Tips Linux Explorers   All Things Linux Forum   Great Linux Links   LinuxClues.com   Hometown    



F-PROT VIRUS SCANNER for LINUX


As an intro I would like to quote a post from a few weeks ago:

QUOTE (Bruno @ Forum 2004)

LINUX, VIRUS and CHEESE

Because there are a lot of posts lately about Anti Virus Software for Linux . . . I would like to make a few points before I describe how to use the F-Prot Virus scanner in the second post in this thread.

1). If you only run Linux you do NOT need AV software

2). If you dual boot Linux / Windows and get a virus infected mail in Linux it can NOT jump to your Windows partition ( nor can it spread over the local network to other systems ) . You can even store the attachment in your /home and open the zip ( or whatever the file is ) and it will be dead in the water, it gets no oxygen ( This is also why Linux AV progs do not have a "live guard" module in them: the virus does not execute or move ) . . you can leave it there as long as you want, nothing will happen, your Windows will not get infected as long as you do not deliberately copy it over there of course.

3).In case you dual boot you better get a good AV program for Windows

4). Only if you are running a mail server you can use a Linux AV program, not because the server will be infected but only because you do not want to pass on a virus to Windows systems. ( good social behavior )

I mean: be reasonable: If you have 2 warehouses, and you use the first one to store cheese . . . are you going to place mouse-traps in the second one where you only store stainless steel ??
Don't let the mouse-trap vendors drive you crazy: Mice do not eat stainless steel !!!


So I hope I was clear . . . Slow down, Keep Cool, Relax, Life is too short: don't let unfounded fear spoil your FUN in Linux.  

See also This real good article by Nathan !

Bruno


If after reading the above you still think you need AV software I recommend F-Prot.

I prefer F-Prot because of the ones I tested, it has the fastest scan engine and it has proven its reliabillity since the DOS days.

You can download it free from:
http://www.f-prot.com/download/home_user/download_fplinux.html

NOTE: When writing this, the latest version is 6.0.2, if you are upgrading from a 4.6.* version please make sure you completely remove the old version before installing the new one ! I will give removal instructions for the 4.6.* version at the bottom of this page.

Once you downloaded the fp-Linux-i686-ws.tar.gz to your /home directory you do ( as root ):

CODE
# tar  -xvzf  fp-Linux-i686-ws.tar.gz

# rm  fp-Linux-i686-ws.tar.gz

# mv  /home/bruno/f-prot  /usr/local/bin/

# cd  /usr/local/bin/f-prot/

# ./install-f-prot.pl

After the last command the installer will start running. Accept the defaults . . . myself I did not do the last one that adds the cronjob because I want to add that later manually.
( It will automatically get the latest updated virus definitions as part of the install process )

To get the new virus definitions, next time all you have to do is:

CODE
# /usr/local/bin/f-prot/fpupdate


Now let's check if it works:

CODE
# fpscan  --version


And you should see output like:

QUOTE (Text @ Screen)

F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.4.56
Virus signatures: 2009012417050d8623145b0e9b4e6504018ced311e43
                (/usr/local/bin/f-prot/antivir.def)


Now to scan your Windows partition: ( provided that it is mounted at /mnt/win_c )

CODE
# fpscan   /mnt/win_c

Or your /home:

CODE
# fpscan  /home

Your Evolution directory:

CODE
# fpscan  /home/bruno/.evolution

Or the full "/" partition:

CODE
# fpscan  /


The above commands will show you the following output:
 
QUOTE (Text @ Screen)

F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.4.56
Virus signatures: 2009012417050d8623145b0e9b4e6504018ced311e43
                (/usr/local/bin/f-prot/antivir.def)

Scanning: \

Results:

Files: 148439
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 253494
Infected objects: 0
Files with errors: 0
Disinfected: 0

Running time: 08:12


As you can see the command does not need an extra agrument, the default is "fpscan [directory_to_scan]"


A quick way to get the updates and do the scan on the evolution directory in one go is:

CODE
# /usr/local/bin/f-prot/fpupdate && fpscan /home/bruno/.evolution/




Bruno


IMPORTANT:
In case you are upgrading from a 4.6.* version please make sure you remove the old version before installing the new one. Here is how to remove the files:
( These commands assume you followed the instructions that used to be on this page before Jan 25 2009 )

CODE
# rm -rf   /usr/local/f-prot
# rm -f   /usr/local/bin/f-prot
# rm -f   /usr/local/bin/f-prot-updates
# rm -f   /etc/f-prot.conf
# rm -f   /usr/share/man/man1/f-prot.1
# rm -f   /usr/share/man/man5/f-prot.conf.5




-- Sep 25 2004 ( Revised Jan 25 2009 ) --


Tips Linux Explorers   All Things Linux Forum   Great Linux Links   LinuxClues.com   Hometown