Kill a virus.

NOTE: Try this at your own risk. I will not be responsible for any issues.

To my knowledge there are no traditional viruses within linux. You do have rootkits, but that is another subject (rtkhunter and chkrootkit can be used). What we want to do here is to be able to defend against Microsoft Windows viruses. This is especially important if you run WINE (wine is not an emulator), Crossover office, or other Microsoft compatible software on linux. It is also important if you need to detect for an MSWindows virus using a machine that normally can not be susceptible to MSWindows viruses. Case in point. I was over at my brothers place spending the night when I brother was frustrated because he could not get rid of an MSWindows virus on MSWindows 7 using the great Microsoft anti-virus product. Here is sort of an outline we did to deal with the problem. Apparently his daughter brought home a thumbdrive that had a Microsoft type virus.

We plan to use Clamav for at least minimal checking/ Some of the features of clamav are:

And just for some entertainment value, here’s a couple features of ClamAV.

* Command-line scanner
* Quick, multi-threaded daemon with support for on-access scanning
* milter interface for sendmail
* Advanced db updater with support for scripted updates and digital signatures
* C library virus scanner
* On-access scanning (Linux® and FreeBSD®)
* Virus db updated multiple times per day
* Built-in support for various archive formats, including RAR, Tar, Gzip, Zip, Bzip2, OLE2, Cabs, CHM, BinHex, SIS and others I dont know
* Built-in support for many mail file formats
* Built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
* Built-in support for popular document formats like MS Office and MacOffice files, HTML, RTF and PDF

If you do not understand what all the features are for, do not worry. Just to say it is good for free.

Installation.

Command line install of Clamav for linux. (you can go to the package manager and install these programs also)

Install ClamAV, the daemon, and freshclam.

$ sudo apt-get install clamav clamav-daemon clamav-freshclam

The daemon allows the software to run in the background.

Update virus definitions after installation.

$ sudo freshclam

if you want the gui, then you might install:
$ sudo apt-get update
$ sudo apt-get install clamtk

You will want to do an update:

$ sudo freshclam

ClamAV update process started at Wed Jul 22 00:31:50 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cvd is up to date (version: 9604, sigs: 56154, f-level: 43, builder: ccordes)

Note: Proxy settings can be added if needed in the file /etc/clamav/freshclam.conf by adding the following info

HTTPProxyServer YOURPROXYIPADDRESS
HTTPProxyPort YOURPROXYPORT

Virus check.

Perform a scan for viruses in your home folder only in verbose mode.

$ sudo clamscan -r /home/YOURHOMEFOLDER

or to perform a scan on all system files, only printing infected files to the screen.

$ sudo clamscan -r -i /

Scan a thumb drive. (This is what I had to do) Most linux boxes will automount a thumb drive.

$ sudo clamscan -r -i /media/[thumbdrivename]

When it completes you should be presented with a Scan Summary similar to the one below. (Your results will vary.)

———– SCAN SUMMARY ———–
Known viruses: 600570
Engine version: 0.95.1
Scanned directories: 1
Scanned files: 14
Infected files: 0
Data scanned: 5.36 MB
Data read: 0.54 MB (ratio 9.94:1)
Time: 3.170 sec (0 m 3 s)

Remove files infected with viruses. Be careful with this one. False positives do exist!

$ sudo clamscan -r –remove /

Schedule clamscan to run with the ‘at’ command

$ sudo at 1:00 tomorrow
at> clamscan -i /home/YOURUSERNAME | mail YOUR@EMAIL.com
at>
job 1 at Wed Jul 22 01:00:00 2009

You could also use crontab, but for simplicity sake I’ve only demonstrated with the ‘at’ command.

This will require that your linux box has Samba installed. Most systems now have it installed by default. (See a linux pro if you need it installed or if needs reconfiguration. as that is not a subject of this instructable.) We are going to do this experiment with an MSWindows XP machine. I do not have MSWindows 7 to test it. Try this at your own risk! MSWindows XP has what is known as an administrative share. (So you will need administrative rights to the XP machine.). If you have your username, password, domain name and etc, it will allow this project to go easier.

Go to (Places > Connect to server) to enter in the information from your MSWindows machine. to see you the windows share.

$ sudo apt-get update
$ sudo apt-get install smbfs

mount -t smbfs -o username=,password= //sambashare /mountpoint

$ sudo mount -t smbfs -o username=adminname,password=adminpassword //192.168.1.133/c /media/smb

You will want to go to Applications > Virus scanner and choose the directory where you have your share set up. Then scan for viruses.

Comments

Post a Comment

Popular posts from this blog

Guiless?

Image
You actually can do a minimal windowing from the command line in Linux with dvtm. Dvtm is excellent for low end machines where graphics are not a priority. In the picture shown we have a working clock, SC a spreadsheet that you can easily export data to your favorite desktop spreadsheet such as Libreoffice, Links2 a web browser pointed to www.google.com, and finally nano a pretty decent basic text editor. I prefer vim, but nano has more of a user interface. Cheatsheet: `dvtm` is one simple, easy-to-use terminal multiplexer. Commonly used Options:     -v         prints version information to standard output, then exits.         -m <mod>   set default modifier at runtime.         [cmd...]   Execute cmd after dvtm is started. KeyBoard Shortcuts:     Mod    Each keybinding begins with Mod which defaults to ^g but can  be               changed in config.h or with the -m command line option.                       Mod-c  Create a new shell window.            Mod-x  Cl
Read more

Web.com and Network Solutions, the Walmart of the internet.

Web.com bought Network Solutions last month, and also has bought Register.com . Web.com picked up Network Solutions for $405M plus some stock. I have been using an e-commerce package form Network Solution for two years. I wouldn’t have noticed the buy out as the Network Solutions site has not changed. A couple of weeks ago I noticed that Network Solutions was offering some new products such as Gorilla Online Marketing . Soon after that we received a sales call about Gorilla Online Marketing from Network Solutions. When I returned the call the phone was answered by Register.com, I was confused at first but quickly found out about the buy outs. They seem like a good fit, they all target the same types of small to medium size businesses. Network Solution has always had great customer support in my opinion. Their sales people are a little irritating sometimes but they beat the heck out of GoDaddy.com and Comodo.com and you can’t beat the prices. If you can beat the prices ask them for a
Read more

MSOffice vs Libreoffice

Image
From https://wiki.documentfoundation.org/Feature_Comparison:_LibreOffice_-_Microsoft_Office Contents 1 Introduction 2 General office suite: LibreOffice vs. Microsoft Office 3 Word processors: LibreOffice Writer vs. Microsoft Word 4 Spreadsheet applications: LibreOffice Calc vs. Microsoft Excel 5 Presentation software: LibreOffice Impress vs. Microsoft Powerpoint 6 Database program: LibreOffice Base vs. Microsoft Access 7 Extensions: LibreOffice extensions adding outstanding features to LibreOffice 8 See also Introduction This page compares the features of LibreOffice 5.0.0 ( download ) and Microsoft Office 2013 . It separates major and minor feature differences and also includes notes on LibreOffice extensions. The comparison highlights differences and therefore does not display any features which are present in both office suites. The feature comparison table is continuously being updated and is work in progress It is a compilation by users and no
Read more