Search
Written by: Bill Parker (dogbert@mail.netnevada.net)
Date: October 17, 2001
The first thing you must do is have a licensed copy of
NAI's Anti-Virus software to install on your computer.
The current virus engine for linux is:
Virus Scan for Linux v4.12.0
Copyright (c) 1992-2000 Networks Associates Technology
Inc.
All rights reserved.
(408) 988-3832 LICENSED COPY - Nov 20 2000
Scan engine v4.1.20 for Linux.
Virus data file v4121 created Feb 12 2001
Scanning for 56916 viruses, trojans and variants.
As you can see, the virus update was run on Feb 12, 2001
Next thing, this file usually comes in a .tar or .tar.gz
form which is unpacked on your linux box. I put mine
in
/usr/local/uvscan
Now, there is a install program with it, but I don't
like
it all that much, so I did it the hard way (the easy way
is done by looking at readme.txt in /usr/local/uvscan)
1. do this procedure as the superuser (root)
2. The uvscan program in /usr/local/uvscan needs
the
libstdc++.so.2.8 library (which should go
in /usr/lib),
but it was not on my OpenLinux 2.3 system,
so some kind
soul mailed to me, and I placed it into
/usr/lib (I do
not know where this can be obtained from,
at the moment).
or physically placed into
/usr/lib (or symlinked in /usr/lib
to
/usr/local/uvscan/liblnxfv.so).
4. use ldconfig to update the libraries on your system,
may
take a second or two.
5. form a symlink for uvscan in /usr/local/bin with the following
cd /usr/local/bin
<enter>
ln -s /usr/local/uvscan/uvscan
uvscan
the ls -al of /usr/local/bin/uvscan should look like this:
lrwxrwxrwx 1 root root 24 Feb 13 10:18 uvscan -> /usr/local/uvscan/uvscan
the ls -al of /usr/local/uvscan/uvscan should look like this:
-r-xr-xr-x 1 root root 120831 Feb 4 12:50 /usr/local/uvscan/uvscan
6. Copy uvscan.1 (the manual page for uvscan) from
/usr/local/uvscan
to /usr/man/man1
7. type 'updatedb' to update the locate database on your system.
Next, log out as root, and go back to being to being your
plain old
user self.
The moment of truth, if everything has been installed
correctly,
type: uvscan <enter>
and this is the output which should appear:
Usage:
uvscan [--allole] [--analyse |
--analyze]
[-c
| --clean] [--cleandocall] [--config file]
[--dam] [-d | --dat | --data-directory] [--delete]
[--exclude file] [-e | --exit-on-error] [--extlist]
[--extensions EXT1[,EXT2...]] [--extra file]
[--fam] [-f | --file file] [--floppya] [--floppyb]
[-h
| --help] [--ignore-compressed] [--ignore-links] [--load
file]
[--manalyse | --manalyze | --macro-heuristics]
[--maxfilesize XXX] [-m | --move directory]
[--noboot] [--nocomp] [--nodecrypt] [--nodoc]
[--noexpire]
[--norename] [--one-file-system]
[--panalyse | --panalyze] [-p | --atime-preserve |
--plad]
[-r
| --recursive | --sub]
[--secure] [-s | --selected] [--summary]
[-u
| --unzip] [-v | --verbose] [--version] [--virus-list]
{file / directory}
A target has not been specified for scanning!
Now the final step is to follow the instructions in
/usr/local/uvscan/readme.txt about making the
eicar.com file
(which was 69 bytes on my system) by pasting the following
(no, it's not a virus) into vi eicar.com
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
and saving the file as eicar.com on your system (in
my case,
I saved it in /home/billp/eicar.com)
then I ran the scanner against it, and this is what was
reported back
to me:
[billp@nermal billp]$ uvscan eicar.com
/home/billp/eicar.com
Found:
EICAR test file NOT a virus.
at this point, issue a rm eicar.com, and you are all finished.
I have mailed NAI's tech support people about the tarball of
uvscan
not containing libstdc++.so.2.8, as the uvscan
program uses it as a
shared library. Hopefully, they will include this item
in the
tarball so others won't go through the same problem I did.
Good Luck.
|
Search
|
|