Comments (1)

By Brian, May 28, 2010 12:11 pm

Computer viruses are the bane of most system administrator’s existence and an unavoidable facet of modern online life. Most Linux systems however do not have an antivirus included in their repositories.
There are a few reasons why, including the relatively low-level of Linux viruses and the frequent updating of these packages which are generally more agile than the distribution releases. There is a solution I use that I would like to share.

On home systems, like Ubuntu, you can find a great free system called ClamAV through the package manager, however on more stable systems for servers (such as Centos 5) this option is not available.
This does not mean you should forgo the effort to add one – modern viruses are sophisticated vermin that can exploit a users systems and use them to access and propagate on a web server. Script exploits could bring your server to a crawl as they feed viruses to your customers. A good antivirus is a necessity in this modern age.

Thankfully there is an answer – Dag Wieërs maintains an RPM repository supporting several pieces of software, and ClamAV is one of them. There are three steps to making your system secure – first you need to install the ClamAV packages, second you need a custom script to update and scan the system, and thirdly you need to run the script with cron to automate the process. What follows is a step-by-step tutorial for setting this up on a CentOS 5.5 server, however it should work relatively the same for any RedHat Enterprise based distribution.

Part One : Installing ClamAV from Dag’s RPM Repository

The first step is to add the repository entry:

sudo nano /etc/yum.repos.d/rpmforge.repo

In this file add the following code and save the file, then exit the editor:

[rpmforge]
name = Dag Wieers RPM Repository (rpmforge)
mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.rpmforge
enabled=0

Next, get the GPG key to ensure you are getting officially signed packages:

sudo wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt -P /etc/pki/rpm-gpg/ -O RPM-GPG-KEY.rpmforge

You should now be ready to install the initial package:

sudo yum --enablerepo=rpmforge install clamd -y

The previous command should also install the ‘clamav‘ and ‘clamav-db‘ dependency packages. If all went well, move on to the next step.

Part Two : Creating a Script to Automate ClamAV

First, lets create a new bash script:

sudo nano /usr/local/bin/clamav-cron

The script should look roughly like the one below, change the notification and alert emails as needed:

#!/bin/bash
#============================================
# Update clam av and initiate a full system
# scan excluding virtual directories
# written by Brian Cantin, 2009-2010
#============================================
# User configuration section
#--------------------------------------------

# Notification e-mail sender (could be fake):
CAV_MAILFROM="support@example.com"

# Notification & Alert e-mail recipients:
CAV_NOTIFY_TO="notify@example.com"
CAV_ALERT_TO="alerts@example.com"

# Log file name and its path:
CAV_LOGFILE="/var/log/clamav-cron"

# Scan target
CAV_TARGET='/'

# Directories to exclude from the scan
CAV_EXCLUDE='/proc|/dev|/sys|/mnt'

#===========================================
# script revision
CAV_VERSION='0.4'

# if the log file already exists - delete it
if [ -e $CAV_LOGFILE ]
then
        /bin/rm $CAV_LOGFILE
fi

# printed on the command line:
echo -e `basename $0` "v"$CAV_VERSION

# to be written to the log file:
echo -e $HOSTNAME - $(date) >> $CAV_LOGFILE
echo -e ------------------------ >> $CAV_LOGFILE
echo -e Script : `basename $0` v$CAV_VERSION  >> $CAV_LOGFILE
echo -e Target : $CAV_TARGET on $HOSTNAME >> $CAV_LOGFILE
echo -e Exclude: $CAV_EXCLUDE >> $CAV_LOGFILE
echo -e ------------------------ >> $CAV_LOGFILE

# update the detection database
echo -e "Update (/usr/bin/freshclam):" >> $CAV_LOGFILE
/usr/bin/freshclam >> $CAV_LOGFILE
echo -e ------------------------ >> $CAV_LOGFILE

# run the scan
echo -e "Scan (/usr/bin/clamscan):" >> $CAV_LOGFILE
/usr/bin/clamscan --infected --recursive $CAV_TARGET --exclude $CAV_EXCLUDE >> $CAV_LOGFILE
CLAMSCAN=$?

# if an error or virus is encountered then send an email to alert address
# otherwise send one to the notify
if [ "$CLAMSCAN" -eq "1" ]
then
        CAV_SUBJECT="[VIRUS] ClamAV ("$HOSTNAME") $(date)"
        /bin/mail -s "$CAV_SUBJECT" $CAV_ALERT_TO -- -f $CAV_MAILFROM < $CAV_LOGFILE
elif [ "$CLAMSCAN" -gt "1" ]
then
        CAV_SUBJECT="[ERROR] ClamAV ("$HOSTNAME") $(date)"
	/bin/mail -s "$CAV_SUBJECT" $CAV_ALERT_TO -- -f $CAV_MAILFROM < $CAV_LOGFILE
else
	CAV_SUBJECT="ClamAV ("$HOSTNAME") $(date)"
	/bin/mail -s "$CAV_SUBJECT" $CAV_NOTIFY_TO -- -f $CAV_MAILFROM < $CAV_LOGFILE
fi

I think this shell script is fairly self explanatory and to the point – it will update the ClamAV software and database, run a full system scan (excluding virtual directories) and email the results to the notification address. To accentuate problems it adds [VIRUS] or [ERROR] to the email subject and sends the email instead to the alert address. You can configure these addresses to be the same, depending on your preferences. Please note you must have /bin/mail configured correctly for the email functionality to work but that is outside the scope of this article.

After creating and saving this new script, make it executable:

sudo chmod +x /usr/local/bin/clamav-cron

You should complete a test-run of your script at this point:

sudo /usr/local/bin/clamav-cron

If all goes well it should complete within a few minutes to a few hours (depending on the size of your file system) and send you an email of the results. If there where any errors, go back and correct them before moving on to part three.

Part Three : Automation

Once everything is working to your satisfaction you can edit the crontab file for a daily activation of the script:

sudo nano /etc/crontab

I added the following line to make the script run daily at 2:30am as root:

30 2 * * * root /usr/local/bin/clamav-cron

Congratulations! Your server is now configured to automatically update your antivirus, scan for threats and notify you in a timely manner, every day.

Bookmark It

Hide Sites

Comments (0)

By Brian, September 27, 2009 1:25 pm

One of the nice features of World of Warcraft is the ability to create custom macros to simplify common tasks in the game. I have a nice little on that you can place on a button for fishing.

What it does: If you do not have a fishing rod equipped, clicking the button will equip one. If a fishing rod is equipped, it will cast. If you hold down any modifier key it will re-equip your weapons.

Code (insert your object names where indicated in italics):

/equip [noequipped:Fishing Poles, nomodifier] fishing rod name;
/equip [modifier] main weapon name;
/cast [equipped:Fishing Poles, nomodifier] Fishing;


For example:

/equip [noequipped:Fishing Poles, nomodifier] Nat Pagle's Extreme Angler FC-5000;
/equip [modifier] Staff of Dark Mending;
/cast [equipped:Fishing Poles, nomodifier] Fishing;


If you are not using two handed weapons, you will need to enter an equip command for your offhand weapon as well:


/equip [noequipped:Fishing Poles, nomodifier] fishing rod name;
/equip [modifier] main weapon name;
/equip [modifier] offhand weapon name;
/cast [equipped:Fishing Poles, nomodifier] Fishing;


Happy fishing!

Bookmark It

Hide Sites

Comments (0)

By Brian, August 14, 2009 7:07 pm

Microsoft has released Windows 7 RC 1 into the wild that is the Internet. Until August 20th of 2009 (basically this is the last week) you can sign up for a license key and a link to download the disk image in iso format.

This version will work until June 2010 at which point it will no longer boot, also it will have some other restrictions starting in March 2010. That still provides many months to try it out. I have done just that and would like to relate my experiences, and solutions for particular problems that have arisen.

For more details on the promotion, or to register for your own copy visit windows.microsoft.com.

Items of Note

• I am NOT responsible if anything described here damages your PC or causes data loss. The software is ‘use at your own risk’ and so is this article.
• Back up your data. Microsoft will remind you of this, and so do I. Not backing up data before an operating system install is asking for trouble.

My Setup

Here is my configuration:
Motherboard: nVidia GeForce based
CPU: Intel Pentium 2.8Ghz Dual Core (64bit)
RAM: 4GB
Storage: 2x1TB SATA II drives on a RAID 1 (mirror)
Optical Media: SATA DVD-RW
Current System: XP Home / Ubuntu

Where to Start

Firstly, I assume you have succesfully run the Windows 7 Advisor with no issues and have made a working copy of the Windows 7 install disk.

If you are running Windows XP you cannot do an upgrade. Period. Clean install is the only option. This means you either need to start without an OS, or have an empty NTFS formatted partition prior to attempting the install.
If you do not have a blank NTFS partition the installer will stall after the language setting screen.

Once this is ready, reboot your PC with the Windows 7 DVD in the drive – make sure your BIOS is set to boot from it.

If all goes well you should be now installing Windows 7. I wasn’t this lucky.

The Windows 7 Installer Stalls after Loading Windows…

If you get a pretty blue screen with some leaves and a mouse cursor but nothing else after several minutes you may have the problem I had.
There are several reports online of problems installing from a SATA DVD drive. I presume in my case it is because of the way nVidia handles the DVD in relation to the RAID but I’m not certain.

Solution: Create a USB flash drive version of the installer disk (you’ll need 4gb) and boot from that, or (what I did) install an IDE DVD drive temporarily while installing.

Safely Unloading Linux First

Perhaps this should be higher up, but if you have a dual-boot XP/Linux environment and intend on removing the Linux installation to try out Windows 7 be very careful when you delete the Linux partitions from within Windows. Keep in mind that the boot loader (likely GRUB) resides there as well. Deleting the Linux partition will cause your PC to not boot!
With this in mind, I first booted from the XP install disk (after installing a floppy drive for the nVidia RAID drivers) and from the recovery console I ran fixmbr and rebooted. This puts the boot loader back to the original Windows one allowing you to safely remove the Linux partition. (you did back everything up, right?)

Initial Impressions

Once resolving the SATA optical drive issues and creating the NTFS partition (Windows 7 RC 1 does not appear to have a formatting tool like the XP installer) things went smoothly. In fact, the first have of this article was typed up on another PC nearby while I watched the Windows setup run fully automated. The setup will reboot your computer several times during installation.

My computer scores an average 5.9 for the user experience rating, and things are working mostly as they should. My Belkin wireless adapter does not have working drivers (Belkin hasn’t made them for Vista yet either – no fault to Microsoft for this one). I was able to use another USB wireless adapter sucessfully.
My WinTV-GO (analog PCI tv tuner card) does not appear to have working drivers at the moment either, which is frustrating since I wanted to try the Windows Media Player tv functions and the Windows 7 Upgrade Advisor said they would be available via Windows Update.

Overall, it works fairly well. I found switching between World of Warcraft and the desktop to be agonizingly slower than the same task on XP. I am intending to do a reinstallation of the game (rather than a program folder copy) on Windows 7 to see if it perhaps will install a more compatible version of the programs and perform better.
Actual game play has no noticeable differences.

I’ll try to keep an updated set of entries here over the next few months detailing more tests of this new system. Overall, I would say that I’m not about to run out and buy it yet, but it’s more promising than Vista.

Bookmark It

Hide Sites