This shows you the differences between two versions of the page.
— |
antivirus [2011/10/13 23:55] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Using grml 2009.10 to scan for viruses ====== | ||
+ | This is a list of antivirus software that has been tested to work or not work on GRML 2009.10 (Hello-Wien). Fortunately, all software I tested worked on GRML 2009.10 (which was quite different when I did this test a year ago). But of course that was not GRML's fault. | ||
+ | |||
+ | ===== ClamAV ===== | ||
+ | |||
+ | Clamav has the advantage it is included in grml. Unfortunately, as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though. | ||
+ | |||
+ | * Update command: ''freshclam'' | ||
+ | * scan command: ''clamscan /mnt/somewhere'' | ||
+ | |||
+ | ===== Avira ===== | ||
+ | |||
+ | Avira is free for non-commercial use and a free 30-day trial is available for commercial use. | ||
+ | |||
+ | * Personal: http://www.free-av.de/en/download/download_servers.php | ||
+ | * Direct download: http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-pers.tar.gz | ||
+ | * Professional: http://www.avira.com/de/downloads/avira_antivir_professional.html | ||
+ | |||
+ | To install: | ||
+ | |||
+ | tar xfvz antivir_*.tar.gz | ||
+ | cd antivir-* | ||
+ | ./install | ||
+ | |||
+ | When prompted (except for the license) just accept the default. Dazuko will not work because grml's kernel does not support it, but you can continue anyway. You **have** to say ''Y'' (which is default) for installing dazukofs, though (even if you don't have the kernel module), since otherwise even the on-demand scanner will not start. | ||
+ | |||
+ | * Before updating/scanning, start the avguard daemon: ''avguard start'' | ||
+ | * Update command: ''avupdate --product=Guard'' | ||
+ | * Scan command: ''avscan /mnt/somewhere'' | ||
+ | |||
+ | ===== F-Prot ===== | ||
+ | |||
+ | F-Prot Antivirus for Workstations is available free for non-commercial use as well and as trial for commercial use. | ||
+ | |||
+ | Website: http://www.f-prot.com/download/home_user/download_fplinux.html | ||
+ | Direct link: http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz | ||
+ | |||
+ | To install: | ||
+ | tar xfvz fp-Linux-i686-ws.tar.gz | ||
+ | cd f-prot | ||
+ | ./install-f-prot.pl | ||
+ | |||
+ | (just accept the defaults, it will update signatures automatically when installation is finished) | ||
+ | |||
+ | * Scan command: ''fpscan /mnt/somewhere'' | ||
+ | |||
+ | |||
+ | |||
+ | ===== Bitdefender ===== | ||
+ | Bitdefender provides a Debian package (that works on GRML): | ||
+ | |||
+ | http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-scanner/bitdefender-scanner_7.6-3_i386.deb | ||
+ | |||
+ | |||
+ | ===== AVG ===== | ||
+ | |||
+ | AVG provides a Debian package (that works on GRML) as well: | ||
+ | http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Avast! ===== | ||
+ | |||
+ | (tested successfully on grml-small 2011.05) | ||
+ | |||
+ | Avast4workstation can be downloaded from this page: | ||
+ | http://www.avast.com/linux-home-edition | ||
+ | |||
+ | You need to do a free registration with Avast! and receive a license key | ||
+ | by email, as instructed in their download page. Do not forget to save that | ||
+ | key to a place accessible from GRML. | ||
+ | |||
+ | To install and perform initial set-up of avast4workstation on GRML, run: | ||
+ | |||
+ | cd /usr | ||
+ | tar -xzf avast4workstation-1.3.0.tar.gz --strip=1 | ||
+ | avast -V | ||
+ | |||
+ | Avast! will then ask for the license key, and save that information. | ||
+ | |||
+ | You **must** then update the virus definition file, because the one | ||
+ | shipped in the installer is inevitably outdated. Just run: | ||
+ | |||
+ | avast-update | ||
+ | |||
+ | This command is actually a pretty straightforward shell script. If | ||
+ | the machine you want to scan does not have network access, you can | ||
+ | also download the virus signatures manually from another machine: | ||
+ | |||
+ | wget http://files.avast.com/files/latest/400.vps | ||
+ | wget http://files.avast.com/files/latest/400vps.md5 | ||
+ | fromdos 400vps.md5 | ||
+ | md5sum --check 400vps.md5 | ||
+ | mv 400.vps ~/.avast | ||
+ | |||
+ | Recent virus signature files have become too big for the "maximum | ||
+ | size of a shared memory segment" in Linux, which is 32 MiB by default. | ||
+ | So before you run avast! with its latest 400.vps file, you **must** | ||
+ | run the following command, which increases the maximum to 64 MiB: | ||
+ | |||
+ | echo 67108864 > /proc/sys/kernel/shmmax | ||
+ | |||
+ | After that, you are finally ready to run Avast! as much as you want. :-) | ||
+ | |||
+ | Basic usage (scan current directory): | ||
+ | |||
+ | avast | ||
+ | |||
+ | Paranoïd usage (if you are using GRML to check a suspicious computer, | ||
+ | you might as well use that): | ||
+ | |||
+ | avast -a -c -r ~/report-foobar.txt -t A /mnt/foobar | ||
+ | |||
+ | Of course, replace ''foobar'' with appropriate values. And don't forget to | ||
+ | save the report file to persistent storage before turning off the computer. | ||
+ | |||
+ | ===== Panda ===== | ||
+ | |||
+ | Panda provide download for trial versions for their Linux products only | ||
+ | by e-mail. So, if you really want to try it, fill in their web form | ||
+ | and receive link and license file by e-mail. | ||
+ | |||
+ | Panda for some reason did not send me a download link at all. Perhaps you | ||
+ | have more luck? ;-) |