Anti-virus helpForum: Apps Topic: Anti-virus help started by: Delboy Posted by Delboy on May 04 2004,13:41
Please help with newb instructions for installing an anti-virus scanner such as clamav or antivir. I can't find anything in the synaptic list of programs. Strangely, a search for 'anti-virus' on this forum brings up nothing. I don't feel very secure with dsl at the moment. Also, any thoughts on which is the more effective firewall (from Synaptic list) 'Firestarter' or 'Firewall-easy'? Lastly, what exactly is the SSH daemon in DSL?? Posted by cbagger01 on May 04 2004,16:12
Clamav is supposed to be officially part of the "testing" Debian package list.You need to change your apt sources.list file to point to the "testing" branch instead of the "stable" branch. Then do an update ("Update" button on the Synaptic screen, or "apt-update" from the command line). Then search for clamav packages. You can learn how to point your sources.list file towards "testing" by pressing the "Search" button at the top of this page. Enter "sources.list" as a keyword. Then choose "SEARCH ALL FORUMS" and "SEARCH FROM THE BEGINNING" and "OR NEWER". I have heard good things about Firestarter but I have never used it. Posted by Delboy on May 05 2004,09:03
Thanks cbagger, I ll give that 'testing' edit a go. Firestarter installed via Synaptic seems to work it definitely blocks net traffic but I haven't had time to see how far it can be configured with permissions etc. Yup, I was a bit slack about the SSH query - it's explained on the Dillo splash screen. I 'll leave SSH switched on. Posted by Delboy on May 05 2004,09:05
Thanks cbagger, I ll give that 'testing' edit a go. Firestarter installed via Synaptic seems to work it definitely blocks net traffic but I haven't had time to see how far it can be configured with permissions etc. Yup, I was a bit slack about the SSH query - it's explained on the Dillo splash screen. I 'll leave SSH switched on. Posted by Grim on May 05 2004,09:22
Clamav, and its ilk, won't provide any antivirus protection for your Linux box. AV is used in conjunction with Linux-run mail servers to weed out viruses for Microsoft client machines. If you're running a mail server for your Microsoft LAN, it may be a good idea. If you're installing AV because you always ran Norton's on your Windows boxen, you're wasting your time. If you have a spare i386 or better use < floppyfw > for your router/firewall. Doesn't need a hard drive, just a floppy drive and a couple of NIC's. The SSH Daemon allows you to connect to your Damn Small box via Secure SHell. It's handy, trust me. Posted by RoGuE_StreaK on May 06 2004,00:09
Can clamav etc. be used to diagnose / fix "windows" drives? I've always thought that would be a handy application for DSL, if a virus takes out someones windows machine, chuck in the live CD, boot up, remove the virus, and away you go... but I'm assuming these anti-virus apps would be too big for the standard iso?I did a search recently for a bootable linux that offered this, but didn't come up with anything. Though "linux" and "virus" don't usually mix, surely that would make linux the ultimate weapon in clearing viruses off windows machines!? Posted by Grim on July 17 2004,15:49
I understan your point Rogue, but if Windows won't boot, it's probably due to the virus overwriting an important system file somewhere, which DSL won't be able to help you recover anyways. DSL will start up a server that you can use to backup your hard drive to another machine or allow you to back up to CD but it doesn't really have the forensic tools to help one recover a broken windows machine. The A/V running on Linux makes sense if the Linux box is running as a mail server, it prevents infection, but I don't really see the point in having it run as a regular userspace program because there really isn't the proliferation of virii on Linux as it exists under Windows (yet). Posted by ke4nt1 on July 17 2004,17:14
Recently, I have been "testing" with the F-Prot anti-virus package.It's a small and lightweight command line scanner. Updates are fast and also small in size, so the whole thing fits in my backup thru the filetool.lst's "/usr/local/f-prot" entry. In combination with the LinNeighborhood "samba.dsl" extension, I have been using it to scan partitions on other computers over the network, even while they are in use. Since it would be easy to make a .dsl file out of f-prot, you could burn the f-prot.dsl and samba.dsl files to the / of the new DSL cdrom, and you would have a handy "pocket scanner" that is immune to corruption or infection, short of physical disk damage. As of today, the latest .tar.gz from f-prot contains updated virus data thru July 8th, but the package contains a perl script to download the latest data files from f-prot directly, if the internet is available on the machine you are testing. By the time you needed to upgrade the f-prot package, it would be time to burn the latest DSL version as well. 73 ke4nt Posted by RoGuE_StreaK on July 18 2004,07:19
Sounds good.One of the major problems I have found with virus checkers under windoze is that they can't remove viruses from system files that are "in use". So to be able to boot from a CD and check / clean ALL files on a system would be very handy. Haven't really had a chance to keep up with where DSL is for the past two months or so, so need to do some serious catching up! Posted by cbagger01 on July 19 2004,02:05
Unfortunately, if you are scanning a windows computer over the network while the target computer is up and running windows you still won't be able to clean these files because they will be in-use.However, in the worst case you could stick the hard drive into a second windows computer and boot it. Because the second windows computer will be booting from its own hard drive, it will not use the operating system files on your infected drive. The new drive should appear as D:\ or E:\ or F:\ etc and you will be able to clean any and all files that are stored there. If the infected drives are formatted in FAT16 or FAT32 then you don't need to do all of this hard drive removal stuff. Just boot linux on the computer, mount the partition with read/write permissions and go to work. And if you have a distro that contains Captive NTFS, AND your hard drive's filesystem driver files are NOT infected, then you could do a repair job without removing the hard drive. Good Luck. Posted by ke4nt1 on July 19 2004,05:30
It also does not check the boot sectors or MBR on windows boxes over the network...Only the files in the partitions... But it's good for a quick check-up .. I like the captive-ntfs on the cd idea !.. Can't you add the drivers from your XP cd to the DSL disc in advance ? 73 ke4nt Posted by Rhythmtech on Aug. 05 2004,23:36
I use DSL with F-prot to scan machines from walk-in customers. It takes about half the time of the win version of F-prot, NAV, or Mcafee, and for most of the virii that non-computer savvy people get you really need to use the removal tools and more often than not manually remove registry entries and/or other problems the virii cause. So it works perfectly for me. and save me about 40 min of waiting.
|