/os/ - Online Security

News, techniques and methods for computer network security.


New Reply on thread #1840
X
Max 20 files0 B total
[New Reply]

[Index] [Catalog] [Banners] [Logs]
Posting mode: Reply [Return]


Antivirus Software and Methods

I generally don't trust antivirus software packages but I think they may be useful in cases where you download files from the internet and open or view them. Place useful tips about virus cleaning and antivirus software tips in this thread.
On Debian and Windows I use ClamAV which is maintained by Cisco systems. 

https://www.clamav.net/
https://www.clamav.net/downloads

It comes packaged with Debian and other GNU/Linux distributions, and I've used it on OpenBSD. On windows I use the Windows defender suite but this also works on windows through an admin CMD command line. You download the package from the above link and install it. Then you need to edit two config files in the directory "C:\Program Files\ClamAV\conf_examples\".  Copy these files to the main directory 
 
C:\> copy "C:\Program Files\ClamAV\conf_examples\*.sample" .. 
C:\> cd "C:\Program Files\ClamAV\" 
C:\> move clamd.conf.sample clamd.conf
C:\> move freshclam.conf.sample freshclam.conf
C:\> notepad clamd.conf

#Comment or remove the line below.
#Example

Save and close the file, then do the same for freshclam.conf

C:\> notepad freshclam.conf

# Comment or remove the line below.
#Example

Save and close the file after commenting Example with #

C:\> freshclam

This will update the database of signatures and definitions
Next change directory into the root directory.

C:\> cd C:\  
C:\> "C:\Program Files\ClamAV\clamscan" -help | more
## read the instructions
C:\> mkdir C:\temp 
C:\> mkdir C:\temp\virus\

Now run the program from the root directory

C:\> "C:\Program Files\ClamAV\clamscan" -v -a -o -i -r -z --memory --kill --move=C:\temp\virus

This will run the antivirus program on windows and move the infected files to C:\temp\virus
you can delete these after you inspect the directory

C:\> cd C:\temp\virus\
C:\> dir 
C:\> rm C:\temp\virus\*

For GNU/Linux, the package installation will already have the #Example commented out and you simply run :

$ su
# cd /
# freshclam
# mkdir /tmp/virus/
# clamscan -v -a -o -i -r -z --move=/tmp/virus

To run the program from the current working directory

# cd /tmp/virus/
# ls /tmp/virus/
# rm /tmp/virus/* 


I'm sad to say that ClamAV found stuff on my server on Parabola GNU/Linux and on my daily driver computer on Debian, and on my Windows Computers, but found nothing on my OpenBSD machines. I don't know if it reports matched hashed files back to a central server or not so this may not be for you if you have stolen documents in your possession. For my use case I'm only concerned about Trojans, worms and files that have viruses. It's the best I have to go on.  Use this with windows defender on windows, and as mentioned on *NIX and GNU/Linux systems.  If you know more about this kind of stuff and have tips to share, feel free to share them below.

If you just want to scan your home directories, you can just run this on /home/ or a specific directory cd'ing into the directory.  Also --remove will do the deletion for you if you'd rather the program handle the process of bad flagged file removal. For a silent non verbose run remove -a and -v. Example:

$ su
# cd /home/
# freshclam
# clamscan -i -o -r -z --remove

Run it on the root directory / to get everything, however removal might break programs so its best to run verbose to a log file and move the bad files to a quarantine location before deletion. Post any tips about anti-virus if you have any.


Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


2 replies | 0 file
New Reply on thread #1840
Max 20 files0 B total