Posts tagged: Linux

Free Linux Antivirus from RPM Repository

comments Comments (1)
By , May 28, 2010 12:11 pm

Computer viruses are the bane of most system administrator’s existence and an unavoidable facet of modern online life. Most Linux systems however do not have an antivirus included in their repositories.
There are a few reasons why, including the relatively low-level of Linux viruses and the frequent updating of these packages which are generally more agile than the distribution releases. There is a solution I use that I would like to share.

On home systems, like Ubuntu, you can find a great free system called ClamAV through the package manager, however on more stable systems for servers (such as Centos 5) this option is not available.
This does not mean you should forgo the effort to add one – modern viruses are sophisticated vermin that can exploit a users systems and use them to access and propagate on a web server. Script exploits could bring your server to a crawl as they feed viruses to your customers. A good antivirus is a necessity in this modern age.

Thankfully there is an answer – Dag Wieërs maintains an RPM repository supporting several pieces of software, and ClamAV is one of them. There are three steps to making your system secure – first you need to install the ClamAV packages, second you need a custom script to update and scan the system, and thirdly you need to run the script with cron to automate the process. What follows is a step-by-step tutorial for setting this up on a CentOS 5.5 server, however it should work relatively the same for any RedHat Enterprise based distribution.

Part One : Installing ClamAV from Dag’s RPM Repository

The first step is to add the repository entry:

sudo nano /etc/yum.repos.d/rpmforge.repo

In this file add the following code and save the file, then exit the editor:

[rpmforge]
name = Dag Wieers RPM Repository (rpmforge)
mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.rpmforge
enabled=0

Next, get the GPG key to ensure you are getting officially signed packages:

sudo wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt -P /etc/pki/rpm-gpg/ -O RPM-GPG-KEY.rpmforge

You should now be ready to install the initial package:

sudo yum --enablerepo=rpmforge install clamd -y

The previous command should also install the ‘clamav‘ and ‘clamav-db‘ dependency packages. If all went well, move on to the next step.

Part Two : Creating a Script to Automate ClamAV

First, lets create a new bash script:

sudo nano /usr/local/bin/clamav-cron

The script should look roughly like the one below, change the notification and alert emails as needed:

#!/bin/bash
#============================================
# Update clam av and initiate a full system
# scan excluding virtual directories
# written by Brian Cantin, 2009-2010
#============================================
# User configuration section
#--------------------------------------------

# Notification e-mail sender (could be fake):
CAV_MAILFROM="support@example.com"

# Notification & Alert e-mail recipients:
CAV_NOTIFY_TO="notify@example.com"
CAV_ALERT_TO="alerts@example.com"

# Log file name and its path:
CAV_LOGFILE="/var/log/clamav-cron"

# Scan target
CAV_TARGET='/'

# Directories to exclude from the scan
CAV_EXCLUDE='/proc|/dev|/sys|/mnt'

#===========================================
# script revision
CAV_VERSION='0.4'

# if the log file already exists - delete it
if [ -e $CAV_LOGFILE ]
then
        /bin/rm $CAV_LOGFILE
fi

# printed on the command line:
echo -e `basename $0` "v"$CAV_VERSION

# to be written to the log file:
echo -e $HOSTNAME - $(date) >> $CAV_LOGFILE
echo -e ------------------------ >> $CAV_LOGFILE
echo -e Script : `basename $0` v$CAV_VERSION  >> $CAV_LOGFILE
echo -e Target : $CAV_TARGET on $HOSTNAME >> $CAV_LOGFILE
echo -e Exclude: $CAV_EXCLUDE >> $CAV_LOGFILE
echo -e ------------------------ >> $CAV_LOGFILE

# update the detection database
echo -e "Update (/usr/bin/freshclam):" >> $CAV_LOGFILE
/usr/bin/freshclam >> $CAV_LOGFILE
echo -e ------------------------ >> $CAV_LOGFILE

# run the scan
echo -e "Scan (/usr/bin/clamscan):" >> $CAV_LOGFILE
/usr/bin/clamscan --infected --recursive $CAV_TARGET --exclude $CAV_EXCLUDE >> $CAV_LOGFILE
CLAMSCAN=$?

# if an error or virus is encountered then send an email to alert address
# otherwise send one to the notify
if [ "$CLAMSCAN" -eq "1" ]
then
        CAV_SUBJECT="[VIRUS] ClamAV ("$HOSTNAME") $(date)"
        /bin/mail -s "$CAV_SUBJECT" $CAV_ALERT_TO -- -f $CAV_MAILFROM < $CAV_LOGFILE
elif [ "$CLAMSCAN" -gt "1" ]
then
        CAV_SUBJECT="[ERROR] ClamAV ("$HOSTNAME") $(date)"
	/bin/mail -s "$CAV_SUBJECT" $CAV_ALERT_TO -- -f $CAV_MAILFROM < $CAV_LOGFILE
else
	CAV_SUBJECT="ClamAV ("$HOSTNAME") $(date)"
	/bin/mail -s "$CAV_SUBJECT" $CAV_NOTIFY_TO -- -f $CAV_MAILFROM < $CAV_LOGFILE
fi

I think this shell script is fairly self explanatory and to the point – it will update the ClamAV software and database, run a full system scan (excluding virtual directories) and email the results to the notification address. To accentuate problems it adds [VIRUS] or [ERROR] to the email subject and sends the email instead to the alert address. You can configure these addresses to be the same, depending on your preferences. Please note you must have /bin/mail configured correctly for the email functionality to work but that is outside the scope of this article.

After creating and saving this new script, make it executable:

sudo chmod +x /usr/local/bin/clamav-cron

You should complete a test-run of your script at this point:

sudo /usr/local/bin/clamav-cron

If all goes well it should complete within a few minutes to a few hours (depending on the size of your file system) and send you an email of the results. If there where any errors, go back and correct them before moving on to part three.

Part Three : Automation

Once everything is working to your satisfaction you can edit the crontab file for a daily activation of the script:

sudo nano /etc/crontab

I added the following line to make the script run daily at 2:30am as root:

30 2 * * * root /usr/local/bin/clamav-cron

Congratulations! Your server is now configured to automatically update your antivirus, scan for threats and notify you in a timely manner, every day.

categories computers | tags , , ,

X11 Gotchas

comments Comments (0)
By , December 3, 2007 2:12 pm

While manually editing and tweaking my video configuration for Ubuntu 7.10 (Gutsy Gibbon) to get better performance for my ATI Radeon 9200 I accidentally butchered the config. (Tee-hee oops!)

Thankfully it reverts to a low setting at least allowing me into the desktop to load a terminal and start correcting my errors.

First off – if you can’t figure out what you did, just blast it and start over with this command:

sudo dpkg-reconfigure -phigh xserver-xorg

This will load the /etc/X11/xorg.conf file back as it was at install. Restart your x-server and things should be operational from a clean slate, unless you get the following message:
md5sum: /etc/X11/xorg.conf: No such file or directory

In which case, something you did wiped out your configuration entirely, and dpkg doesn’t want to reload it. This is easily recoverable:

sudo touch /etc/X11/xorg.conf
sudo dpkg-reconfigure -phigh xserver-xorg

This places an empty file in the location, allowing dpkg to do it’s thing without error.

categories computers | tags , , ,

Ubuntu, Stage Three

comments Comments (0)
By , December 2, 2007 10:19 am

Some progress on my attempt to use World of Warcraft on Ubuntu Linux has been made – in fact, with enough tweaking I’ve managed to get a decent frame rate and eliminate the icon artifacts I was getting. Most of the tweaks involved editing the Config.wtf file World of Warcraft store it’s settings in.


This screenshot was taken under Ubuntu Linux 7.10, standing a little ways outside of Orgrimmar. It’s hard to see at this size, but the frame rate is 21fps. Up top where the location name appears there is some icons from the top toolbar in Gnome flickering through.

Next up is Adobe Photoshop CS2. While the program installed and appeared to run – I initially messed up with the installers – reloading the CD got me the Setup.exe I needed. Licensing is still a pain with this program. It will not connect over the Internet to Adobe’s servers, and the activate by telephone option exits with an error stating there is not enough disk space. (There is)


I wiped out the installation and reinstalled, opting for the 30 day trial option. At least I can use it for a month while I figure out how to get the appropriate registry keys recognized. There is no point calling Adobe for this since they do not support Linux.


Multitrack Studio for Windows is a program I’ve used from time to time to record and mix music ideas. There are other programs for Linux available, I just wanted to see if it would work. It does, although stopping playback can cause it to stutter into an audio loop and crash with a buffer underrun error more often than not.


Although iTunes works under Linux with Wine, I was unhappy with the performance – I don’t have an iPod so I was willing to try a program which was organized in the same manner, but native for Linux. I was half figuring I might need to write one, then I found Banshee. This program does it all, and it does it very nicely. It’s designed for Gnome, and Ubuntu users can install it right from the Synaptic Package Manager.

I will document the list of tweaks I did to World of Warcraft when I have time, and will update on the status of the Photoshop licensing if I get it resolved.

categories computers | tags , , ,

Panorama Theme by Themocracy