Virus är inget stort problem i Linux (ännu), men risken är att jag vidarebefodrar virus, ex.v. genom att skicka e-post vidare, så här kan du ladda ner virusprogram.
Hemsida: http://www.free-av.com/
(Sidan directs till Avira's antivirussida för pc mac andoid och iOS! Möjligen ligger en fungerande antivir-workstation-pers.tar.gz här: http://ccm.net/download/download-110-avira-antivir-personal-free-for-linux-freebsd-openbsd-solaris /le)
Ta ner antivir-workstation-pers.tar.gz och packa upp i /usr/local, se Källkod. Som vanligt, läs README, här behövs bara köra install-skriptet.. sh-3.00# pwd /usr/local/antivir-workstation-pers-2.1.6-16 För att kunna använda AvGuard (real-time scanning of files) måste jag fixa "dazuko" http://dazuko.org/howto-install.shtml
(Installationsbeskrivningen kan möjligen -är själv inte van vid "dazuko"- hittas här:
http://dazuko.dnsalias.org/wiki/index.php/Installation_HOWTO /le)
..den ligger i /usr/local/antivir-workstation-pers-2.1.6-16/contrib/dazuko, flytta dit och.. sh-3.00# tar xvfz dazuko-2.2.0.tar.gz sh-3.00# cd dazuko-2.2.0 sh-3.00# ./configure checking if security module support is enabled... no error: security module support must be enabled in your kernel sh-3.00# ./install ..bla..bla.. Do you agree to the license terms? [n] y creating /usr/lib/AntiVir ... done 1) installing command line scanner copying bin/antivir to /usr/lib/AntiVir/ ... done copying vdf/antivir0.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir1.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir2.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir3.vdf to /usr/lib/AntiVir/ ... done Enter the path to your key file: [hbedv.key] copying hbedv.key to /usr/lib/AntiVir/hbedv.key ... done copying script/configantivir to /usr/lib/AntiVir/ ... done linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done installation of command line scanner complete 2) installing internet update daemon An internet update daemon is available with version 2.1.6-16 of AntiVir for UNIX Workstation. This is a program that will run in the background and automatically check for updates (internet access is required). Instead of installing the internet update daemon, you may also manually check for updates using: antivir --update Please read the README file for more information about updating and which method best suits you. Would you like to install the internet update daemon? [n] n 3) installing AvGuard Version 2.1.6-16 of AntiVir for UNIX Workstation is capable of on-access, real-time scanning of files. This provides the ultimate protection against viruses and other unwanted software. The on-access scanner (called AvGuard) is based on Dazuko, a free software project providing access control. In order to use AvGuard you will need to compile Dazuko for your kernel. Please refer to contrib/dazuko/HOWTO-Dazuko for information about how to do this. There are several ways in which you can install AvGuard. module - Dazuko will be loaded by the avguard script kernel - Dazuko is always loaded (and should not be loaded by the avguard script) no install - do not install AvGuard at this time Note: Dazuko currently only works with GNU/Linux, FreeBSD and Solaris systems. If you are interested in helping us port Dazuko to OpenBSD, feel free to check out the Dazuko Project at: http://www.dazuko.org available options: m k n How should AvGuard be installed? [n] n AvGuard will NOT be installed. See contrib/dazuko/HOWTO-Dazuko for more information about Dazuko. 4) installing GUI (+ SMC support) Note: The AntiVir Security Management Center (SMC) requires this feature, even if you do not intend to use the GUI. This product comes with a GUI that allows you to monitor realtime activity, view logs, and configure the product. This tool is optional (not required) for the product to run. The GUI requires Java 1.4.0 or higher. Would you like to install the GUI (+ SMC support)? [y] y checking for existing /etc/avguard.conf ... not found copying etc/avguard.conf-gui to /etc/avguard.conf ... done copying common gui files to /usr/lib/AntiVir/gui ... done copying platform dependant gui files to /usr/lib/AntiVir/gui ... done copying script/antivir-gui to /usr/lib/AntiVir/ ... done linking /usr/bin/antivir-gui to /usr/lib/AntiVir/antivir-gui ... done installation of GUI complete 5) configuring AntiVir Updater Your connection to the internet might require special configuration settings (such as HTTP proxy settings). You may also want the updater to log to specific files or send email notification. You now have the opportunity to set these options. Note: Although you have not installed the internet update daemon, these settings may still be important for performing manual updates. Would you like to configure the AntiVir updater now? [y] y EmailTo (1 of 3) ======= You may configure the AntiVir Updater to send out an email message whenever an update was successful or an error with the update occurred. available options: y n Would you like email notification about updates? [n] n LogTo (2 of 3) ===== In addition to logging update activity through syslog, you may also specify your own log file for messages that are generated by the. AntiVir Updater. This can make it simpler to review past activity without having to sift through syslog files. available options: y n Would you like the updater to log to a custom file? [n] n HTTPProxyServer/HTTPProxyPort (3 of 3) ============================= If this machine is sitting behind an HTTP proxy server, you will need to configure AntiVir with the appropriate proxy settings. Internet access is required in order to make updates. available options: y n Does this machine use an HTTP proxy server? [n] n AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct. email notification: no specific logfile: no http proxy server: none available options: y n Save configuration settings? [y] y * SUCCESS * Configuration successfully saved to. /etc/avupdater.conf Press <ENTER> to continue. Here are some commands that you should remember... configure updater: /usr/lib/AntiVir/configantivir Press <ENTER> to continue. Installation of the following features complete: AntiVir command line scanner AntiVir Guard (previously installed) AntiVir GUI Note: It is highly recommended that you perform an update now to ensure up-to-date protection. This can be done by running: antivir --update Be sure to read the README file for additional information. Thank you for your interest in AntiVir for UNIX Workstation. sh-3.00# antivir --update AntiVir / Linux Version 2.1.6-16 Copyright (c) 2006 by Avira GmbH. All rights reserved. Warning: the file "antivir.vdf" is more than 14 days old checking for updates 02.01.06.16 < 02.01.06.23 [antivir] 06.32.00.60 = 06.32.00.60 [antivir0.vdf] 06.34.00.04 < 06.34.00.105 [antivir1.vdf] 06.34.00.06 < 06.34.00.159 [antivir2.vdf] 06.34.00.07 < 06.34.00.160 [antivir3.vdf] antivir 100% |**********| 699 KB 116.59 KB/s 0:00 ETA antivir1.vdf 100% |*****| 1630 KB 116.45 KB/s 0:00 ETA antivir2.vdf 100% |*****| 149 KB 149.17 KB/s 0:00 ETA antivir3.vdf 100% |*****| 4 KB 0.00 KB/s --:-- ETA 02.01.06.23 = 02.01.06.23 [antivir] 06.34.00.105 = 06.34.00.105 [antivir1.vdf] 06.34.00.159 = 06.34.00.159 [antivir2.vdf] 06.34.00.160 = 06.34.00.160 [antivir3.vdf] 02.01.06.16 --> 02.01.06.23 the scan engine [the application] (/usr/lib/AntiVir/antivir) 06.34.00.07 --> 06.34.00.160 the VDF database (inc) (/usr/lib/AntiVir/antivir1.vdf, /usr/lib/AntiVir/antivir2.vdf, /usr/lib/AntiVir/antivir3.vdf) AntiVir updated successfully Nu provar jag som vanlig användare.. titus@zenita:~$ antivir-gui ERROR: titus is not in the `antivir' group To add titus to the `antivir' group: # /usr/sbin/usermod -G disk,wheel,floppy,audio,video,cdrom,games,users,antivir titus Note: titus must log in again for this change to take effect. ..lite senare då ;-) titus@zenita:~$ antivir-gui
Då kan vi..
..ställa in..
..det precis..
..som vi vill..
..ha det! :-)
Nu "skannar" vi.. titus@zenita:~$ antivir AntiVir / Linux Version 2.1.6-23 Copyright (c) 2006 by Avira GmbH. All rights reserved. VDF version: 6.34.0.160 created 07 Apr 2006 For private, non-commercial use only. AntiVir license: 149996 for PersonalEdition Classic auto excluding /sys/ from scans (is a special fs) auto excluding /proc from scans (is a special fs) checking drive/path (cwd): /home/titus /home/titus/.xsession-errors~ Date: 7.02.2006 Time: 09:37:45 Size: 1335 error: could not open file for read access file was not scanned at all! warning: file access denied ------ scan results ------ directories: 1 scanned files: 28 alerts: 0 suspicious: 0 warnings: 1 scan time: 00:00:01 -------------------------- Thank you for using AntiVir. ..helt OK! Nu måste vi ta en titt på AvGuard.
Hemsida: http://www.f-prot.com/products/home_use/linux/ Manual: http://www.f-prot.com/support/helpfiles/unix/workstation/index.html Nedladdn: http://www.f-prot.com/download/home_user/download_fplinux.html Ta ner fp-linux-ws.tar.gz och packa upp i /usr/local, se Källkod.
Perl 5.8 och "unzip", d.v.s.. perl-5.8.6-i486-1 infozip-5.52-i486-1 root@haze:/home/hakan# swaret --search perl swaret 1.7.0test4-1 Listing available Packages matching Keyword: perl... perl-5.8.6-i486-1 (12430 kB) [Status: INSTALLED] root@haze:/home/hakan# swaret --search infozip swaret 1.7.0test4-1 Listing available Packages matching Keyword: infozip... infozip-5.52-i486-1 (267 kB) [Status: INSTALLED] Nu lägger jag till lite "Perl-moduler" (se manualen), som "root" starta Perl's "CPAN shell".. # perl -MCPAN -e shell Är det första gången kommer du nu att få "konfa" Perl, som du kommer att märka vill "Perl" ha en massa program, har du "full install" så har du förmodligen dom redan. Dom förvalda värdena fungerar för mig. Sedan lägger du in modulerna.. cpan> install Bundle::libnet cpan> install Bundle::LWP cpan> install IO cpan> quit
Titta i manualen för olika kommandon, först uppgradera.. # /usr/local/f-prot/tools/check-updates.pl *************************************** * F-Prot Antivirus Updater * *************************************** There's a new version of: "Document/Office/Macro viruses" signatures on the web. Starting to download... Download completed. There's a new version of: "Application/Script viruses and Trojans" signatures on the web. Starting to download... Download completed. Preparing to install Application/Script viruses and Trojans signatures. Application/Script viruses and Trojans signatures have successfully been installed. Preparing to install Document/Office/Macro viruses signatures. Document/Office/Macro viruses signatures have successfully been installed. ********************************** * Update completed successfully. * ********************************** ..då testar jag hemkatalogen.. #f-prot -delete -auto /home/hakan ... Search: /home/hakan Action: Automatic deletion Files: "Dumb" scan of all files Switches: -ARCHIVE -PACKED -SERVER .... /home/hakan/.mozilla/default/1br8kby4.slt/Mail/pop.chello.se/Junk-> check_this_8029.DOC.zip->p-zipped_file_data .pif Infection: W32/Sober.G@mm Virus-infected files in archives cannot be deleted. ..som ni ser lite "skräp" i e-posten, den tar jag bort manuellt!
Här hittar du ett program som kan upptäcka rootkit Hemsida: http://www.chkrootkit.org/ FAQ: http://www.chkrootkit.org/faq/ Nedladdn: http://www.chkrootkit.org/download/ Ta ner chkrootkit-0.45.tar.gz och packa upp i /usr/local, se Källkod.
Flytta till katalogen.. #cd chkrootkit-0.45 ..läs README och kör.. #make sense ..sedan kör vi.. root@haze:/usr/local/chkrootkit-0.45# ./chkrootkit bla bla Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... chkproc: nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth0: PF_PACKET(/sbin/dhcpcd) Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... chklastlog: nothing deleted Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ..det ser ju bra ut!