Skip to main content

Linux Antivirus

Linux doesn't *need* Antivirus... blah.. blah... whatever...  I wear seatbelts not because I *will* be in an accident today... I wear them as I *might* be in an accident.  I don't actually run AV on my Linux systems...

My Windows 8.1 host was p0wned when I attempted to download/install a Matrix Screensaver from CNET.  I thought that site was safe.. but there is definitely many reasons why I don't generally run Windows.  Stupid stuff like this... ranks pretty high on that list.

Anyhow - since the host in question is a dual-boot system with Windows and either Fedora or RHEL - I figured I should clean-up the Malware on my Windows partition while running it from Linux.

This is the procedure for Linux:

### Install ClamAV and mount Windows partition
yum -y install clamav clamav-data  clamav-filesystem clamav-lib clamav-lib clamav-scanner-systemd clamav-server-sysvinit clamav-update clamav-unofficial-sigs

mkdir -p /windows/C
mount /dev/sda4 /windows/C

### Update the virus definitions
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
sed -i -e 's/db.XY/db.US/' /etc/freshclam.conf

mkdir /var/log/clamav
chown clamupdate:clamupdate /var/log/clamav
 
cat <(crontab -l) <(echo "30 0 * * 0 /bin/freshclam --quiet -l /var/log/clamav/freshclam.log") | crontab -

### Run a scan
clamscan --quiet --recursive=yes / --log=/var/log/clamav/clamscan-`date +%F`.out
# In another terminal run...
tail -f /var/log/clamav/clamscan-`date +%F`.out | egrep -v 'Symbolic|OK|Empty'

# A more optimal scan command
/bin/clamscan --infected --recursive --quiet --exclude-dir=^/sys --exclude-dir=^/dev --exclude-dir=^/proc --log=/var/log/clamav/clamscan-`date +%F`.out /


Labels:

Comments

Post a Comment

Popular posts from this blog

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin
Post a Comment
Read more

Install RHEL 7 on old HP DL380 g5

Someone at work had been running RHEL on an HP DL380 G5 and blew it up.  After several attempts at doing an installation that made me conclude the hardware was actually bad... I kept digging for the answer. Attempt install and Anaconda could not find any disks - try a Drivers Disk (dd.img) both cciss and hpsa.   -- once we did that, when the system would reboot it would say it could not find a disk. hmmm. Boot from your installation media and interrupt the startup at grub. Add hpsa.hpsa_allow_any=1 hpsa.hpsa_simple_mode=1 to the line starting with linuxefi press CTRL-X to boot. Once the system restarts after the install, you need to once again interrupt the startup and add the line from above. After the system starts, edit /etc/default/grub and add those 2 parameters to the end of the line starting with GRUB_CMDLINE_LINUX (which likely has quiet at the end of the line currently). then run # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig # grub2-mkconfig -o /boot/grub2
Post a Comment
Read more

MOTD with colors! (also applies to shell profiles)

I'm not sure why I had never looked into this before, but this evening I became obsessed with discovering how to present different colored text in the /etc/motd. A person had suggested creating a shell script (rather than using special editing modes in vi, or something) and I agree that is the simplest way of getting this accomplished quickly. This most noteworthy portion of this script is the following: RESET="\033[0m" that puts the users shell back to the original color. I typically like a green text on black background. Also - a great reference for the different colors and font-type (underscore, etc...) https://wiki.archlinux.org/index.php/Color_Bash_Prompt I found this example on the web and I wish I could recall where so that I could provide credit to that person. #!/bin/bash #define the filename to use as output motd="/etc/motd" # Collect useful information about your system # $USER is automatically defined HOSTNAME=`uname -n` KERNEL=`un
1 comment
Read more