[GCP] VM Mount Filestore And Scan Antivirus
Situation
Customer Need Transfer File To Cloud And Want Scan Antivirus
Component
-
GCP VM
-
ubuntu 18.04
-
-
GCP Filestore
-
1TB HDD
-
How To
Install ClamAV In VM
apt update && apt install clamav clamav-daemon
Verify
root@srv:~# clamscan --version
ClamAV 0.103.5/26511/Wed Apr 13 08:22:45 2022
Update Clamav Signture Database
# Stop ClamAV Service
root@srv:~# systemctl stop clamav-freshclam
# Update Signture Database
root@srv:~# freshclam
Thu Apr 14 06:24:49 2022 -> ClamAV update process started at Thu Apr 14 06:24:49 2022
Thu Apr 14 06:24:49 2022 -> daily.cvd database is up-to-date (version: 26511, sigs: 1978347, f-level: 90, builder: raynman)
Thu Apr 14 06:24:49 2022 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Apr 14 06:24:49 2022 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
# Start ClamAV Service
Mount Filestore
# Install nfs mount command
apt install nfs-common
# Mount Filestore endpoint
root@srv:~# mkdir /demo
root@srv:~# mount 10.106.24.130:/demo /demo
# Verify
root@srv:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 1.9G 0 1.9G 0% /dev
tmpfs 393M 916K 392M 1% /run
/dev/sda1 20G 2.2G 18G 12% /
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda15 105M 4.4M 100M 5% /boot/efi
/dev/loop0 44M 44M 0 100% /snap/snapd/15177
/dev/loop1 56M 56M 0 100% /snap/core18/2344
/dev/loop2 292M 292M 0 100% /snap/google-cloud-sdk/232
tmpfs 393M 0 393M 0% /run/user/1001
10.106.24.130:/demo 1007G 0 956G 0% /demo
root@srv:~#
Scan Folder
root@srv:/demo# clamscan --infected --remove --recursive /demo
----------- SCAN SUMMARY -----------
Known viruses: 8610412
Engine version: 0.103.5
Scanned directories: 2
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 30.167 sec (0 m 30 s)
Start Date: 2022:04:14 07:21:16
End Date: 2022:04:14 07:21:46
Options : Monitor Folder If Folder Changes
# Install inotify-tools
root@srv:/demo# apt install inotify-tools -y
# Use inotifywait Commnad
root@srv:/demo# inotifywait -m -r /demo &
[1] 7094
root@srv:/demo# Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
root@srv:/demo#
root@srv:/demo#
root@srv:/demo# ls
123 lost+found
/demo/ OPEN,ISDIR
/demo/ ACCESS,ISDIR
/demo/ CLOSE_NOWRITE,CLOSE,ISDIR
root@srv:/demo# touch hello-world
/demo/ CREATE hello-world
/demo/ OPEN hello-world
/demo/ ATTRIB hello-world
/demo/ CLOSE_WRITE,CLOSE hello-world
root@srv:/demo#
root@srv:/demo# ls
/demo/ OPEN,ISDIR
/demo/ ACCESS,ISDIR
/demo/ ACCESS,ISDIR
/demo/ CLOSE_NOWRITE,CLOSE,ISDIR
123 hello-world lost+found