/os/ - Antivirus Software

Name
Email
Subject
Comment
Password
Drawing	x size canvas
File(s)	Drag files to upload or click here to select them
Spoiler

Antivirus Software Endwall 02/12/2024 (Mon) 02:06 [Preview] No. 1840

Antivirus Software and Methods

I generally don't trust antivirus software packages but I think they may be useful in cases where you download files from the internet and open or view them. Place useful tips about virus cleaning and antivirus software tips in this thread.

ClamAV Endwall 02/12/2024 (Mon) 02:34 [Preview] No.1841 del

On Debian and Windows I use ClamAV which is maintained by Cisco systems.

https://www.clamav.net/
https://www.clamav.net/downloads

It comes packaged with Debian and other GNU/Linux distributions, and I've used it on OpenBSD. On windows I use the Windows defender suite but this also works on windows through an admin CMD command line. You download the package from the above link and install it. Then you need to edit two config files in the directory "C:\Program Files\ClamAV\conf_examples\". Copy these files to the main directory

 
C:\> copy "C:\Program Files\ClamAV\conf_examples\*.sample" .. 
C:\> cd "C:\Program Files\ClamAV\" 
C:\> move clamd.conf.sample clamd.conf
C:\> move freshclam.conf.sample freshclam.conf
C:\> notepad clamd.conf

#Comment or remove the line below.
#Example

Save and close the file, then do the same for freshclam.conf

C:\> notepad freshclam.conf

# Comment or remove the line below.
#Example

Save and close the file after commenting Example with #

C:\> freshclam

This will update the database of signatures and definitions
Next change directory into the root directory.

C:\> cd C:\  
C:\> "C:\Program Files\ClamAV\clamscan" -help | more
## read the instructions
C:\> mkdir C:\temp 
C:\> mkdir C:\temp\virus\

Now run the program from the root directory

C:\> "C:\Program Files\ClamAV\clamscan" -v -a -o -i -r -z --memory --kill --move=C:\temp\virus

This will run the antivirus program on windows and move the infected files to C:\temp\virus
you can delete these after you inspect the directory

C:\> cd C:\temp\virus\
C:\> dir 
C:\> rm C:\temp\virus\*

For GNU/Linux, the package installation will already have the #Example commented out and you simply run :

$ su
# cd /
# freshclam
# mkdir /tmp/virus/
# clamscan -v -a -o -i -r -z --move=/tmp/virus

To run the program from the current working directory

# cd /tmp/virus/
# ls /tmp/virus/
# rm /tmp/virus/*

I'm sad to say that ClamAV found stuff on my server on Parabola GNU/Linux and on my daily driver computer on Debian, and on my Windows Computers, but found nothing on my OpenBSD machines. I don't know if it reports matched hashed files back to a central server or not so this may not be for you if you have stolen documents in your possession. For my use case I'm only concerned about Trojans, worms and files that have viruses. It's the best I have to go on. Use this with windows defender on windows, and as mentioned on *NIX and GNU/Linux systems. If you know more about this kind of stuff and have tips to share, feel free to share them below.

Edited last time by Endwall on 02/22/2024 (Thu) 03:00.

Endwall 02/22/2024 (Thu) 03:08 [Preview] No.1842 del

If you just want to scan your home directories, you can just run this on /home/ or a specific directory cd'ing into the directory. Also --remove will do the deletion for you if you'd rather the program handle the process of bad flagged file removal. For a silent non verbose run remove -a and -v. Example:

$ su
# cd /home/
# freshclam
# clamscan -i -o -r -z --remove

Run it on the root directory / to get everything, however removal might break programs so its best to run verbose to a log file and move the bad files to a quarantine location before deletion. Post any tips about anti-virus if you have any.

Edited last time by Endwall on 02/22/2024 (Thu) 03:09.

Top | Catalog | Post a reply | Magrathea | Return

Reason: Password: Global Remove media from post Scrub media (remove image from site)

No cookies?

Posting mode: Reply