Hi, guys ... Here is a mini-HOWTO describing my experience in installing F-PROT. Obtaining and Installing the Product -------------------------------------------- Go to "http://www.f-prot.com/download/getfplinfree.html". Select the download site and type of download; I selected the rpm install. Konqueror offered to install the package using "Package Manager", and I let it go ahead. The files wind up being installed under "/usr/local/f-prot". Configuring the Product ----------------------------- The product installs with two scripts: "f-prot.sh" and "check-updates.sh". "f-prot.sh" runs the virus scanner, while "check-updates.sh" checks for and downloads updated virus signature files (which all end in a ".DEF" extension; there are 3 of these). Basically, the product is ready to go at this point, so what I did from here on was some local tweaking. I wanted "f-prot.sh" and "check-updates.sh" to be run by cron at specific times each day. In particular, I wanted "f-prot.sh" to write a report file in my home directory, but the problem is that cron runs as root, so the report file would not be readable from my userid unless I got into superuser. So, what I did was write a "wrapper" script around "f-prot.sh" to chown the report file after it was created so that I could read it. I called this script "vscan", and it looks like this: #!/bin/sh # # This is a shell script to invoke the F-Prot OnDemand Scanner for Linux. # It creates a report file called "f-prot.rep" in the subdirectory of # "/home" corresponding to the specified userid. It then chowns this # report file so that the user can look at it without being superuser. # /usr/local/f-prot/f-prot / -report=/home/$1/f-prot.rep chown $1:users /home/$1/f-prot.rep I then did a "crontab -e" and created a pair of entries that look like this: 30 19 * * * /usr/local/f-prot/check-updates.sh -cron -quiet 30 07 * * * /usr/local/f-prot/vscan bill When "vscan" runs, $1 in the script is replaced by "bill", so the report gets written to (in this case) "/home/bill/f-prot.rep". So this way, at 7:30am every morning, f-prot is invoked to do the virus scan, and at 7:30pm every evening, I check to see if there are any new virus definition files to download. f-prot, when it runs, tells you the date and time of the virus signature files it's using, so you know indirectly that "check-updates.sh" is running. The only other thing I did was to define an icon on the KDE desktop to open the report file with "kwrite"; this way, all I have to do to check the virus scan log is to click on the icon. Regards, Bill Stephens Sungard Availability Services Phone: (215) 351-1099 Fax: (215) 451-4436
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 . Hey thanks Bill! Great for busy ppl. On Thursday 25 July 2002 04:15 pm, you wrote:
- -- Boob's Law: You always find something in the last place you look. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj1AbTEACgkQnQ18+PFcZJvyzwCfXjt4IiiKywnv3EQuPtZOAwHj MoEAn23wlnH9xy6iuyn/dKT59IWC8SyL =s5oi -----END PGP SIGNATURE-----
On Thursday 25 July 2002 23.15, Bill.Stephens@sungardrs.com wrote:
/usr/local/f-prot/f-prot / -report=/home/$1/f-prot.rep
Oh dear. You're scanning your LINUX file system here, aren't you? I think you may have missed a little something here. There are no linux viruses, and the virus scanners "for linux" are meant to scan WINDOWS files and executables. It's simply a huge waste of time to scan your linux files. I suggest you change the above to just scan the subdirectories you use to store MS docs and exe:s. That should reduce the running time of the scan. For keeping your linux system secure, look at tripwire and similar products, and chkrootkit (www.chkrootkit.org). regards Anders
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 . No need to be arrogant Anders. There are Linux virii. Although my main concern is email scanning. - -- ... Had this been an actual emergency, we would have fled in terror, and you would not have been informed. On Thursday 25 July 2002 04:28 pm, you wrote:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj1AcHYACgkQnQ18+PFcZJscqQCdGSWi6ibONOAee1rxT5E7ir3S bhcAnRAAIsGe1CA+dbX2YFplVhFdCpXG =0mnD -----END PGP SIGNATURE-----
On Thursday 25 July 2002 23.41, Carl wrote:
No need to be arrogant Anders. There are Linux virii.
I wasn't being arrogant, I was pointing out an error. Scanning the whole file system takes time and it's utterly pointless. And no, there aren't any linux viruses. "f-prot for linux"'s intended market is linux machines used as file servers for windows clients, and it scans for windows viruses. //Anders
Really? http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011&findTxt=linux returns 19 and a quick search on google gives plenty to read about. Not exactly many, but not exactly none either. Phil
On Friday 26 July 2002 01.34, Phil Shipley wrote:
Well, fair enough, but when I think about viruses I think about email viruses. Any other kind requires that you run binaries from untrusted sources, and if you do that you deserve anything you get. And last time I checked no email clients in linux were scriptable or executed binary code, so no chance of any "Outlook effect" here. And as far as I know, the office suites, while scriptable, don't allow that sort of thing either. To me there are no viruses, there are security related bugs and exploits of them. Yes you need to be careful about security, and yes you should have security measures installed to handle it. But running f-prot on linux files is not one of them. Continued debate on another list perhaps, or in private email. This is not kde related. //Anders
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 25 July 2002 08:46 pm, you wrote:
Sorry, but this is important. I think most of us run binaries from untrusted sources. It's a fact of life. Time to update thinking.
And last time I checked no email clients in linux were scriptable or executed binary code, so no chance of any "Outlook effect" here.
Here's an example of an email which uses <iframe> in the message to *instantly*execute*the*attachment*: <HTML><HEAD></HEAD><BODY> <iframe src=cid:Ule09MxWJ6a042KKL3l height=0 width=0> </iframe> <FONT></FONT></BODY></HTML> No consideration allowed... Don't use HTML, as many of us do? Maybe you click the attach in a moment of fatigue or distraction.
Well you should be running =something=. I'm just tellin' ya... Is anyone using McAfee? - -- Any stone in your boot always migrates against the pressure gradient to exactly the point of most pressure. -- Milt Barber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj1AwVcACgkQnQ18+PFcZJvClACfZ9NmCZ4hzdShae8ZSyP2bf7s r+kAn3sI3khdVbNJb9sQ3yxwfx8+2WW1 =zYWI -----END PGP SIGNATURE-----
Hello,
Well , I must say, Carl is right here. You really can't say where all the files from aourceforge are coming from, do you? By the way, the last virus that hit me (though that was under windows) was "hidden" as a mp3 file, my wife just didn't look at the filename extension and klicked the file - kawoom. OK as a user a virus can't kill your whole system (the one I was talking about didn't either) but loosing data that is not backuped is even worse at home. And don't forget how many users coming over form MS products work as root and still think they are safe. Regards Chris
On Friday 26 July 2002 05.26, Carl wrote:
I think most of us run binaries from untrusted sources. It's a fact of life. Time to update thinking.
If you download a binary from an anonymous website, with no knowledge whatever of the person that put it there, you have no way of knowing what that binary will do. No antivirus software in the world will protect you from "rm -rf $HOME/*" or similar. On the other hand, if you compile from source, odds are you'd be safe. Especially if you stick to software you know others are running. I've never heard of a virus being distributed in source form (except for proof of concept viruses, clearly marked as such of course). In the linux world, too many people know how to read source code that such a virus/trojan would stand next to no chance of survival. I run binaries from SuSE, Netscape, AOL, Yahoo and a few other places. My thinking is that a) if I can't trust them at least I can sue, and b) so many other people are looking very intensely at those programs that if there were malicious content it will be discovered and those companies can do without the bad publicity inherent in such a scandal. But I would never run a binary I found on a web site somewhere. And if you ran something you got in the mail you shouldn't be allowed to own a computer.
That is a well known Outlook/IE bug. I said linux mail clients.
Don't use HTML, as many of us do? Maybe you click the attach in a moment of fatigue or distraction.
I tried sending myself an executable attachment, just to see how kmail would handle it. To get it to execute I had to save it to disk, chmod it to allow execution, and execute it manually. I'd have to be pretty "fatigued" to do that by accident. And if anyone ever makes an email client for linux that allows people to execute attachments easily I hope they are tarred and feathered, as they deserve to be. But a company sysadmin could just mount /home and /tmp with the noexec flag. Then you'd definitely be rid of users' disregarding security policy.
Well you should be running =something=.
Absolutely. Something along the lines of tripwire is excellent advice. Learning at least a little about security is another. Getting an antivirus program and thinking you're safe after that is just fooling yourself. That way Microsoft lies. //Anders
I am told there are 200+ distros and some are updated monthly against hacks etc. Therefore just how much threat are these viruses? For myself using blended systems with Lilo my main use would be for scanning the other systems part of the drive with a default boot to the Linux. CWSIV "Phil Shipley" <phil.shipley@bsp-uk.com> writes:
________________________________________________________________ GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/web/.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 . Hey thanks Bill! Great for busy ppl. On Thursday 25 July 2002 04:15 pm, you wrote:
- -- Boob's Law: You always find something in the last place you look. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj1AbTEACgkQnQ18+PFcZJvyzwCfXjt4IiiKywnv3EQuPtZOAwHj MoEAn23wlnH9xy6iuyn/dKT59IWC8SyL =s5oi -----END PGP SIGNATURE-----
On Thursday 25 July 2002 23.15, Bill.Stephens@sungardrs.com wrote:
/usr/local/f-prot/f-prot / -report=/home/$1/f-prot.rep
Oh dear. You're scanning your LINUX file system here, aren't you? I think you may have missed a little something here. There are no linux viruses, and the virus scanners "for linux" are meant to scan WINDOWS files and executables. It's simply a huge waste of time to scan your linux files. I suggest you change the above to just scan the subdirectories you use to store MS docs and exe:s. That should reduce the running time of the scan. For keeping your linux system secure, look at tripwire and similar products, and chkrootkit (www.chkrootkit.org). regards Anders
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 . No need to be arrogant Anders. There are Linux virii. Although my main concern is email scanning. - -- ... Had this been an actual emergency, we would have fled in terror, and you would not have been informed. On Thursday 25 July 2002 04:28 pm, you wrote:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj1AcHYACgkQnQ18+PFcZJscqQCdGSWi6ibONOAee1rxT5E7ir3S bhcAnRAAIsGe1CA+dbX2YFplVhFdCpXG =0mnD -----END PGP SIGNATURE-----
On Thursday 25 July 2002 23.41, Carl wrote:
No need to be arrogant Anders. There are Linux virii.
I wasn't being arrogant, I was pointing out an error. Scanning the whole file system takes time and it's utterly pointless. And no, there aren't any linux viruses. "f-prot for linux"'s intended market is linux machines used as file servers for windows clients, and it scans for windows viruses. //Anders
Really? http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011&findTxt=linux returns 19 and a quick search on google gives plenty to read about. Not exactly many, but not exactly none either. Phil
On Friday 26 July 2002 01.34, Phil Shipley wrote:
Well, fair enough, but when I think about viruses I think about email viruses. Any other kind requires that you run binaries from untrusted sources, and if you do that you deserve anything you get. And last time I checked no email clients in linux were scriptable or executed binary code, so no chance of any "Outlook effect" here. And as far as I know, the office suites, while scriptable, don't allow that sort of thing either. To me there are no viruses, there are security related bugs and exploits of them. Yes you need to be careful about security, and yes you should have security measures installed to handle it. But running f-prot on linux files is not one of them. Continued debate on another list perhaps, or in private email. This is not kde related. //Anders
participants (6)
-
Anders Johansson -
Bill.Stephens@sungardrs.com -
Carl -
Carl William Spitzer IV -
Christian Herzyk -
Phil Shipley