.156837 IP 45.77.47.189.43704 > 46.30.213.55.80: Flags [S], seq 689110118, win 29200, options [mss 1460,sackOK,TS val 56506290 ecr 0,nop,wscale 7], length 0
    11:45:38.162476 IP 45.77.47.189.44986 > 23.235.199.229.80: Flags [S], seq 3786309761, win 29200, options [mss 1460,sackOK,TS val 56506296 ecr 0,nop,wscale 7], length 0
    11:45:38.175412 IP 45.77.47.189.49904 > 157.7.107.122.80: Flags [S], seq 3389565580, win 29200, options [mss 1460,sackOK,TS val 56506309 ecr 0,nop,wscale 7], length 0
    11:45:38.177883 IP 45.77.47.189.44096 > 208.71.9.92.80: Flags [S], seq 270393839, win 29200, options [mss 1460,sackOK,TS val 56506311 ecr 0,nop,wscale 7], length 0
    11:45:38.186372 IP 45.77.47.189.55406 > 173.236.167.44.80: Flags [S], seq 926989323, win 29200, options [mss 1460,sackOK,TS val 56506320 ecr 0,nop,wscale 7], length 0
    11:45:38.188775 IP 45.77.47.189.47804 > 87.238.192.51.80: Flags [S], seq 4217604832, win 29200, options [mss 1460,sackOK,TS val 56506322 ecr 0,nop,wscale 7], length 0
    11:45:38.193478 IP 45.77.47.189.51530 > 173.236.233.251.80: Flags [S], seq 1080003732, win 29200, options [mss 1460,sackOK,TS val 56506327 ecr 0,nop,wscale 7], length 0
    11:45:38.199597 IP 45.77.47.189.60558 > 192.254.142.171.80: Flags [S], seq 2272554655, win 29200, options [mss 1460,sackOK,TS val 56506333 ecr 0,nop,wscale 7], length 0
    11:45:38.211258 IP 45.77.47.189.57416 > 196.22.132.14.80: Flags [S], seq 1522762834, win 29200, options [mss 1460,sackOK,TS val 56506344 ecr 0,nop,wscale 7], length 0
    11:45:38.226250 IP 45.77.47.189.49826 > 120.138.19.26.80: Flags [S], seq 329224292, win 29200, options [mss 1460,sackOK,TS val 56506360 ecr 0,nop,wscale 7], length 0
    11:45:38.234425 IP 45.77.47.189.56104 > 118.127.46.78.80: Flags [S], seq 4177143340, win 29200, options [mss 1460,sackOK,TS val 56506368 ecr 0,nop,wscale 7], length 0
    11:45:38.243709 IP 45.77.47.189.45648 > 64.37.54.60.80: Flags [S], seq 905172796, win 29200, options [mss 1460,sackOK,TS val 56506377 ecr 0,nop,wscale 7], length 0
    • Ini ada hubungannya dengan ClamAV mas?

      Tapi dari perintahnya ya memang wajar keluar terus, kan menampilkan koneksi TCP pada HTTP dengan parameter/kriteria flag yang diinginkan.

Tinggalkan komentar