Då kan vi..
Virus är inget stort problem i Linux (ännu), men risken är att jag vidarebefodrar virus, ex.v. genom att skicka e-post vidare, så här kan du ladda ner virusprogram.
Hemsida: http://www.free-av.com/
(Sidan directs till Avira's antivirussida för pc mac andoid och iOS! Möjligen ligger en fungerande antivir-workstation-pers.tar.gz här: http://ccm.net/download/download-110-avira-antivir-personal-free-for-linux-freebsd-openbsd-solaris /le)
Ta ner antivir-workstation-pers.tar.gz och packa upp i /usr/local, se Källkod. Som vanligt, läs README, här behövs bara köra install-skriptet.. sh-3.00# pwd /usr/local/antivir-workstation-pers-2.1.6-16 För att kunna använda AvGuard (real-time scanning of files) måste jag fixa "dazuko" http://dazuko.org/howto-install.shtml
(Installationsbeskrivningen kan möjligen -är själv inte van vid "dazuko"- hittas här:
http://dazuko.dnsalias.org/wiki/index.php/Installation_HOWTO /le)
..den ligger i /usr/local/antivir-workstation-pers-2.1.6-16/contrib/dazuko,
flytta dit och..
sh-3.00# tar xvfz dazuko-2.2.0.tar.gz
sh-3.00# cd dazuko-2.2.0
sh-3.00# ./configure
checking if security module support is enabled... no
error: security module support must be enabled in your kernel
sh-3.00# ./install
..bla..bla..
Do you agree to the license terms? [n] y
creating /usr/lib/AntiVir ... done
1) installing command line scanner
copying bin/antivir to /usr/lib/AntiVir/ ... done
copying vdf/antivir0.vdf to /usr/lib/AntiVir/ ... done
copying vdf/antivir1.vdf to /usr/lib/AntiVir/ ... done
copying vdf/antivir2.vdf to /usr/lib/AntiVir/ ... done
copying vdf/antivir3.vdf to /usr/lib/AntiVir/ ... done
Enter the path to your key file: [hbedv.key]
copying hbedv.key to /usr/lib/AntiVir/hbedv.key ... done
copying script/configantivir to /usr/lib/AntiVir/ ... done
linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done
installation of command line scanner complete
2) installing internet update daemon
An internet update daemon is available with version 2.1.6-16 of
AntiVir for UNIX Workstation. This is a program that will run in the background
and automatically check for updates (internet access is required).
Instead of installing the internet update daemon, you may also
manually check for updates using:
antivir --update
Please read the README file for more information about updating and
which method best suits you.
Would you like to install the internet update daemon? [n] n
3) installing AvGuard
Version 2.1.6-16 of AntiVir for UNIX Workstation is capable of on-access,
real-time scanning of files. This provides the ultimate protection
against viruses and other unwanted software. The on-access scanner
(called AvGuard) is based on Dazuko, a free software project providing
access control. In order to use AvGuard you will need to compile Dazuko
for your kernel. Please refer to contrib/dazuko/HOWTO-Dazuko for
information about how to do this. There are several ways in which you
can install AvGuard.
module - Dazuko will be loaded by the avguard script
kernel - Dazuko is always loaded
(and should not be loaded by the avguard script)
no install - do not install AvGuard at this time
Note: Dazuko currently only works with GNU/Linux, FreeBSD and Solaris
systems. If you are interested in helping us port Dazuko to
OpenBSD, feel free to check out the Dazuko Project at:
http://www.dazuko.org
available options: m k n
How should AvGuard be installed? [n] n
AvGuard will NOT be installed. See contrib/dazuko/HOWTO-Dazuko
for more information about Dazuko.
4) installing GUI (+ SMC support)
Note: The AntiVir Security Management Center (SMC) requires this
feature, even if you do not intend to use the GUI.
This product comes with a GUI that allows you to monitor realtime
activity, view logs, and configure the product. This tool is optional
(not required) for the product to run.
The GUI requires Java 1.4.0 or higher.
Would you like to install the GUI (+ SMC support)? [y] y
checking for existing /etc/avguard.conf ... not found
copying etc/avguard.conf-gui to /etc/avguard.conf ... done
copying common gui files to /usr/lib/AntiVir/gui ... done
copying platform dependant gui files to /usr/lib/AntiVir/gui ... done
copying script/antivir-gui to /usr/lib/AntiVir/ ... done
linking /usr/bin/antivir-gui to /usr/lib/AntiVir/antivir-gui ... done
installation of GUI complete
5) configuring AntiVir Updater
Your connection to the internet might require special configuration
settings (such as HTTP proxy settings). You may also want the
updater to log to specific files or send email notification. You
now have the opportunity to set these options.
Note: Although you have not installed the internet update daemon,
these settings may still be important for performing manual
updates.
Would you like to configure the AntiVir updater now? [y] y
EmailTo (1 of 3)
=======
You may configure the AntiVir Updater to send out an email message
whenever an update was successful or an error with the update occurred.
available options: y n
Would you like email notification about updates? [n] n
LogTo (2 of 3)
=====
In addition to logging update activity through syslog, you may also
specify your own log file for messages that are generated by the.
AntiVir Updater. This can make it simpler to review past activity
without having to sift through syslog files.
available options: y n
Would you like the updater to log to a custom file? [n] n
HTTPProxyServer/HTTPProxyPort (3 of 3)
=============================
If this machine is sitting behind an HTTP proxy server, you will need to
configure AntiVir with the appropriate proxy settings. Internet access
is required in order to make updates.
available options: y n
Does this machine use an HTTP proxy server? [n] n
AntiVir Configuration
=====================
Here are the configuration settings you have specified. Look them over
to make sure they are correct.
email notification: no
specific logfile: no
http proxy server: none
available options: y n
Save configuration settings? [y] y
* SUCCESS *
Configuration successfully saved to.
/etc/avupdater.conf
Press <ENTER> to continue.
Here are some commands that you should remember...
configure updater: /usr/lib/AntiVir/configantivir
Press <ENTER> to continue.
Installation of the following features complete:
AntiVir command line scanner
AntiVir Guard (previously installed)
AntiVir GUI
Note: It is highly recommended that you perform an update now to
ensure up-to-date protection. This can be done by running:
antivir --update
Be sure to read the README file for additional information.
Thank you for your interest in AntiVir for UNIX Workstation.
sh-3.00# antivir --update
AntiVir / Linux Version 2.1.6-16
Copyright (c) 2006 by Avira GmbH.
All rights reserved.
Warning: the file "antivir.vdf" is more than 14 days old
checking for updates
02.01.06.16 < 02.01.06.23 [antivir]
06.32.00.60 = 06.32.00.60 [antivir0.vdf]
06.34.00.04 < 06.34.00.105 [antivir1.vdf]
06.34.00.06 < 06.34.00.159 [antivir2.vdf]
06.34.00.07 < 06.34.00.160 [antivir3.vdf]
antivir 100% |**********| 699 KB 116.59 KB/s 0:00 ETA
antivir1.vdf 100% |*****| 1630 KB 116.45 KB/s 0:00 ETA
antivir2.vdf 100% |*****| 149 KB 149.17 KB/s 0:00 ETA
antivir3.vdf 100% |*****| 4 KB 0.00 KB/s --:-- ETA
02.01.06.23 = 02.01.06.23 [antivir]
06.34.00.105 = 06.34.00.105 [antivir1.vdf]
06.34.00.159 = 06.34.00.159 [antivir2.vdf]
06.34.00.160 = 06.34.00.160 [antivir3.vdf]
02.01.06.16 --> 02.01.06.23 the scan engine [the application] (/usr/lib/AntiVir/antivir)
06.34.00.07 --> 06.34.00.160 the VDF database (inc) (/usr/lib/AntiVir/antivir1.vdf,
/usr/lib/AntiVir/antivir2.vdf, /usr/lib/AntiVir/antivir3.vdf)
AntiVir updated successfully
Nu provar jag som vanlig användare..
titus@zenita:~$ antivir-gui
ERROR: titus is not in the `antivir' group
To add titus to the `antivir' group:
# /usr/sbin/usermod -G disk,wheel,floppy,audio,video,cdrom,games,users,antivir titus
Note: titus must log in again for this
change to take effect.
..lite senare då ;-)
titus@zenita:~$ antivir-gui
Då kan vi..
..ställa in..
..det precis..
..som vi vill..
..ha det! :-)
Nu "skannar" vi..
titus@zenita:~$ antivir
AntiVir / Linux Version 2.1.6-23
Copyright (c) 2006 by Avira GmbH.
All rights reserved.
VDF version: 6.34.0.160 created 07 Apr 2006
For private, non-commercial use only.
AntiVir license: 149996 for PersonalEdition Classic
auto excluding /sys/ from scans (is a special fs)
auto excluding /proc from scans (is a special fs)
checking drive/path (cwd): /home/titus
/home/titus/.xsession-errors~
Date: 7.02.2006 Time: 09:37:45 Size: 1335
error: could not open file for read access
file was not scanned at all!
warning: file access denied
------ scan results ------
directories: 1
scanned files: 28
alerts: 0
suspicious: 0
warnings: 1
scan time: 00:00:01
--------------------------
Thank you for using AntiVir.
..helt OK! Nu måste vi ta en titt på AvGuard.
Hemsida: http://www.f-prot.com/products/home_use/linux/ Manual: http://www.f-prot.com/support/helpfiles/unix/workstation/index.html Nedladdn: http://www.f-prot.com/download/home_user/download_fplinux.html Ta ner fp-linux-ws.tar.gz och packa upp i /usr/local, se Källkod.
Perl 5.8 och "unzip", d.v.s.. perl-5.8.6-i486-1 infozip-5.52-i486-1 root@haze:/home/hakan# swaret --search perl swaret 1.7.0test4-1 Listing available Packages matching Keyword: perl... perl-5.8.6-i486-1 (12430 kB) [Status: INSTALLED] root@haze:/home/hakan# swaret --search infozip swaret 1.7.0test4-1 Listing available Packages matching Keyword: infozip... infozip-5.52-i486-1 (267 kB) [Status: INSTALLED] Nu lägger jag till lite "Perl-moduler" (se manualen), som "root" starta Perl's "CPAN shell".. # perl -MCPAN -e shell Är det första gången kommer du nu att få "konfa" Perl, som du kommer att märka vill "Perl" ha en massa program, har du "full install" så har du förmodligen dom redan. Dom förvalda värdena fungerar för mig. Sedan lägger du in modulerna.. cpan> install Bundle::libnet cpan> install Bundle::LWP cpan> install IO cpan> quit
Titta i manualen för olika kommandon, först uppgradera.. # /usr/local/f-prot/tools/check-updates.pl *************************************** * F-Prot Antivirus Updater * *************************************** There's a new version of: "Document/Office/Macro viruses" signatures on the web. Starting to download... Download completed. There's a new version of: "Application/Script viruses and Trojans" signatures on the web. Starting to download... Download completed. Preparing to install Application/Script viruses and Trojans signatures. Application/Script viruses and Trojans signatures have successfully been installed. Preparing to install Document/Office/Macro viruses signatures. Document/Office/Macro viruses signatures have successfully been installed. ********************************** * Update completed successfully. * ********************************** ..då testar jag hemkatalogen.. #f-prot -delete -auto /home/hakan ... Search: /home/hakan Action: Automatic deletion Files: "Dumb" scan of all files Switches: -ARCHIVE -PACKED -SERVER .... /home/hakan/.mozilla/default/1br8kby4.slt/Mail/pop.chello.se/Junk-> check_this_8029.DOC.zip->p-zipped_file_data .pif Infection: W32/Sober.G@mm Virus-infected files in archives cannot be deleted. ..som ni ser lite "skräp" i e-posten, den tar jag bort manuellt!
Här hittar du ett program som kan upptäcka rootkit Hemsida: http://www.chkrootkit.org/ FAQ: http://www.chkrootkit.org/faq/ Nedladdn: http://www.chkrootkit.org/download/ Ta ner chkrootkit-0.45.tar.gz och packa upp i /usr/local, se Källkod.
Flytta till katalogen.. #cd chkrootkit-0.45 ..läs README och kör.. #make sense ..sedan kör vi.. root@haze:/usr/local/chkrootkit-0.45# ./chkrootkit bla bla Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... chkproc: nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth0: PF_PACKET(/sbin/dhcpcd) Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... chklastlog: nothing deleted Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ..det ser ju bra ut!