Hi :) let me start with a short off topic introduction. While I was installing anti virus software to my 64 Studio 3.0-beta3, on television there was a good German, 30 minutes long documentation from 2009 about Linux. I stopped my work and watched it.
There is an application I didn't know, it's called "INGEX", an open source production application programed by the BBC. The first hit by using the English version of the ixquick search engine is http://www.bbc.co.uk/rd/projects/tapeless-production/moreinformation.shtml, at the button of this side is the link to the sourceforge side of the project. Someone played guitar using Rakarrack, that reminded me, that it's needed for 64 Studio by default. One thought from Linux folks in this documentation was the idea to use FLOSS with Windows too, which also is the origin why I like to install anti virus software to my 64 Studio 3.0-beta3 install too. ** *Anti virus software for 64 Studio* ** For 64 Studio 2.1 I used the anti virus software from Avira GmbH, a common software in Germany for Linux and Windows. I don't want any daemon started, to do anything automatically, because I guess this isn't useful for a digital audio workstation. Just imagine that files would be scanned, while reading and writing audio files in real-time. In my opinion a firewall and AppArmor are also not useful for a digital audio workstation, but an anti virus scanner that needs to be started manually is useful for people who share files, while doing projects. No doubt, firewalls and AppArmor are good for some usages, but even for shared files for usage with a digital audio workstation, in my opinion the anti virus software is needed to protect other people, if the shared files are from a community with people who don't know each other, not, resp. less to protect the Linux based digital audio workstation. There's nothing wrong with e.g. "If, however, some random TCP/IP traffic comes in, requesting information from your computer, and that traffic is not in response to your requests, IPCop Firewall refuses to respond, and logs that attempt.", but for a digital audio workstation it can be helpful to run as less threads as possible. Anyway, community art projects might need some manually protection for shared files. The free anti virus software from Avira GmbH can be downloaded from http://www.free-av.de/en/download/download_servers.php, it was and hopefully still is reliable and fine with 64 Studio. For Suse it's in the non-oss repository, for 64 Studio it isn't in any repository I know, but for 64 Studio 3.0-beta3 I found a FLOSS anti virus software by Synaptic, it's called "Clam". I'll install the familiar anti virus software from Avira GmbH to be safe, but in addition I'll test Clam. I started with a brief look at http://www.clamav.net/about/lang-pref/en/ and the documentation, take care to chose the PDF version, if you'll take a look too. ** *Avira AntiVir Personal* ** You don't need to download the license file for Avira AntiVir Personal, a valid file is included to the archive. Download Avira AntiVir Personal by using the link above-mentioned. Run the following commands: $ cd /path/to/the/download $ md5sum antivir_workstation-pers.tar.gz Compare the checksum with the checksum of the Avira website, if it's fine run this commands: $ tar -xf antivir_workstation-pers.tar.gz $ rm antivir_workstation-pers.tar.gz $ cd antivir-workstation-pers-* $ sudo ./install Press enter to read the license, if the arrow keys don't work, use the return key to scroll for reading the license and finish with q. If you know the license you don't need to read it, you are allowed to quit immediately. "Do you agree to the license terms? [n]" Press y and then Enter or Return to enter ;). "Would you like to create a link in /usr/sbin for avupdate ? [y]" Press enter. "Would you like to setup Engine and Signature updates as cron task ? [y]" Press n and then Enter. "Would you like to check for Guard updates once a week ? [n]" Press Enter. "Would you like to install dazukofs now ? [y]" Press n and then Enter. "Would you like to create /home/quarantine ? [y]" Press n and then Enter. "Would you like to install the AVIRA Guard GNOME plugin ? [n]" Press Enter. "Would you like to create a link in /usr/sbin for avguard ? [y]" Press Enter. "Set up boot scripts [y]:" Press n and then Enter. "Would you like to activate SMC support? [y]" Press n and then Enter. Now you should get "[snip] Installation of the following features complete: AntiVir Core Components (Engine, Savapi and Avupdate) AVIRA Internet Updater AVIRA Guard *********************************************************** Configuration files: /etc/avira/avguard.conf (AVIRA Guard main config) /etc/avira/avscan.conf (AVIRA Guard avscan config) /etc/avira/avguard-scanner.conf (AVIRA Guard scanner config) /etc/avira/avupdate.conf (AVIRA Avupdate options) *********************************************************** [snip]" Something very bad happened, Avira's AntiVir changed. $ antivir --help bash: antivir: command not found $ avscan --help [snip] $ avupdate --help [snip] I'm missing some functions for the scanner and I don't like to have different commands. Get an eicar test virus and update Avira AntiVir: $ wget https://secure.eicar.org/eicar.com $ sudo avupdate --product=Guard You should get something similar to this: "Updating, please wait... Updated files: antivir1.vdf 7.1.1.113 -> 7.1.4.132 antivir2.vdf 7.1.1.114 -> 7.1.4.253 antivir3.vdf 7.1.1.129 -> 7.1.5.28 aecore.so aegen.so aehelp.so aeheur.so aeoffice.so aepack.so aerdl.so aescn.so aescript.so aeset.dat 8.2.0.100 -> 8.2.0.228 aevdf.so Update finished successfully" At this point I rebooted into 64 Studio 2.1, see below, when I rebooted back to 64 Studio 3.0-beta3 I just made a little test without using advanced options. Before the scanner can be used, the guard must be started. $ sudo avguard start Starting AVIRA AntiVir Workstation Personal ... Starting: avguard.bin Warning: No dazuko module available, on-access protection disabled. $ sudo avscan -s Warning: quarantine directory /home/quarantine/ not accessible Avira AntiVir Copyright (C) 2009 by Avira GmbH. All rights reserved. SAVAPI-Version: 3.0.5.17, AVE-Version: 8.2.0.228 VDF-Version: 7.1.5.28 created 20090724 [snip] file: /usr/src/antivir-workstation-pers-3.0.5-0/eicar.com last modified on date: 2006-11-01 time: 00:21:26, size: 68 bytes ALERT: Eicar-Test-Signature ; virus ; Contains code of the Eicar-Test-Signature virus ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature which action to take (quit, none, rename, move, delete)? [none] empty response. Will use (default or previous) action [none] no action taken [snip] file: /usr/src/antivir-workstation-pers-3.0.5-0/eicar.mpg last modified on date: 2009-07-25 time: 21:58:15, size: 68 bytes ALERT: Eicar-Test-Signature ; virus ; Contains code of the Eicar-Test-Signature virus ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature which action to take (quit, none, rename, move, delete)? [none] empty response. Will use (default or previous) action [none] no action taken ------ scan results ------ directories: 19 scanned files: 156 alerts: 2 suspicious: 0 repaired: 0 deleted: 0 renamed: 0 moved: 0 scan time: 00:00:20 -------------------------- $ sudo avguard stop Stopping AVIRA AntiVir Workstation Personal ... Stopping: avguard.bin Removing the source and eicar test virus: $ rm -r antivir-workstation-pers-* rm: remove write-protected regular file `antivir-workstation-pers-3.0.5-0/eicar.mpg'? y ** *For my 64 Studio 2.1 install it looks different* **, even if the virus definition files are the same. You only need one command and there's a special option to use the command options very comfortable. Hopefully Clam will bring back the old Avira AntiVir comfort and quality. $ su # antivir --update AntiVir / Linux Version 2.1.12-175 Copyright (c) 2008 by Avira GmbH. All rights reserved. Warning: the file "antivir.vdf" is more than 14 days old checking for updates on disk | upd server --------------+-------------- 02.01.12.175 < 02.01.12.181 [antivir] 07.01.00.00 = 07.01.00.00 [antivir0.vdf] 07.01.04.132 = 07.01.04.132 [antivir1.vdf] 07.01.04.198 < 07.01.04.253 [antivir2.vdf] 07.01.04.201 < 07.01.05.28 [antivir3.vdf] --------------+-------------- antivir 100% |**************************************************************| 2773 KB 554.63 KB/s 0:00 ETA antivir2.vdf 100% |*********************************************************| 1737 KB 579.30 KB/s 0:00 ETA antivir3.vdf 100% |*********************************************************| 209 KB 0.00 KB/s --:-- ETA on disk | upd server --------------+-------------- 02.01.12.181 = 02.01.12.181 [antivir] 07.01.04.253 = 07.01.04.253 [antivir2.vdf] 07.01.05.28 = 07.01.05.28 [antivir3.vdf] --------------+-------------- 02.01.12.175 --> 02.01.12.181 the scanner [the application] (/usr/lib/AntiVir/antivir) 07.01.04.201 --> 07.01.05.28 the VDF database (inc) (/usr/lib/AntiVir/antivir2.vdf, /usr/lib/AntiVir/antivir3.vdf) AntiVir successfully updated itself # mount /dev/hda6 /mnt/studio32 # cp /mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0/eicar.com /mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0/eicar.mpg # antivir @/home/spinymouse/av.rsp /mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0 AntiVir / Linux Version 2.1.12-181 Copyright (c) 2008 by Avira GmbH. All rights reserved. VDF version: 7.1.5.28 created 24 Jul 2009 For private, non-commercial use only. AntiVir license: 149996 for Avira AntiVir PersonalEdition Classic auto excluding /sys/ from scans (is a special fs) auto excluding /proc from scans (is a special fs) checking drive/path (list): /mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0 /mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0/eicar.com Date: 01.11.2006 Time: 00:21:26 Size: 68 ALERT: [Eicar-Test-Signature] /mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0/eicar.com <<< Contains code of the Eicar-Test-Signature virus ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature ------ scan results ------ directories: 19 scanned files: 530 alerts: 1 suspicious: 0 repaired: 0 deleted: 0 renamed: 0 quarantined: 0 scan time: 00:00:04 -------------------------- Thank you for using AntiVir. # antivir --help [snip] @<rspfile> ...... read parameters from the file <rspfile> with each option in a separate line [snip] # exit $ cat av.rsp --scan-mode=all -s -z --archive-max-size=0 --archive-max-recursion=0 --archive-max-ratio=0 --archive-max-count=1024000 --scan-in-mbox --heur-macro --heur-level=3 -nolnk -v -dmse -lang=EN --with-alltypes --alert-urls=yes --warnings-as-alerts --exclude=/mnt/studio32/usr/src/antivir-workstation-pers-3.0.5-0/eicar.mpg ** *Clam* ** Run Synaptic, reload and search for "clam". Check "clamtk" and give your okay to mark all dependencies too, apply them, maybe you like to install "clamav-testfiles" in addition, do it and when everything is installed close Synaptic. By GNOME menu > System Tools > Virus Scanner, "clamtk %F" is launched. When I did this a window informed me to take care of this: "Some distributions do not automatically edit freshclam.conf and clamd.conf under /etc. Please edit those before attempting signature updates." For now ignore this message and by File > Scan a Directory, scan /usr/share/clamav-testfiles, if you have installed those test viruses. With the default settings 4 viruses were found. Close the program. Run $ sudo -i # cd /usr/share/clamav-testfiles # ls clam.cab clam.exe clam.exe.bz2 clam-v2.rar clam-v3.rar clam.zip # avupdate --product=Guard # avguard start # avscan -s --scan-in-archive=yes --archive-max-size=0 --archive-max-count=1024 --scan-mode=all [snip] scan progress: file "/usr/share/clamav-testfiles/clam.exe" scan progress: file "/usr/share/clamav-testfiles/clam.cab" scan progress: file "/usr/share/clamav-testfiles/clam-v3.rar" scan progress: file "/usr/share/clamav-testfiles/clam.zip" scan progress: file "/usr/share/clamav-testfiles/clam-v2.rar" scan progress: file "/usr/share/clamav-testfiles/clam.exe.bz2" ------ scan results ------ directories: 1 scanned files: 6 alerts: 0 suspicious: 0 scan time: 00:00:01 -------------------------- # avguard stop Press Ctrl+d. I guess there is the need to edit some settings for Clam and to read how to use the new Avira AntiVir. Anyway, both programs seems to be fine with 64 Studio 3.0-beta3. This text might be continued. Cheers, Ralf _______________________________________________ 64studio-users mailing list [email protected] http://lists.64studio.com/mailman/listinfo/64studio-users
