Antiviral - pls don't ignore this post


Forum: Apt-get
Topic: Antiviral - pls don't ignore this post
started by: WoofyDugfock

Posted by WoofyDugfock on Nov. 10 2004,14:20
The "pls don't ignore this post" is there because I've noticed that this type of request involving subtleties with apt-get libs and .debs sometimes tends to get ignored.

I've got v close to running f-prot antiviral on dsl (a deb package, free for personal use) but am stuck at an installation problem with one lib.
Thusfar I've:

1. Registered and Downloaded fs-prot-ws.deb from their website < http://www.f-prot.com/download/home_user/download_fplinux.html >
Just naively
trying dpkg -i on this yields the requirement for the dependencies:
libwww-perl and libnet-perl.( Installing the perl-containing gtk2.dsl doesn't help but I didn't really expect it to).

2. Pointing /etc/apt/sources.list at:
deb < http://ftp.us.debian.org/debian/ > testing main
and typing apt-get install libwww-perl
gives a list of dependencies and suggests that I type & agree to apt-get -f install, which I did.

3. This last step corrects the dependencies, upgrades perl-base and installs a lot of libs, including the two needed in 1 above, and also tries to install fs-prot-ws and libnet-perl.

This last file is the only problem.
It says:

Setting up libnet-perl (1.19-1) ...
Couldn't open configuration file!
dpkg: error processing libnet-perl (--configure):
subprocess post-installation script returned error exit status 30
Errors were encountered while processing:
libnet-perl
E: subprocess /usr/bin/dpkg returned an error code (1)

Having guessed which repository contains the correct libs etc it would be nice to get this running and useful info for other users?

Any help out there would be appreciated.

WdF

Posted by ico2 on Nov. 10 2004,14:26
hmm, try just apt-getting perl
Posted by WoofyDugfock on Nov. 10 2004,14:36
Thanks ico2, I have - I get the exactly the same error with the same lib ie no progress.
Posted by henk1955 on Nov. 10 2004,14:41
dsl = based on knoppix
kanotix = based on knoppix
< Kano scripts > can extent dsl
i have used the Install-f_prot.sh it works.
download it. read what is does. then if you understand it. use it

<edit>
typo in url corrected
</edit>

Posted by WoofyDugfock on Nov. 10 2004,14:46
Thanks Henk. Will try. First I've heard of kano. Hope will work. Interesting.
Yours telegraphically.
wdf

Posted by WoofDugfock on Nov. 10 2004,15:36
Thanks Henk!! Worked like a charm. It runs fast, too.

One thing - putting /home/dsl/dist/ in filetool.lst is apparently not enough to back this installation up.  What files have I missed?

Posted by AwPhuch on Nov. 10 2004,15:57
Quote (henk1955 @ Nov. 10 2004,09:41)
dsl = based on knoppix
kanotix = based on knoppix
< Kano scripts > can extent dsl
i have used the Install-f_prot.sh it works.
download it. read what is does. then if you understand it. use it

Site seems to be down
-edit- It appears to be backup

Brian
AwPhuch

Posted by henk1955 on Nov. 10 2004,16:23
the install-f-prot-local.sh does
Code Sample
echo "export PATH=$PREFIX/bin:$PATH" >> $HOME/.bashrc
echo "export LD_LIBRARY_PATH=$PREFIX/lib" >> $HOME/.bashrc

so you have several options.

1. backup home/dsl/.bashrc
2. make a script that insert this code in $HOME/.bashrc
or
i think is the best if you are allways online
forget the /home/dsl/dist and rerun the install script.
it will give you the most update f-prot scaner

Posted by ico2 on Nov. 10 2004,17:06
:s
Posted by ke4nt1 on Nov. 10 2004,17:11
I had no trouble getting the downloadable f-prot to run in my
DSL filesystem..  no dep issues at all.. hmm..

I now use BitDefender console for my viral needs, since it is
very fast, does NOT xpect to be installed to a particular directory,
and updates frequently and easily..

73
ke4nt

Posted by ico2 on Nov. 10 2004,17:15
:)
Posted by WoofyDugfock on Nov. 11 2004,09:09
Thanks all for your help.

ke4nt1 - it's possible something's broken - in fact something definitely is since dsl hangs half-way through shutdown with  "pt-chown needs to be installed setuid root" (whatever these are)? I back up & reinstall at boot all of my apt cache and I've stuffed around a lot with various experiments. I don't suppose the config file that libnet-perl is looking for is already locked by gtk2.dsl or something else?

I notice apt-get remove is not removing unwanted deb packages from the cache - I have to sudo scite delete these manually. This is a pain because it mucks up the package management.
Do others have this problem or is it because I'm behind a NAT or something?

I'll also look into BitDefender.

I notice also that the debian website says that CLAMAV is to be included in the next distribution of Debian - this might yield another option as well.

Posted by WoofyDugfock on Nov. 11 2004,14:25
Henk1955 - yes backing up /home/dsl/.bashrc in addition to /home/dsl/dist/ does the trick. I should have looked at the script more carefully. I suppose I could now delete the tarball from /dist/crc/.

I put ./home/dsl/dist/f-prot/check-updates.sh
in /opt/bootlocal.sh to see if it would update the virus signatures etc at every boot, but it doesn't work.
It opens the connections OK and starts to get the files but then says:

416 requested range not satisfiable
Continued download on this file failed, which conflicts with '-c'
Refusing to truncate existing file 'fp-def.zip'.

Which I imagine are wget error messages. So for some reason this script & wget doesn't like running at boot.

Posted by henk1955 on Nov. 11 2004,14:48
if i look at the script
Quote
get -Nc < http://www.f-prot.com/cgi-bin/get_randomly?fp-def > && unzip -o fp-def.zip
and look at < WGET MAN >
it looks line the -Nc option tries to contunue a aborted download.
may by this is an typo (-nc is a valid option to).
i would delete both *.zip files before runing the script.
if downloading does not take long i't delete all from dist/ and ran the install script all over

Posted by WoofyDugfock on Nov. 12 2004,11:26
You're right again Henk - deleting these files before running the script at boot does indeed work (though that doesn't explain why the script runs without problems after boot from a bash shell).

The recommended method in f-prot's man is to use cron to schedule downloads - so now I've discovered & intalled cron (from apt-get)

Guess what - now I can't get cron working!!!!!!

As the Major once said to Basil Fawlty (John Cleese): "Why do we bother, Fawlty?"

I've followed all the instructions etc etc.  Don't @#$&* work.

My scheduleupdates.cron (to run at say 12:55 every day) is in /home/dsl/dist/:

55 12 * * * ./home/dsl/dist/f-prot/check-updates.sh; echo "Virus update ran "`date`>>/var/log/virus.log

Save & then type as root:
crontab -r
crontab /home/dsl/dist/scheduleupdates.cron
crontab -l
shows the cronjob has been set as inputted - should then run as root.

But no virus.log shows it doesn't run ( I got that idea off the web).
(According to man cron, putting CRONLOG=YES in a file /etc/default/cron is supposed to write a log file to /var/cron/log but that didn't work - probably because it's not running)

The f-prot man says to use the check-updates.pl perl script (also provided) but that requires a perl module I don't have installed.

The sh script should run from cron, surely? It has ugo+x permissions.

Perhaps a PATH problem?

Is it just me?  Am I unusually intellectually handicapped?

Posted by Grim on Nov. 12 2004,12:54
I'm going to ask the question that nobody else seems to think of whenever somebody asks about running antivirus on Linux--Why do you want to run antivirus anyway?

'Cause, you know f-prot only checks for Microsoft Windows viruses, right?  You do know that, right?  So, unless you're running f-prot to scan for viruses on a mail server that you're running for your intranet, that serves Windows boxen, there's really no need to be running antivirus.

And frankly,  DSL isn't really the distro I'd choose to run a mail server anyway, so, Why do you want to run antivirus anyway?

Posted by WoofyDugfock on Nov. 12 2004,13:04
PS: Things that don't work -

1. As an afterthought I wondered if it was because the cron daemon had not been started following install - it's supposed to start on boot.

It turns out that typing /etc/rc2.d/./S89cron yields various start/stop options for cron. One is:

Typing '/etc/init.d/cron start' starts the daemon.  This information is not provided in man cron.

But my cronjob STILL does not run, so that's not it.

2. I tried putting a symbolic link to check-updates.sh in /sbin, which the man cron says is the default path for cron as root. Nothing.

Posted by WoofyDugfock on Nov. 12 2004,13:46
Grim

Your post is meant to be provocative but I'll reply anyway (once only).

1. F-prot currently scans for 408 known unix/linux viruses in addition to many thousands on a number of other platforms including Windows.

2. I've scanned my (Windows) hds from the dsl liveCD toram and it's fast -  faster than scanning the same drives with eg Norton AV within windows, which takes all day.  Also, you never know what type of downloads I may want to scan in the future - not only linux files - or what type of use I may put dsl to. And I'm working towards a hd install.

3. The idea that only mail servers should scan files seems shortsighted.  Whatever the infection rate now, the diffusion of linux viruses is bound to increase because linux will overtake Mac as the second most popular OS by the end of the year (according to HP).  There are less Mac viruses than Windows, but that does not stop Mac users running a/v software. For me this is by way of preparation. You're an opttimist, you're welcome never to run antivirus software if you wish - hope you don't have a hd install.

4. Most importantly, in case you haven't noticed, I and many others use these little projects as ways of learning to use other linux features on dsl, like cron.  I'm happy to let that take over as the primary objective.  Others may want to know the same information also.

Posted by AwPhuch on Nov. 12 2004,15:56
Quote (Guest @ Nov. 12 2004,06:26)
My scheduleupdates.cron (to run at say 12:55 every day) is in /home/dsl/dist/:

55 12 * * * ./home/dsl/dist/f-prot/check-updates.sh; echo "Virus update ran "`date`>>/var/log/virus.log

I dont think your crontab syntax is right man....plus you dont want it to echo anything on a crontab entry since it is automatic and not actively involved in a terminal window

Here is my entry in my crontab
Code Sample
# run f-prot update program
55 23 * * 0  root /usr/local/f-prot/tools/check-updates.pl -cron -quiet

# run f-prot antivirus
59 23 * * 0 root /usr/local/f-prot/f-prot / -dumb -report=/var/log/f-prot.txt -silent -wrap &
Mine runs weekly, updates at 1155, then runs the scanner at 11:59 on sunday night

Quote (Grim @ Nov. 12 2004,07:54)
I'm going to ask the question that nobody else seems to think of whenever somebody asks about running antivirus on Linux--Why do you want to run antivirus anyway?
There are linux/unix viruses...and you wouldnt want me hosting virused files and not know about it would you? Dansguardian and other service passthru deamons can use f-prot to scan inbound/outbound files for problems as well....its not completely worthless man...

Brian
AwPhuch

Posted by ke4nt1 on Nov. 12 2004,17:21
Since BitDefender offers free and unrestricted usage of their
"free" product, wouldnt this, combined with the cronjobs
posted here, make a nice extension ?
( or f-prot , but I am not aware of their licensing yet )

Set it up to autoupdate at some a.m hour, and then scan ?
You could still manually run it at anytime with the menu or icon.

Ideas, thoughts?

73
ke4nt

Posted by Grim on Nov. 12 2004,18:57
Quote (Guest @ Nov. 12 2004,06:46)
Grim

Your post is meant to be provocative but I'll reply anyway (once only).

First off, don't do me any favors.  I'm just making sure that you don't go off and make any of these new Linux users think they have to run out and buy anti-virus because "Linux has viruses too".  For day to day use, the probability for infection, while running a Linux OS is virtually nil.  Compare that to "I just re-installed Windows a half-hour ago and I'm already infested again".
Quote

1. F-prot currently scans for 408 known unix/linux viruses in addition to many thousands on a number of other platforms including Windows.

Really?  Name five.  The last major "virus" under Linux was the Ramen worm and it only targeted Apache on specific builds of RedHat (5.something) and it wasn't even a virus, it was a worm (yes there is a difference).  Not only that, it was a benevloent worm. Checking for rootkits, or exploit vulnerabilities doesn't amount to the same thing as removing virii.  Anybody that really wants to get the skinny on Linux "viruses" needs to subscribe to the bugtraq mailing list.

Sounds like you fell for the marketing hype, bub.

Quote
2. I've scanned my (Windows) hds from the dsl liveCD toram and it's fast -  faster than scanning the same drives with eg Norton AV within windows, which takes all day.  Also, you never know what type of downloads I may want to scan in the future - not only linux files - or what type of use I may put dsl to. And I'm working towards a hd install.
So, primarily, you're using f-prot to scan for Windows "viruses".  Funny, when I said it, I was being "provocative".

Quote

3. The idea that only mail servers should scan files seems shortsighted.
How else do you expect a virus to get into your system?  Through the browser?  Maybe if Microsoft ports IE to Linux.  The sad fact of the matter is that the email is the primary vector for infection.  For everything else there's file permissions.  If you run an untrusted executable on your system, you deserve what you get,

Quote
You're an opttimist
:laugh:  You don't know me very well.  Cynic, pessimist and pragmatist would all have been more accurate assessments.

And as far as the Mac OS  goes.  I've been running various flavors (8.6, 9.2, X) of Mac for the last three years, guess how many viruses in all that time?  None.  I've been running various flavors (RedHat, Mandrake, SuSE, Debian, Slackware, LOAF, tmsrtbt, DSL, etc...) of Linux over the past five years, guess how many viruses? None.

If you're running f-prot so that you can learn, then by all means, go ahead.  I'm not deriding you for running antivirus, I just don't want new Linux users to think that they have to go out and buy antivirus, because they don't.  You have a better chance at a threesome with Victoria Sercret models than you do at getting a virus under Linux.

Posted by AwPhuch on Nov. 12 2004,20:40
Quote (Grim @ Nov. 12 2004,13:57)
You have a better chance at a threesome with Victoria Sercret models than you do at getting a virus under Linux.

Really!!!!  /me goes to download a virus to get the chicks!!!
Woohoo....I still have a chance!!!!

ClamAV has a good "free" one too!

Brian
AwPhuch

Posted by Grim on Nov. 12 2004,23:43
Brian, you must get photo evidence of the deed should you choose to accept this mission. (dun-dun-DA-dun, dun-dun-DA-dun)
Posted by WoofyDugfock on Nov. 13 2004,12:20
Gee thanks for your permission to run f-prot.

You said that f-prot did not scan for any viruses other than windows ones. You were wrong.

I didn't propose in a spirit of FUD that everyone should run off and panic, nor did I say there were a lot of linux viruses or that was a high risk at this time of getting infected (quite the opposite). That was your interpretation.

My reasons are my reasons and these are valid.

Now if you've stopped trolling, perhaps I can get back to enjoying dsl?  Or do you simply wish to be as unpleasant as you say you are?

Posted by WoofyDugfock on Nov. 13 2004,13:36
I just sent 10 or so minutes writing a post that somehow vanished - if it reappears for some reason the following summary will seem somewhat repetitive (sorry) ...

Brian - thanks for your contructive response - I'll try your syntax after the weekend.  I copied that echo line verbatim from another board from a response to a similar cron query, which is not to say that it is neccessarily correct of course.

ke4nt1 - while you're unlikely to get much support for a Bitdefender.dsl from the Grim Gremlin himself, IMHO it would be v popular. If it would keep Grim "happy" (now there's a contradiction) you could always add a disclaimer about the present low risks of infection on linux (not to mention the imperviousness of a livecd boot).

Posted by WoofyDugfock on Nov. 13 2004,13:40
BTW Brian - you're kidding about ClamAV being tainted, right?
Posted by WoofyDugfock on Nov. 13 2004,14:24
Just found this:

< http://damnsmalllinux.org/cgi-bin....6;&#top >

It seems Clacker knows all about cron - at least I was right about having to manually start the cron daemon.

Digesting it will have to wait until Mondayish.

Posted by Grim on Nov. 14 2004,01:44
Dear Woofy,

First off, I didn't say I was giving you permission to run f-prot, I said I wasn't D-E-R-I-D-I-N-G you, not D-E-N-Y-I-N-G you.  Deriding, (from the root word, deride), means " To speak of or treat with contemptuous mirth", it is a synonym to ridicule.  So, I was saying that I wasn't ridiculing you for running f-prot.  Myabe I should've picked an easier word or phrase.  Maybe denigrate, disparage or "make fun of".
Quote
I didn't propose in a spirit of FUD that everyone should run off and panic, nor did I say there were a lot of linux viruses or that was a high risk at this time of getting infected (quite the opposite). That was your interpretation.
Nor was I accusing you, outright, of doing such a thing.  Look, I wasn't trying to personally attack you with my original post.  What I was trying to do was make sure that other people, less knowledgeable about antivirus software for Linux than yourself, don't get the wrong idea.  And to be perfectly honest, I wasn't sure if you had the wrong idea either.

Here's what happens, someone comes into a forum and reads "Hey, I'm trying to get anti-virus running on Linux" and Mr.Newbie Newbenson, who is contemplating trying Linux because he's fed up with Sasser, SoBig, Slapper or whatever bug happens to be wiping out Windows boxes this week, reads that post and thinks to himself, "Hey, I thought switching to Linux would get me away from all of this virus crap.  If I'm gonna have to worry about viruses still and learn a difficult new operating system, I think I'll just keep running Windows and not waste my time".

See, now you didn't come right out and say that, but that's what people think, especially new users migrating from Windows who are looking for any reason to scurry back to what's comfortable.
Quote
You said that f-prot did not scan for any viruses other than windows ones. You were wrong.
Yes, I was.  It was hyperbole, I was wrong and I apologize.  What I should have said is that F-prot, hell, any antivirus software, is intended, primarily, for Microsoft Windows products.  Viruses aren't really that big of a deal on any other computing platform, honestly.  And don't take my word for it, ask around.  Pretty much every system administrator will tell you the same thing, virii are pretty much a Windows-specific problem.

Now, all that being said, I personally am of the opinion that running antivirus on Linux to detect Linux viruses is a useful as a hope chest for a hooker.  Sure, there's a chance a hooker'll get married, but what are the odds?
Quote
...from the Grim Gremlin himself...
If we're comparing me to mythical creatures, my wife prefers Ogre.

Now, to be partially useful, I've actually written a couple of semi-useful articles on cron at my website that you may or may not find useful. < Using cron and mplayer to create an MP3/Ogg alarm clock >, < How to suppress those annoying cron emails > and < using cron and the fortune program to create a random email signature >.

Maybe one of those will help you and atone for me being a low-down, dirty bastard.

-Philip McClure

Posted by AwPhuch on Nov. 14 2004,10:52
Play nice guys...

Brian
AwPhuch

Posted by WoofyDugfock on Nov. 15 2004,10:43
Ok thanks Grim, that's all fair enough - your assistance/explanation is appreciated. I do take your points about the security of linux, the low relative threat etc.

So with that big wet tonguey out of the way I guess we can move on ....

Posted by WoofyDugfock on Nov. 15 2004,11:03
And I notice someone finally got my board name around the right way .. fyi in retrospect I suppose it's an unconscious reference to the quality of some of my former girlfriends, as opposed to an expression of any interest in actual bestiality (not that there's a big difference in certain specific cases I might mention).  Not that many Victoria Secrets models in that lot - woof!

But really they're not ALL that bad.

Chosen whilst feeling especially bitter & twisted and now I've kind of grown fond of it.

As always, apologies to any militant separatist lesbian feminists who might be out there. They probably monitor this board for any display of incorrect misogynistic tendencies ....

Posted by Grim on Nov. 15 2004,12:14
Hey Woof, I was trying to recover an ancient NT4 server at work the other day and downloaded the < INSERT > live CD (which, strangely enough, is based loosely on DSL) and they have ClamAV built right in.  

It may be worth a look, or may even warrant a email shot over to the INSERT developers, to see if they can lend any insight into building a DSL extension.

Posted by AwPhuch on Nov. 15 2004,21:34
Quote
INSERT contains a multitude of useful tools to be at your hand in a variety of situations:
full read-write support for NTFS-partitions using captive
support for various file system types: EXT2,EXT3,MINIX,REISERFS,JFS,XFS,NTFS,FAT,MSDOS,NFS,SMBFS,NCPFS,UDF,UFS,HFS,HFS+
support for linux software RAID and LVM
support for WLAN adapters
network analysis (e.g. nmap, tcpdump)
disaster recovery (e.g. parted, gpart, partimage, testdisk, recover)
virus scanning (Clam Antivirus)
computer forensics (e.g. chkrootkit, rootkit hunter)
surf the internet (e.g. links-hacked, AxY FTP)
network boot server to boot network boot enabled clients that cannot boot from the CD
based on Linux kernel 2.4.27 and Knoppix 3.6



OOOOOOHHHH...rw support for ntfs!!! hmmmmmm

Man oh man..this is nice

Good find Grim!!

Another DSL offspring!!!!!!

-edit- I wonder just how much *ideas* were borrowed from the DSL project, considering they only gave DSL an "honorable mention" and bowed before the feet of KNOPPIX!!!

Brian
AwPhuch

Posted by AwPhuch on Nov. 15 2004,21:44
I wonder how many of thier *ideas* we can borrow back...namely the NTFS support and the network boot server!!!

Brian
AwPhuch

Posted by cbagger01 on Nov. 15 2004,21:51
Borrowing it back should be relatively easy.

All you need to do is grab the captive ntfs stuff from the Knoppix 3.4 5-17-2004 liveCD and drop it into DSL.

Kinda like the "alsadebs.dsl" concept.

Posted by AwPhuch on Nov. 15 2004,22:51
What about the network boot (terminal kinda) server thingamajiger??

Brian
AwPhuch

Posted by cbagger01 on Nov. 16 2004,04:33
Once again,

if it was originally part of the knoppix 3.4 5-17-2004 livecd, then it can also be part of DSL version 0.8.x  WITHOUT any kind of kernel recompile or other nasty changes.

The only exception to this is anything related to the 2.6.x test kernel that came bundled with knoppix 3.4

Otherwise, the files can be reconstituted into DSL via some method like a *.dsl for example.

Posted by WoofyDugfock on Nov. 22 2004,13:42
Ok I finally got back to this and I think it now sorted out, so here it is documented for your titillation and extreme viewing pleasure:

After experimentation with the echo syntax in particular the following runs aok from a live CD boot.

After running Clacker's adduser.sh (see the link in my post 13 Nov, and starting cron using "/etc/init.d/cron start", the following test crontab job scheduleupdate.cron loads, runs and generates the desired log:

15 13 * * * /home/dsl/dist/f-prot/./check-updates.sh;$(echo "Virus update ran "`date`>>/var/log/virusupdate.log)

However it then occurred to me that there is a more informative logging mechanism than this aleady built-in: just turn on wget logging in check-updates.sh by inserting

-a /var/log/virusupdates.log

after wget in the 2 respective lines.

I've also decided Henk is right and the -Nc option after wget in check-updates.sh has JUST GOT to be a typo - it leads to an error again ran as above and there is no such option in the man. So I've replaced it with -N which I think (?) is what was intended; it guarantees that downloads will not occur & overwite previous files unless the timestamp on the server file is newer than the previous downloaded file - the generated logfile seems to confirm this interpretation. So the start of the two final lines of check-updates.sh are altered to:

wget -N -a /var/log/virusupdate.log http .... (etc etc)

(Just for completeness) BACKUP/RESTORE:

Have added the following to bootlocal.sh to load & start all this up on boot:
sudo /opt/./adduser.sh
/etc/init.d/cron start
sudo crontab /home/dist/scheduleupdates.sh

and added /opt/adduser.sh to filetool.lst in addition to the f-prot backup lines added in an earlier post.

(Anacron might have been a better choice for me than cron since I'm intermittently online - but that battle can wait... all this is really TIME consuming though, isn't it?).

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.