백신 프로그램 - antivir

AntiVir
- 리눅스 바이러스 스캐너 프로그램으로 최신 리눅스 바이러스를 검색한다.

-------------------------------------------------------------------

http://www.avira.com/

http://www.free-av.com/

antivir-workstation-pers.tar.gz : (다운로드)

-------------------------------------------------------------------



1. 다운 및 압축 해제

[root@server3 ~]# cd Desktop [root@server3 Desktop]# ls antivir-workstation-pers.tar.gz [root@server3 Desktop]# tar xvfz antivir-workstation-pers.tar.gz antivir-workstation-pers-2.1.12-19/ antivir-workstation-pers-2.1.12-19/.installrc antivir-workstation-pers-2.1.12-19/LICENSE antivir-workstation-pers-2.1.12-19/LICENSE.DE antivir-workstation-pers-2.1.12-19/README antivir-workstation-pers-2.1.12-19/hbedv.key antivir-workstation-pers-2.1.12-19/install antivir-workstation-pers-2.1.12-19/bin/ - 중략 antivir-workstation-pers-2.1.12-19/vdf/antivir0.vdf antivir-workstation-pers-2.1.12-19/vdf/antivir1.vdf antivir-workstation-pers-2.1.12-19/vdf/antivir2.vdf antivir-workstation-pers-2.1.12-19/vdf/antivir3.vdf [root@server3 Desktop]# mv antivir-workstation-pers-2.1.12-19/ /usr/local/src

2. 설치

[root@server3 Desktop]# cd /usr/local/src [root@server3 src]# ls antivir-workstation-pers-2.1.12-19 [root@server3 src]# cd antivir-workstation-pers-2.1.12-19 [root@server3 antivir-workstation-pers-2.1.12-19]# ls LICENSE     README  contrib  etc  hbedv.key  legal  script LICENSE.DE  bin     doc      gui  install    pgp    vdf [root@server3 antivir-workstation-pers-2.1.12-19]# vi README [root@server3 antivir-workstation-pers-2.1.12-19]# ./install Starting Avira AntiVir Workstation (UNIX) 2.1.12-19 installation...   Before installing this software, you must agree to the terms of the license.   Use the arrow keys to scroll through the license. When you are finished reading, press 'q' to exit the viewer.   Press <ENTER> to view the license. - 라이센스를 본다. Avira GmbH End-user License Agreement (EULA) This Software has been copyrighted for the Avira GmbH Tjark Auerbach Chief Executive Officer Lindauer Str. 21 88069 Tettnang, Germany www.avira.de hereinafter "Licensor". The unauthorised reproduction or unauthorised sale of this Software or parts thereof is liable to prosecution. Such conduct can be prosecuted under criminal or civil law and result in severe penalties and/or claims for damages. The Licensor hereby authorises you - hereinafter Licensee - to use this Software within the context of the following licensing conditions: �1 Subject of the Licence Concession 1) Subject of the contract is the existing computer programme; in this case the activated full version including the licence file necessary for activation, (the "Software"), as well as the programme description, operating instructions and other pertinent materials (the "documentation"). - 중략 �10 Miscellaneous 1) Any changes in, and/or supplements to this contract, including this clause, must be made in writing. Verbal supplements to this contract shall under no circumstances be made. General Terms and Conditions of Business of the Licensee are not part of this contract and have no legal force where this contractual relationship is concerned. 2) If a provision of this contract ceases to be effective or proves to be not feasible, and the attainment of the object of this contract is nevertheless still not essentially impossible, the lawfulness of any remaining provisions shall remain unaffected. Both parties shall replace the provision which is ineffective or not feasible by one which, in a legally valid and economical manner, comes closest to the sense and purpose of the ineffective provision. 3) The laws of the German Federal Republic apply to this contract. Place of jurisdiction for merchants (who are Licensees) is the registered office of the Licensor. 4) In the case of delivery in EU countries, price calculation without VAT can only occur if the Licensee has provided his/her VAT ID. Avira GmbH Lindauer Str. 21 | 88069 Tettnang | Germany Telephone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-525 10 E-mail: info@avira.de Internet: http://www.avira.de   Do you agree to the license terms? [n] y - 라이센스에 동의할 것인지를 물어본다.     creating /usr/lib/AntiVir ... done 1) installing command line scanner - 바이러스 정의 파일 (*.vdf) 복사 copying bin/antivir to /usr/lib/AntiVir/ ... done   NOTICE: This system has a prelinker. Prelinking the         antivir binary will not work correctly. Either         disable prelinking or add /usr/lib/AntiVir as an         excluded prelink path.           For example, add '-b /usr/lib/AntiVir'         to /etc/prelink.conf   copying vdf/antivir0.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir1.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir2.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir3.vdf to /usr/lib/AntiVir/ ... done   Enter the path to your key file: [hbedv.key] copying hbedv.key to /usr/lib/AntiVir/hbedv.key ... done copying script/configantivir to /usr/lib/AntiVir/ ... done linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done installation of command line scanner complete     2) installing internet update daemon An internet update daemon is available with version 2.1.12-19 of Avira AntiVir Workstation (UNIX). This is a program that will run in the background and automatically check for updates (internet access is required). Instead of installing the internet update daemon, you may also manually check for updates using:        antivir --update   Please read the README file for more information about updating and which method best suits you.   Would you like to install the internet update daemon? [n] y - 인터넷 업데이트 데몬 설지 여부 결정 copying script/avupdater to /usr/lib/AntiVir/ ... done checking for existing /etc/avupdater.conf ... not found copying etc/avupdater.conf to /etc/ ... done   Would you like to create a link in /usr/sbin for avupdater ? [y] - 업데이트를 위해 링크 파일을 생성할 것인지를 결정 linking /usr/sbin/avupdater to /usr/lib/AntiVir/avupdater ... done   Would you like the internet update daemon to start automatically? [y] - 자동 업데이트를 할 것인지를 결정(명령어로도 업데이트 가능하다.) setting up startup script ... done installation of the internet update daemon complete     3) installing AvGuard Version 2.1.12-19 of Avira AntiVir Workstation (UNIX) is capable of on-access, real-time scanning of files. This provides the ultimate protection against viruses and other unwanted software. The on-access scanner (called AvGuard) is based on Dazuko, a free software project providing access control. In order to use AvGuard you will need to compile Dazuko for your kernel. Please refer to contrib/dazuko/HOWTO-Dazuko for information about how to do this. There are several ways in which you can install AvGuard.           module     - Dazuko will be loaded by the avguard script           kernel     - Dazuko is always loaded                      (and should not be loaded by the avguard script)           no install - do not install AvGuard at this time   Note: Dazuko currently only works with GNU/Linux, FreeBSD and Solaris       systems. If you are interested in helping us port Dazuko to       OpenBSD, feel free to check out the Dazuko Project at:       http://www.dazuko.org   available options: m k n   How should AvGuard be installed? [n] n - AvGuard 를 설치 할 것인지를 결정 - AvGuard 는 Dazuko 커널 모듈을 사용하는 Gaurd 툴로서 기타 사용백신처럼 항상 램에 상주하면서 시스템의 메모리에 바이러스의 감염여부를 감시하고, 디렉토리 및 파일의 거사 기능을 제공한다. - AvGuard 를 설치하기 위해서는 Dazuko 패키지가 설치되어 있어야 한다. Dazuko 패키지를 설치후 다시 ./install 해 준후 m, k를 선택한다. AvGuard will NOT be installed. See contrib/dazuko/HOWTO-Dazuko for more information about Dazuko.     4) installing GUI (+ SMC support)   Note: The AntiVir Security Management Center (SMC) requires this       feature, even if you do not intend to use the GUI.   This product comes with a GUI that allows you to monitor realtime activity, view logs, and configure the product. This tool is optional (not required) for the product to run.   The GUI requires Sun Java 1.4.x or higher.   Would you like to install the GUI (+ SMC support)? [y]  - GUI 프로그램을 설치 할 것인지를 결정 - SMC는 Security Management Center의 약자로서 Antivir에서 만든 GUI Tool이다. 이 프로그램은 실시간으로 동작상태와 로그 파일을 보여주며, 프로그램 옵션을 변경할 수 있다. 단 java 1.4.x 이상이 설치되어 있어야 사용할 수 있다. ------------------------------------------------------------------- JAVA 버전 확인 [root@server3 security]# java -version java version "1.6.0_11" Java(TM) SE Runtime Environment (build 1.6.0_11-b03) Java HotSpot(TM) Client VM (build 11.0-b16, mixed mode, sharing) ------------------------------------------------------------------- checking for existing /etc/avguard.conf ... not found copying etc/avguard.conf-gui to /etc/avguard.conf ... done copying common gui files to /usr/lib/AntiVir/gui ... done copying platform dependant gui files to /usr/lib/AntiVir/gui ... done copying script/antivir-gui to /usr/lib/AntiVir/ ... done linking /usr/bin/antivir-gui to /usr/lib/AntiVir/antivir-gui ... done installation of GUI complete     5) configuring AntiVir Updater   Your connection to the internet might require special configuration settings (such as HTTP proxy settings). You may also want the updater to log to specific files or send email notification. You now have the opportunity to set these options.   Would you like to configure the AntiVir updater now? [y] - Antivir 환경설정을 지금 업데이트 할 것인지 결정 EmailTo                                                         (1 of 4) ======= You may configure the AntiVir Updater to send out an email message whenever an update was successful or an error with the update occurred.   available options: y n   Would you like email notification about updates? [n] y - Antivir에서 발생하는 문제들을 email로 받을 것인지 결정 What email address will receive notifications? [] root@server3.co.kr - email 주소 입력 LogTo                                                           (2 of 4) ===== In addition to logging update activity through syslog, you may also specify your own log file for messages that are generated by the. AntiVir Updater. This can make it simpler to review past activity without having to sift through syslog files.   available options: y n   Would you like the updater to log to a custom file? [y] - Antivir 의 로그파일을 생성할 것인지를 결정 What will be the log file name with absolute path (it must begin with '/') ? [/var/log/avupdater.log] - 로그파일 저장 경로 결정 AutoUpdateEvery2Hours/AutoUpdateDaily                           (3 of 4) ===================================== AntiVir is equipped with an Internet Update Daemon. At specified intervals, AntiVir will connect to an update server to check for newer versions of the AntiVir engine or the data files. If a newer version is available, AntiVir will automatically download and install the updates without requiring any special attention. This allows AntiVir to be kept current against attacks and problems.   AntiVir can be configured to check for updates every 2 hours (2) or once a day (d). You can also choose to disable the Internet Update Daemon (n).   Note: Updates can also be done manually from the command line:            antivir --update       You may prefer to disable the Internet Update Daemon and       instead perform regular updates using a cron(8) job.         Using the startup script for the Internet Update Daemon when       it is disabled will result in an error.   available options: 2 d n   How often should AntiVir check for updates? [2] n - 얼마나 자주 업데이트 할 것인지를 결정 HTTPProxyServer/HTTPProxyPort                                 (4 of 4) ============================= If this machine is sitting behind an HTTP proxy server, you will need to configure AntiVir with the appropriate proxy settings. Internet access is required in order to make updates.   available options: y n   Does this machine use an HTTP proxy server? [n] - 현재 시스템이 proxy server를 사용하고 있는지를 물어본다. AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct.   email notification:           root@server3.co.kr specific logfile:             /var/log/avupdater.log update frequency:             never (deactivated) http proxy server:            none   available options: y n   Save configuration settings? [y] - 환경 설정을 저장할 것인지 결정 * SUCCESS *   Configuration successfully saved to. /etc/avupdater.conf - /etc/avupdater.conf 파일에 저장되었다.   Press <ENTER> to continue. Running Internet Update Daemon ============================== In order for the Internet Update Daemon to be active on your system, you must run the software. This can be done manually each time the system is booted with the command:   /usr/lib/AntiVir/avupdater start   You can have it start automatically by adding avupdater to your startup scripts. Depending on your system, this can vary. Consult your system documentation on startup scripts.   During the installation, you had the option to set the updater to start automatically.   available options: y n   Would you like to apply the new configuration? [y] AntiVir Status: avupdater not running.   Here are some commands that you should remember...   configure updater:    /usr/lib/AntiVir/configantivir start update daemon:  /usr/lib/AntiVir/avupdater start stop update daemon:   /usr/lib/AntiVir/avupdater stop update daemon status: /usr/lib/AntiVir/avupdater status   Press <ENTER> to continue. Installation of the following features complete:      AntiVir command line scanner      AntiVir Internet Update Daemon      AntiVir Guard (previously installed)      AntiVir GUI     Note: It is highly recommended that you perform an update now to       ensure up-to-date protection. This can be done by running:         antivir --update   Be sure to read the README file for additional information. Thank you for your interest in Avira AntiVir Workstation (UNIX).

3. 실행

[root@server3 antivir-workstation-pers-2.1.12-19]# ls LICENSE     README  contrib  etc  hbedv.key  legal  script LICENSE.DE  bin     doc      gui  install    pgp    vdf [root@server3 antivir-workstation-pers-2.1.12-19]# cd bin [root@server3 bin]# ls antivir      freebsd5       linux_glibc22_ppc   solaris_sparc antivir.asc  linux_glibc20  linux_glibc22_s390  solaris_x86 freebsd      linux_glibc22  openbsd_elf [root@server3 bin]# cd .. [root@server3 antivir-workstation-pers-2.1.12-19]# antivir --help Usage is: antivir [options] [path[\*.ext]] [*.ext] where options are:  --help .......... display this help text (abbreviation: -h or -?)  --scan-mode=<mode> applies "extlist", "smart" or "all" scan methods:                    extlist scans files according to their filename extension,                    smart detects which files to scan from their name/content,                    all scans all files regardless of their name or content  --allfiles ...... synonymous for --scan-mode=all  --version ....... show version information  --info .......... show list of recognized forms  --update ........ update antivir  --check ......... used with --update to check for updates  --temp=<dir> .... specify the directory for temporary files  --pid-dir=<dir> . specify the directory for PID files  --home-dir=<dir>  location of executable, VDF and key files  -C <filename> ... name of configuration file  -s .............. scan subdirectories  --scan-in-archive files in archives will be extracted and scanned  -z .............. synonymous for --scan-in-archive (scan in archives, too)  --archive-max-size=N, --archive-max-recursion=N, --archive-max-ratio=N                    anti DoS feature: do not scan archive content which would                    exceed the given file size, nesting level or compression                    factor limits on extraction (0 means unlimited)  --archive-max-count=N  anti DoS feature: do not scan archive content which                    has more than N files in a recursion level  --scan-in-mbox .. scan mailbox folders, too (might be time consuming!)  --heur-macro .... enable macro heuristics  --heur-nomacro .. disable macro heuristics  --heur-level=N .. setup heuristics level: 0=off, 1-3=low-high  -nolnk .......... do not follow symbolic links  -onefs .......... do not cross file systems while following links  -noboot ......... do not check any boot records  -nombr .......... do not check any master boot records  -nobreak ........ disable Ctl-C and Ctrl-Break  -nodef  ......... do only check the given file types (eg. *.DOC)  -cf<filename> ... activate CRC check and name the database  -cv ............. calculate CRC over the whole file length (default 16k)  -cn ............. insert new files into the database  -cu ............. recalculate CRC values and update the database  -v .............. scan files completely (slower with possible false alerts)  -nopack ......... do not scan inside packed files  -e [-del | -ren]  repair concerning files if possible                    [-del] non-repairable files will be deleted                    [-ren] non-repairable files will be renamed  -ren ............ rename concerning files (*.COM->*.XXX,...)  -del ............ delete concerning files  --moveto=<dir> .. quarantine concerning files  -dmdel .......... delete documents containing suspicious macros  -dmdas .......... delete all macros if one appears to be suspicious  -dmse ........... set exit code to 101 if any macro was found  -r1 ............. just log infections and warnings  -r2 ............. log all scanned paths in addition  -r3 ............. log all scanned files  -r4 ............. select verbose log mode  -rs ............. select single-line alert messages  -rf<filename> ... name of log file                    %d = day, %m = month, %y = year (two digits each)  -ra ............. append new log data to existing file  -ro ............. overwrite existing log file  -q .............. quiet mode  -lang[:|=]DE .... use German texts  -lang[:|=]EN .... use English texts  -once ........... run only once a day  -if<dateiname> .. antivir uses the given ini file  --with-<type> ... detect other (non-virus but unwanted) software, too;                    type may be e.g. "dial", "joke", "game", etc,                    there is a --with-alltypes shortcut  --without-<type>  like --with-<type>, but disables this type  --alltypes ...... synonymous for --with-alltypes (obsolete)  --alert-urls=<yes|no> print URL for more detailed information on alerts  --warnings-as-alerts  exit with a return code as if a concerning file                    had been found when warnings have been issued  --exclude=<file>  exclude files or directories from scan  --log-email=<addr>  send out scan report by email, too  @<rspfile> ...... read parameters from the file <rspfile>                    with each option in a separate line list of return codes:    0: Normal program termination, nothing found, no error    1: Found concerning file or boot sector    2: An alert was found in memory    3: Suspicious file found  100: antivir only has displayed this help text  101: A macro was found in a document file  102: The option -once was given and antivir already ran today  200: Program aborted, not enough memory available  201: The given response file could not be found  202: Within a response file another @<rsp> directive was found  203: Invalid option  204: Invalid (non-existent) directory given at command line  205: The log file could not be created  210: antivir could not find a necessary dll file  211: Programm aborted, because the self check failed  212: The file antivir.vdf could not be read  213: An error occured during initialization  214: License key not found [root@server3 antivir-workstation-pers-2.1.12-19]# antivir --update AntiVir / Linux Version 2.1.12-19 Copyright (c) 2008 by Avira GmbH. All rights reserved. Warning: the file "antivir.vdf" is more than 14 days old email notification is not available with this license checking for updates on disk       |  upd server  --------------+-------------- 02.01.12.19   <  02.01.12.113 [antivir] 06.40.00.00   <  07.01.00.00  [antivir0.vdf] 07.00.03.02   <  07.01.01.113 [antivir1.vdf] 07.00.03.62   <  07.01.01.207 [antivir2.vdf] 07.00.03.68   <  07.01.01.222 [antivir3.vdf] --------------+-------------- antivir 100% |*******************************| 2525 KB  252.54 KB/s   0:00 ETA antivir0.vdf 100% |**************************|   14 MB  399.19 KB/s   0:00 ETA antivir1.vdf 100% |**************************| 2752 KB  229.33 KB/s   0:00 ETA antivir2.vdf 100% |**************************| 1327 KB  331.96 KB/s   0:00 ETA antivir3.vdf 100% |**************************|  146 KB   24.36 KB/s   0:00 ETA on disk       |  upd server  --------------+-------------- 02.01.12.113  =  02.01.12.113 [antivir] 07.01.00.00   =  07.01.00.00  [antivir0.vdf] 07.01.01.113  =  07.01.01.113 [antivir1.vdf] 07.01.01.207  =  07.01.01.207 [antivir2.vdf] 07.01.01.222  =  07.01.01.222 [antivir3.vdf] --------------+-------------- 02.01.12.19 --> 02.01.12.113 the scanner [the application]  (/usr/lib/AntiVir/antivir) 07.00.03.68 --> 07.01.01.222 the VDF database (inc)  (/usr/lib/AntiVir/antivir0.vdf, /usr/lib/AntiVir/antivir1.vdf, /usr/lib/AntiVir/antivir2.vdf, /usr/lib/AntiVir/antivir3.vdf) AntiVir successfully updated itself [root@server3 ~]# antivir / -s --allfiles - 디렉토리 모든 파일 검사 AntiVir / Linux Version 2.1.12-113 Copyright (c) 2008 by Avira GmbH. All rights reserved. VDF version: 7.1.1.222 created 03  2월 2009                                    For private, non-commercial use only. AntiVir license: 149996 for Avira AntiVir PersonalEdition Classic              auto excluding /sys/ from scans (is a special fs) auto excluding /proc from scans (is a special fs) checking drive/path (list): /  - 중략

4.  Antivir GUI

[root@server3 bin]# antivir-gui WARNING: root is not in `antivir' group ERROR: Can't connect to an X server. Please try the following: - generate or merge `.Xauthority'. You can merge with:   $ xauth merge <path-to-user-with-X-rights>/.Xauthority ------------------------------------------------------------------- 해결책 1. WARNING: root is not in `antivir' group [root@server3 ~]# vi /etc/group antivir:x:708:root  - antivir 계정에 root 계정을 그룹으로 추가해준다. 로그아웃 후 재 로그인 해준다. 2. ERROR: Can't connect to an X server. Please try the following: [root@server3 ~]# touch .Xauthority - /root/폴더에 생성해 준다. 3. [root@server3 bin]# antivir-gui - 다시 실행한다.