This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
deb-mbse/html/setup/virscan.html
2008-02-17 21:51:43 +00:00

106 lines
4.9 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<!-- $Id$ -->
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<META http-equiv="Content-Style-Type" content="text/css">
<META NAME="Language" content='en'>
<META name="author" lang="en" content="Michiel Broek">
<META name="copyright" lang="en" content="Copyright Michiel Broek">
<META name="description" lang="en" content="MBSE BBS Manual">
<META name="keywords" lang="en" content="MBSE BBS, MBSE, BBS, manual, fido, fidonet, gateway, tosser, mail, tic, mailer">
<TITLE>MBSE BBS Setup - Virus scanners.</TITLE>
<LINK rel=stylesheet HREF="../manual.css">
</HEAD>
<BODY>
<BLOCKQUOTE>
<div align='right'><h5>Last update 17-Feb-2008</h5></div>
<div align='center'><H1>MBSE BBS Setup - virus scanners</H1></div>
Once upon a time there was no DOS and no computer virusses. But since DOS was
invented as a small OS which was easily extensible, virus writers saw their
chance to easy spread their hacks. Although running a GNU/Linux system is
relative safe, most of the files that you have available on your bbs
are DOS/Windows based programs. And before you put them available for download, they
should be checked for virusses. Macro virusses are a relative new danger,
this can also hurt Unix/Linux users.<P>
There are several scanners for GNU/Linux available. Default only four of them
are setup. You may consult <A HREF="http://www.openantivirus.org/">
http://www.openantivirus.org</A> for more scanners mentioned in a mini-FAQ
maintained by Rainer Link.
<p>
When you configured the sources and build mbse, the configure script searched
for excisting scanners. When mbsetup was run the first time, when mbtask was
started, the scanners found on your system are already configured with the
right paths and enabled.
<P>
The following scanners are default installed in the setup:
<p>
<UL>
<LI><b>NAI Virus Scan</b> (uvscan) for Unix (GNU/Linux) made by <A HREF="http://www.nai.com">
Network Associates, USA.</A>
Not free for personal use. Uses the same DAT files as for Windows and DOS.
<LI><strong>AntiVir/Linux</strong> made by <A HREF="http://www.hbedv.com">
H+BEDV Datentechnik GmbH.</A>
Can also be installed in sendmail or Postfix to scan incoming
and outgoing email. This may be a good idea if you run a email gateway.
This version can be registered for personal use.
<LI><strong>F-PROT</strong> available from <A
HREF="http://www.frisk.is">http://www.frisk.is</A>. There is a free version for personal use.
<LI><strong>Clam AntiVirus</strong> is a GNU licensed virus scanner for Unix. It
is available from <A HREF="http://www.clamav.net">www.clamav.net</A>. It has one
slight disadvantage over other scanners (or just the opposite), when it tests a
file with the Eicar testvirus signature it will report that and triggers the
virus detection. This happens with NAI DAT files.
</UL>
<P>
As soon as you have made one scanner available in the setup and you receive files
in tic areas where the scan flag is set, then these files will be checked.
As soon as one of the scanners detects a virus the received file will not be imported.
Uploads from users will be checked with the installed virus scanners as well.
<p>&nbsp;<p>
<H3>Stream scanners</H3>
<P>
A new feature is stream scanning. In this setup you need a virus scanner loaded as a daemon and it
must listen to a TCP/IP port to receive commands and data to scan. Currently this is only implemented
for ClamAV, but F-Prot may follow. First you need a machine where <b>clamd</b> is running, this
can be a remote machine but of course also the bbs machine itself. ClamAV needs to be configured
so that it listens to a TCP/IP port, and depending on other things on the local socket too.
Recent versions of ClamAV can do both together. Change your <code>/etc/clamav/clamd.conf</code> to
contain the following lines:
<pre>
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd
# Remove stale socket after unclean shutdown.
# Default: no
#FixStaleSocket yes
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
</pre>
I left the comment for the TCPaddr, but it's up to you to protect the clamd server. After you
restart <b>clamd</b> test the connection with <code>telnet host.where.clamd.runs 3310</code>,
type VERSION followed by a return and you should see the ClamAV version. If that works, you can enable
the ClamAV stream scanner in mbsetup and disable the old commandline scanner.<BR>
So why would you use this. It's about 10 times faster then the commandline scanner.
<P>
<A HREF="./"><IMG SRC="../images/larrow.png" ALT="Back" Border="0">Back to index</A>&nbsp;
<A HREF="../"><IMG SRC="../images/b_arrow.png" ALT="Home" Border="0">Back to main index</A>
</BLOCKQUOTE>
</BODY>
</HTML>