SUSE Conversations


Using F-Prot AntiVirus with SLED 10



By: pmccrackan

February 2, 2007 2:01 pm

Reads:110

Comments:0

Rating:0

Problem:

AntiVirus software, scanning etc.

Solution:

Do we need it? As with many things, it’s horses for courses. If you have a stand alone box at home running Linux and you use web mail such as Gmail or whatever, then you probably do not really need AntiVirus products. However if that’s not the case, there is a chance you may get an email with a virus on it and inadvertently spread it via email, or maybe you just want to run a scan every now and then just to see if there’s anything tucked away.

There is a multitude of software, just Google “AntiVirus for Linux” or something like that, you will find plenty.

Getting down to how to do it, well that’s very dependent upon what application you have loaded. I would imagine that most command line virus scanners would be much the same, with perhaps some slight difference in command line syntax.

I recently loaded F-Prot onto my system (SLED 10) to have a play around and see if I could catch anything, here’s what I found………

Results of virus scanning:

Files: 203023
MBRs: 0
Boot sectors: 0
Objects scanned: 180382

Time: 11:13

No viruses or suspicious files/boot sectors were found.

No surprises there really.

To get started is very simple, the rpm file was downloaded from here:

http://www.f-prot.com/products/home_use/linux/

You get a choice of file types and it’s free for home users, plus there’s some very good documentation on the web site as well.

On SLED 10 it’s just a matter of double clicking on the file to install it, there’s nothing else to be done, no questions to answer or anything.

It is a command line only program, but hey what do you expect for free.

Okay, so actually running the thing, open up a terminal and type f-prot /files or directories to scan and your switches. In my case I type this:

f-prot /home/pamccrackan -dumb -report=/home/pamccrackan/virscan.txt

To scan all files in my home directory and create a nice little log file to poke around in afterwards, you can append to this log file or just overwrite it each time.

To see what switches are available and what they do type in:

man f-prot

If you wish to scan your whole file system, you must do so as root, otherwise f-prot simply reports access denied to any files outside of your home directory. (demonstrating that virus’s would have hard time doing anything outside of your home directory I suppose!)

Of course, once you have entered a command at the terminal, you can access that command again by simply pressing the up arrow on your key board to scroll through previous commands, so the command line is not all that bad really.

Updates are pretty simple as well, there is a perl script that takes care of this, you type in (must be as root again):

/usr/local/f-prot/tools/check-updates.pl 

and away it goes and checks for you, downloading if necessary.

If you want to automate your scanning a bit, you can put your command into a file and make it into a script file by putting:

#!/bin/sh

on the first line of the file, then put your commands underneath and save it (and make it executable) to your /home/(username)/.gnome2/nautilus-scripts
folder, then you can do a virus scan with a simple right click on your desktop, select scripts then select your script file and it’s off and running.

So there we have it, no extra resources being used up by fancy GUI’s with their “always on” scanning.
But a measure of security if you feel the need for it, or a more likely need to demo the fact that you don’t really need it!

Example:

The script file to scan my home directory.

#!/bin/sh
f-prot /home/pamccrackan -dumb -report=/home/pamccrackan/mylogs/virscan.txt

Saved as virus-scan (no need for an extension)

Environment:

SLED 10, all updates applied as of 26th January 2007 and AntiVirus software F-Prot for Linux.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS