所以先把最近在玩的東西給丟出來吧!
所需套件:
libstdc++2.8
註:libstdc++2.8 是一個很舊的套件了,基本上在 Woody/Sarge 上都找不到它的蹤影。
不過您可以到各大 Debian Archiver 中的 Potato 發行版本裡下載。
例:ftp://linux.sinica.edu.tw/debian/dists/potato/main/binary-i386/oldlibs/libstdc++2.8_2.90.29-2.deb。
簡介:
由於 ClamAV 的偵毒能力 (似乎) 並無法達到滴水不漏的標準,
所以我們可能會考慮採用其它的防毒軟體,如:Trend 或是 Mcafee 來將 ClamAV 給替換掉。
Mcafee 是一家商業的防毒公司,它有提供 for Linux,command line 的電腦病毒掃瞄程式。
安裝 McAfee VirusScan Command Line Scanner for Linux 測試版:
請至 Mcafee 官方網頁 免費產品試用下載 McAfee VirusScan Command Line Scanner for Linux,
或是直接至 http://download.nai.com/products/evalua ... 432e.tar.Z 下載。
安裝步驟:
將程式解壓縮
- 代碼: 選擇全部
# tar xvzf vlnx432e.tar.Z
scan.dat
names.dat
clean.dat
readme.txt
license.txt
contact.txt
e4320upg.pdf
uvscan.1
liblnxfv.so.4
uvscan
messages.dat
license.dat
install-uvscan
uninstall-uvscan
uvscan_secure
signlic.txt
liblnxfv.so
修改安裝路徑以符合系統之設定(非必要):
- 代碼: 選擇全部
# sed -e 's/\/usr\/local\/man/\/usr\/share\/man/g' install-uvscan > install-uvscan.tmp
# mv install-uvscan.tmp install-uvscan
mv: overwrite `install-uvscan'? y
# sed -e 's/\/usr\/local\//\/usr\//g' install-uvscan > install-uvscan.tmp
# mv install-uvscan.tmp install-uvscan
mv: overwrite `install-uvscan'? y
# sed -e 's/\/usr\/local\/man/\/usr\/share\/man/g' uninstall-uvscan > uninstall-uvscan.tmp
# mv uninstall-uvscan.tmp uninstall-uvscan
mv: overwrite `uninstall-uvscan'? y
# sed -e 's/\/usr\/local\//\/usr\//g' uninstall-uvscan > uninstall-uvscan.tmp
# mv uninstall-uvscan.tmp uninstall-uvscan
mv: overwrite `uninstall-uvscan'? y
# chmod 555 install-uvscan
進行安裝:
- 代碼: 選擇全部
# bash install-uvscan
Which directory do you want to install into? [/usr/uvscan]
/usr/uvscan doesn't exist. Create it? [y]/n
Do you want to create the link(s) to uvscan in /usr/bin [y]/n
Do you want to create the link(s) to uvscan_secure in /usr/bin [y]/n
Do you want to create the link(s) to liblnxfv.so.4 in /usr/lib [y]/n
Do you want to create the link(s) to uvscan.1 in /usr/share/man/man1 [y]/n
Installation complete.
Do you want to perform a scan of all filesystems y/[n]
測試是否能正確掃瞄病毒:
先產生一個測試用的病毒檔
不用擔心,這只是一個測試檔,並不是真正的病毒!
- 代碼: 選擇全部
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > EICAR.com
試著使用 uvscan 來掃瞄這個檔案:
(同時請注意其授權聲明!)
- 代碼: 選擇全部
# uvscan EICAR.com
EICAR.com
Found: EICAR test file NOT a virus.
Thank you for choosing to evaluate VirusScan from Network Associates.
This version of the software is for Evaluation Purposes Only and may be
used for up to 30 days to determine if it meets your requirements. To
license the software, or to obtain assistance during the evaluation
process, please call (408) 988-3832. If you choose not to license the
software, you need to remove it from your system. All use of this
software is conditioned upon compliance with the license terms set forth
in the README.TXT file.
更新病毒碼(個人是將這個 Script 寫在 /usr/uvscan/uvscan-update.sh 中):
- 代碼: 選擇全部
#!/bin/bash
FileSource='ftp://ftp.nai.com/pub/antivirus/datfiles/4.x'
WorkDir='/usr/uvscan'
RemoveOldData='yes'
# 測試是否己經安裝 wget 這個程式?
if [ ! -f '/usr/bin/wget' ]; then
echo "** Sorry, this script should run with [ wget ] package installed!!!"
echo "** now, exiting..."
echo ""
exit 1
fi
# 分隔線。
echo ""
echo "# -----------------------------------------------------------------------------"
echo ""
echo "Updating the Mcafee's virus data @ `date` by $USER..."
echo ""
# 進入 Mcafee Virus Scaner 的安裝目錄中
cd "$WorkDir"
# 刪除舊有的 ini 檔案
if [ -f update.ini ]; then
echo " Removing the old update.ini..."
rm update.ini
fi
# 判斷舊的病毒碼版本
if [ -f update.ini.old ]; then
OldDatVer=$(grep "DATVersion" update.ini.old | sed -n 1p | cut -d "=" -f 2 | tr -d '\r')
echo " The working version of Mcafee's virus data is $OldDatVer."
else
OldDatVer='0000'
fi
# 判斷新的病毒碼版本
echo " Downloading $FileSource/update.ini..."
echo ""
wget "$FileSource/update.ini"
if [ $? -gt 0 ]; then
echo ""
echo "** Sorry, the download of $FileSource/update.ini was failed. exiting..."
echo ""
exit 1
fi
NewDatVer=$(grep "DATVersion" update.ini | sed -n 1p | cut -d "=" -f 2 | tr -d '\r')
echo " The last version of Mcafee's virus data is $NewDatVer."
# 如果兩者不同則下載新的病毒碼
if [ "$OldDatVer" = "$NewDatVer" ]; then
echo " The Mcafee's virus data is up to date. It's no need to update."
echo ""
else
if [ -f "dat-$NewDatVer.tar" ]; then
# 如果該病毒碼已存在,則不重覆下載。
echo "** The Mcafee's virus data (dat-$NewDatVer.tar) is exist, (Strange!!)."
echo "** The download is canceled."
else
echo " Downloading $FileSource/dat-$NewDatVer.tar..."
echo ""
# 下載病毒碼
wget "$FileSource/dat-$NewDatVer.tar"
if [ $? -gt 0 ]; then
echo "** Sorry, the download of $FileSource/dat-$NewDatVer.tar was failed. exiting..."
echo ""
exit 1
fi
fi
# 確認病毒碼是否正確下載了
# 可惜沒有 md5 碼可以檢查...
if [ -f "dat-$NewDatVer.tar" ]; then
echo " Extracting dat-$NewDatVer.tar..."
echo ""
tar xvf "dat-$NewDatVer.tar"
# 判斷是否解壓縮成功?
if [ $? -gt 0 ]; then
# 失敗了。刪去壞掉的新病毒碼
echo ""
echo "** Sorry, the downloaded file, dat-$NewDatVer.tar, is broken. restoring..."
echo "** Removing dat-$NewDatVer.tar..."
rm "dat-$NewDatVer.tar"
echo "** Restoring old dat-$OldDatVer.tar..."
echo ""
# 還原為舊的病毒碼
tar xvf "dat-$OldDatVer.tar"
if [ $? -gt 0 ]; then
# 無法還原舊的病毒碼...
echo "** Sorry, an error occured when restoring old dat-$OldDatVer.tar."
echo "**"
echo "** YOU SHOULD FIX IT MANUALLY!!!"
fi
else
# 成功了。將 update.ini 給備份起來。
echo ""
echo " Rename update.ini to update.ini.old..."
mv update.ini update.ini.old
# 依您喜好,刪掉舊有的病毒碼
if [ -f "dat-$OldDatVer.tar" -a $RemoveOldData = 'yes' ]; then
echo " Removing dat-$OldDatVer.tar..."
rm "dat-$OldDatVer.tar"
fi
fi
# 顯示 Scaner 及 Virus Data 的相關資訊。
echo ""
uvscan --version
fi
fi
echo "The update is finished."
echo ""
使用 crontab -e 來設定排程,讓這個更新病毒碼的排程程式可以每三個小時執行一次:
- 代碼: 選擇全部
0 */3 * * * /usr/uvscan/uvscan-update.sh >> /var/log/uvscan.log
並請定期檢查 /var/log/uvscan.log,
確認病毒碼是否確實更新。
然後,確認 McAfee VirusScan Command Line Scanner for Linux 之運作無誤後,
就可以將它和 Postfix 及 Amavisd-new 搭配使用,
掃瞄 E-mail 的病毒了。
PS. 請注意其試用期限為 30 天。
試用期過後,請購買正式版,
或您必須把它從系統中移除掉。
