====== Using grml 2009.10 to scan for viruses ====== This is a list of antivirus software that has been tested to work or not work on GRML 2009.10 (Hello-Wien). Fortunately, all software I tested worked on GRML 2009.10 (which was quite different when I did this test a year ago). But of course that was not GRML's fault. ===== ClamAV ===== Clamav has the advantage it is included in grml. Unfortunately, as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though. * Update command: ''freshclam'' * scan command: ''clamscan /mnt/somewhere'' ===== Avira ===== Avira is free for non-commercial use and a free 30-day trial is available for commercial use. * Personal: http://www.free-av.de/en/download/download_servers.php * Direct download: http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-pers.tar.gz * Professional: http://www.avira.com/de/downloads/avira_antivir_professional.html To install: tar xfvz antivir_*.tar.gz cd antivir-* ./install When prompted (except for the license) just accept the default. Dazuko will not work because grml's kernel does not support it, but you can continue anyway. You **have** to say ''Y'' (which is default) for installing dazukofs, though (even if you don't have the kernel module), since otherwise even the on-demand scanner will not start. * Before updating/scanning, start the avguard daemon: ''avguard start'' * Update command: ''avupdate --product=Guard'' * Scan command: ''avscan /mnt/somewhere'' ===== F-Prot ===== F-Prot Antivirus for Workstations is available free for non-commercial use as well and as trial for commercial use. Website: http://www.f-prot.com/download/home_user/download_fplinux.html Direct link: http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz To install: tar xfvz fp-Linux-i686-ws.tar.gz cd f-prot ./install-f-prot.pl (just accept the defaults, it will update signatures automatically when installation is finished) * Scan command: ''fpscan /mnt/somewhere'' ===== Bitdefender ===== Bitdefender provides a Debian package (that works on GRML): http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-scanner/bitdefender-scanner_7.6-3_i386.deb ===== AVG ===== AVG provides a Debian package (that works on GRML) as well: http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb ===== Avast! ===== (tested successfully on grml-small 2011.05) Avast4workstation can be downloaded from this page: http://www.avast.com/linux-home-edition You need to do a free registration with Avast! and receive a license key by email, as instructed in their download page. Do not forget to save that key to a place accessible from GRML. To install and perform initial set-up of avast4workstation on GRML, run: cd /usr tar -xzf avast4workstation-1.3.0.tar.gz --strip=1 avast -V Avast! will then ask for the license key, and save that information. You **must** then update the virus definition file, because the one shipped in the installer is inevitably outdated. Just run: avast-update This command is actually a pretty straightforward shell script. If the machine you want to scan does not have network access, you can also download the virus signatures manually from another machine: wget http://files.avast.com/files/latest/400.vps wget http://files.avast.com/files/latest/400vps.md5 fromdos 400vps.md5 md5sum --check 400vps.md5 mv 400.vps ~/.avast Recent virus signature files have become too big for the "maximum size of a shared memory segment" in Linux, which is 32 MiB by default. So before you run avast! with its latest 400.vps file, you **must** run the following command, which increases the maximum to 64 MiB: echo 67108864 > /proc/sys/kernel/shmmax After that, you are finally ready to run Avast! as much as you want. :-) Basic usage (scan current directory): avast Paranoïd usage (if you are using GRML to check a suspicious computer, you might as well use that): avast -a -c -r ~/report-foobar.txt -t A /mnt/foobar Of course, replace ''foobar'' with appropriate values. And don't forget to save the report file to persistent storage before turning off the computer. ===== Panda ===== Panda provide download for trial versions for their Linux products only by e-mail. So, if you really want to try it, fill in their web form and receive link and license file by e-mail. Panda for some reason did not send me a download link at all. Perhaps you have more luck? ;-)