Differences
This shows you the differences between two versions of the page.
| — |
antivirus [2011/10/13 23:55] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Using grml 2009.10 to scan for viruses ====== | ||
| + | This is a list of antivirus software that has been tested to work or not work on GRML 2009.10 (Hello-Wien). Fortunately, all software I tested worked on GRML 2009.10 (which was quite different when I did this test a year ago). But of course that was not GRML's fault. | ||
| + | |||
| + | ===== ClamAV ===== | ||
| + | |||
| + | Clamav has the advantage it is included in grml. Unfortunately, as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though. | ||
| + | |||
| + | * Update command: ''freshclam'' | ||
| + | * scan command: ''clamscan /mnt/somewhere'' | ||
| + | |||
| + | ===== Avira ===== | ||
| + | |||
| + | Avira is free for non-commercial use and a free 30-day trial is available for commercial use. | ||
| + | |||
| + | * Personal: http://www.free-av.de/en/download/download_servers.php | ||
| + | * Direct download: http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-pers.tar.gz | ||
| + | * Professional: http://www.avira.com/de/downloads/avira_antivir_professional.html | ||
| + | |||
| + | To install: | ||
| + | |||
| + | tar xfvz antivir_*.tar.gz | ||
| + | cd antivir-* | ||
| + | ./install | ||
| + | |||
| + | When prompted (except for the license) just accept the default. Dazuko will not work because grml's kernel does not support it, but you can continue anyway. You **have** to say ''Y'' (which is default) for installing dazukofs, though (even if you don't have the kernel module), since otherwise even the on-demand scanner will not start. | ||
| + | |||
| + | * Before updating/scanning, start the avguard daemon: ''avguard start'' | ||
| + | * Update command: ''avupdate --product=Guard'' | ||
| + | * Scan command: ''avscan /mnt/somewhere'' | ||
| + | |||
| + | ===== F-Prot ===== | ||
| + | |||
| + | F-Prot Antivirus for Workstations is available free for non-commercial use as well and as trial for commercial use. | ||
| + | |||
| + | Website: http://www.f-prot.com/download/home_user/download_fplinux.html | ||
| + | Direct link: http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz | ||
| + | |||
| + | To install: | ||
| + | tar xfvz fp-Linux-i686-ws.tar.gz | ||
| + | cd f-prot | ||
| + | ./install-f-prot.pl | ||
| + | |||
| + | (just accept the defaults, it will update signatures automatically when installation is finished) | ||
| + | |||
| + | * Scan command: ''fpscan /mnt/somewhere'' | ||
| + | |||
| + | |||
| + | |||
| + | ===== Bitdefender ===== | ||
| + | Bitdefender provides a Debian package (that works on GRML): | ||
| + | |||
| + | http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-scanner/bitdefender-scanner_7.6-3_i386.deb | ||
| + | |||
| + | |||
| + | ===== AVG ===== | ||
| + | |||
| + | AVG provides a Debian package (that works on GRML) as well: | ||
| + | http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ===== Avast! ===== | ||
| + | |||
| + | (tested successfully on grml-small 2011.05) | ||
| + | |||
| + | Avast4workstation can be downloaded from this page: | ||
| + | http://www.avast.com/linux-home-edition | ||
| + | |||
| + | You need to do a free registration with Avast! and receive a license key | ||
| + | by email, as instructed in their download page. Do not forget to save that | ||
| + | key to a place accessible from GRML. | ||
| + | |||
| + | To install and perform initial set-up of avast4workstation on GRML, run: | ||
| + | |||
| + | cd /usr | ||
| + | tar -xzf avast4workstation-1.3.0.tar.gz --strip=1 | ||
| + | avast -V | ||
| + | |||
| + | Avast! will then ask for the license key, and save that information. | ||
| + | |||
| + | You **must** then update the virus definition file, because the one | ||
| + | shipped in the installer is inevitably outdated. Just run: | ||
| + | |||
| + | avast-update | ||
| + | |||
| + | This command is actually a pretty straightforward shell script. If | ||
| + | the machine you want to scan does not have network access, you can | ||
| + | also download the virus signatures manually from another machine: | ||
| + | |||
| + | wget http://files.avast.com/files/latest/400.vps | ||
| + | wget http://files.avast.com/files/latest/400vps.md5 | ||
| + | fromdos 400vps.md5 | ||
| + | md5sum --check 400vps.md5 | ||
| + | mv 400.vps ~/.avast | ||
| + | |||
| + | Recent virus signature files have become too big for the "maximum | ||
| + | size of a shared memory segment" in Linux, which is 32 MiB by default. | ||
| + | So before you run avast! with its latest 400.vps file, you **must** | ||
| + | run the following command, which increases the maximum to 64 MiB: | ||
| + | |||
| + | echo 67108864 > /proc/sys/kernel/shmmax | ||
| + | |||
| + | After that, you are finally ready to run Avast! as much as you want. :-) | ||
| + | |||
| + | Basic usage (scan current directory): | ||
| + | |||
| + | avast | ||
| + | |||
| + | Paranoïd usage (if you are using GRML to check a suspicious computer, | ||
| + | you might as well use that): | ||
| + | |||
| + | avast -a -c -r ~/report-foobar.txt -t A /mnt/foobar | ||
| + | |||
| + | Of course, replace ''foobar'' with appropriate values. And don't forget to | ||
| + | save the report file to persistent storage before turning off the computer. | ||
| + | |||
| + | ===== Panda ===== | ||
| + | |||
| + | Panda provide download for trial versions for their Linux products only | ||
| + | by e-mail. So, if you really want to try it, fill in their web form | ||
| + | and receive link and license file by e-mail. | ||
| + | |||
| + | Panda for some reason did not send me a download link at all. Perhaps you | ||
| + | have more luck? ;-) | ||
