104 lines
4.9 KiB
HTML
104 lines
4.9 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||
|
<HTML>
|
||
|
<HEAD>
|
||
|
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||
|
<META http-equiv="Content-Style-Type" content="text/css">
|
||
|
<META NAME="Language" content='en'>
|
||
|
<META name="author" lang="en" content="Michiel Broek">
|
||
|
<META name="copyright" lang="en" content="Copyright Michiel Broek">
|
||
|
<META name="description" lang="en" content="MBSE BBS Manual - Virus scanners">
|
||
|
<META name="keywords" lang="en" content="MBSE BBS, MBSE, BBS, manual, fido, fidonet, gateway, tosser, mail, tic, mailer">
|
||
|
<TITLE>MBSE BBS Setup - Virus scanners.</TITLE>
|
||
|
<LINK rel=stylesheet HREF="../manual.css">
|
||
|
</HEAD>
|
||
|
<BODY>
|
||
|
<BLOCKQUOTE>
|
||
|
<!-- MBSEADVERT -->
|
||
|
<div align='right'><h5>Last update 17-Feb-2008</h5></div>
|
||
|
<div align='center'><H1>MBSE BBS Setup - virus scanners</H1></div>
|
||
|
|
||
|
Once upon a time there was no DOS and no computer virusses. But since DOS was
|
||
|
invented as a small OS which was easily extensible, virus writers saw their
|
||
|
chance to easy spread their hacks. Although running a GNU/Linux system is
|
||
|
relative safe, most of the files that you have available on your bbs
|
||
|
are DOS/Windows based programs. And before you put them available for download, they
|
||
|
should be checked for virusses. Macro virusses are a relative new danger,
|
||
|
this can also hurt Unix/Linux users.<P>
|
||
|
There are several scanners for GNU/Linux available. Default only four of them
|
||
|
are setup. You may consult <A HREF="http://www.openantivirus.org/" rel="nofollow">
|
||
|
http://www.openantivirus.org</A> for more scanners mentioned in a mini-FAQ
|
||
|
maintained by Rainer Link.
|
||
|
<p>
|
||
|
When you configured the sources and build mbse, the configure script searched
|
||
|
for excisting scanners. When mbsetup was run the first time, when mbtask was
|
||
|
started, the scanners found on your system are already configured with the
|
||
|
right paths and enabled.
|
||
|
<P>
|
||
|
The following scanners are default installed in the setup:
|
||
|
<p>
|
||
|
|
||
|
<UL>
|
||
|
<LI><b>NAI Virus Scan</b> (uvscan) for Unix (GNU/Linux) made by <A HREF="http://www.nai.com" rel="nofollow">
|
||
|
Network Associates, USA.</A>
|
||
|
Not free for personal use. Uses the same DAT files as for Windows and DOS.
|
||
|
<LI><strong>AntiVir/Linux</strong> made by <A HREF="http://www.hbedv.com" rel="nofollow">
|
||
|
H+BEDV Datentechnik GmbH.</A>
|
||
|
Can also be installed in sendmail or Postfix to scan incoming
|
||
|
and outgoing email. This may be a good idea if you run a email gateway.
|
||
|
This version can be registered for personal use.
|
||
|
<LI><strong>Clam AntiVirus</strong> is a GNU licensed virus scanner for Unix. It
|
||
|
is available from <A HREF="http://www.clamav.net" rel="nofollow">www.clamav.net</A>. It has one
|
||
|
slight disadvantage over other scanners (or just the opposite), when it tests a
|
||
|
file with the Eicar testvirus signature it will report that and triggers the
|
||
|
virus detection. This happens with NAI DAT files.
|
||
|
</UL>
|
||
|
<P>
|
||
|
As soon as you have made one scanner available in the setup and you receive files
|
||
|
in tic areas where the scan flag is set, then these files will be checked.
|
||
|
As soon as one of the scanners detects a virus the received file will not be imported.
|
||
|
Uploads from users will be checked with the installed virus scanners as well.
|
||
|
<p> <p>
|
||
|
|
||
|
<H3>Stream scanners</H3>
|
||
|
<P>
|
||
|
A new feature is stream scanning. In this setup you need a virus scanner loaded as a daemon and it
|
||
|
must listen to a TCP/IP port to receive commands and data to scan. Currently this is only implemented
|
||
|
for ClamAV, but F-Prot may follow. First you need a machine where <b>clamd</b> is running, this
|
||
|
can be a remote machine but of course also the bbs machine itself. ClamAV needs to be configured
|
||
|
so that it listens to a TCP/IP port, and depending on other things on the local socket too.
|
||
|
Recent versions of ClamAV can do both together. Change your <code>/etc/clamav/clamd.conf</code> to
|
||
|
contain the following lines:
|
||
|
<pre>
|
||
|
# Path to a local socket file the daemon will listen on.
|
||
|
# Default: disabled (must be specified by a user)
|
||
|
LocalSocket /var/run/clamav/clamd
|
||
|
|
||
|
# Remove stale socket after unclean shutdown.
|
||
|
# Default: no
|
||
|
#FixStaleSocket yes
|
||
|
|
||
|
# TCP port address.
|
||
|
# Default: no
|
||
|
TCPSocket 3310
|
||
|
|
||
|
# TCP address.
|
||
|
# By default we bind to INADDR_ANY, probably not wise.
|
||
|
# Enable the following to provide some degree of protection
|
||
|
# from the outside world.
|
||
|
# Default: no
|
||
|
#TCPAddr 127.0.0.1
|
||
|
</pre>
|
||
|
I left the comment for the TCPaddr, but it's up to you to protect the clamd server. After you
|
||
|
restart <b>clamd</b> test the connection with <code>telnet host.where.clamd.runs 3310</code>,
|
||
|
type VERSION followed by a return and you should see the ClamAV version. If that works, you can enable
|
||
|
the ClamAV stream scanner in mbsetup and disable the old commandline scanner.<BR>
|
||
|
So why would you use this. It's about 10 times faster then the commandline scanner.
|
||
|
<P>
|
||
|
|
||
|
|
||
|
<A HREF="./"><IMG SRC="../images/larrow.png" ALT="Back" Border="0">Back to index</A>
|
||
|
<A HREF="../"><IMG SRC="../images/b_arrow.png" ALT="Home" Border="0">Back to main index</A>
|
||
|
</BLOCKQUOTE>
|
||
|
</BODY>
|
||
|
</HTML>
|