Antivir -
Installationsmeldungen:
Arktur:/antivir-server-2.1.1
# ./install
Starting
AntiVir for UNIX Server 2.1.1 installation...
1)
installing command line scanner
creating
install directory /usr/lib/AntiVir ... done
checking for
existing /etc/antivir.conf ... not found
copying
bin/antivir to /usr/lib/AntiVir ... done
copying
vdf/antivir.vdf to /usr/lib/AntiVir ... done
copying
conf/antivir.conf to /etc ... done
copying
sh/configantivir to /usr/lib/AntiVir ... done
Would you
like to create a link in /usr/bin ? [y]
linking
/usr/bin/antivir to /usr/lib/AntiVir/antivir ... done
installation
of command line scanner complete
2)
installing automatic internet updater
An automatic
internet updater is available with version 2.1.1 of
AntiVir for
UNIX. This is a daemon that will run in the background
and
automatically check for updates (internet access is required).
You may also
manually check for updates using:
antivir --update
You do not
need to install the automatic internet updater in order
to manually
check for updates. Please read the README file for more
information
on updates and how they can best suit you.
Would you
like to install the automatic internet updater? [n] y
copying
sh/avupdater to /usr/lib/AntiVir ... done
Would you
like the automatic updater to start automatically? [y] n
installation
of automatic internet updater complete
3)
installing AvGuard
Version
2.1.1 of AntiVir for UNIX is capable of on-access,
real-time
scanning of files. This provides the ultimate protection
against
viruses and other unwanted software. The on-access scanner
(called
AvGuard) is based on Dazuko, a free software project providing
access
control. In order to use AvGuard you will need to compile Dazuko
for your
kernel. Please refer to src/HOWTO-Dazuko for information on how
to do this.
There are several ways in which you can install AvGuard.
module - Dazuko will be loaded by the avguard
script
kernel - Dazuko is always loaded
(and should not be loaded by the avguard script)
no install - do not install AvGuard at this time
Note: Dazuko
currently only works with GNU/Linux and FreeBSD systems.
If you are interested in helping us port Dazuko to OpenBSD,
feel free to check out the Dazuko Project at:
http://www.dazuko.org
available
options: m k n
How should
AvGuard be installed? [n] m
Enter the
full path to dazuko.o: /lib/modules/2.4.26/misc/dazuko.o
testing
/lib/modules/2.4.26/misc/dazuko.o ... ok
detecting
kernel version ... linux-2.4.26
copying
/lib/modules/2.4.26/misc/dazuko.o to /usr/lib/AntiVir/linux-2.4.26 ...
done
Would you
like to configure antivir? [y] y
NumDaemons
(1 of 14)
==========
Files that
are accessed by multiple processes at the same time can be
scanned by
AvGuard in parallel. This is accomplished by running multiple
scanning
daemons, which allows your machine to run AvGuard with the least
amount of
performance reduction.
A typical
workstation only requires 3 daemons for optimal performance. If
you are
running additional servers (such as file, http, ftp, etc) then it
is
recommended that more daemons are used. You can disable AvGuard by
setting a
value of 0 here.
available
options: 0-20
How many
daemons would you like to run? [3] 5
AccessMask(1)
(2 of 14)
=============
Files may be
scanned as they are opened. This is useful for preventing
users from
accessing concerning files. This includes opening, reading
and copying
concerning files.
available
options: y n
Would you
like to scan files as they are opened? [y] y
AccessMask(2)
(3 of 14)
=============
Files may be
scanned as they are closed. This is useful for preventing
users from
creating concerning files. This includes saving, downloading
and copying
concerning files.
available
options: y n
Would you
like to scan files as they are closed? [y] y
AccessMask(4)
(4 of 14)
=============
Files may be
scanned as they are executed. This is useful for preventing
users from
running concerning programs.
available
options: y n
Would you
like to scan files as they are executed? [n] n
RepairConcerningFiles
=====================
If a
concerning file is found, AvGuard can try to remove the problem. If
the problem
cannot be removed, access to the file will still be blocked.
However, if
the problem can be removed, the user will be allowed normal
access.
available
options: y n
Would you
like to try to repair concerning files? [n] n
LogOnly/Rename/MoveConcerningFilesTo
(6 of 14)
====================================
When an
alert is found, there are several ways in which AvGuard can
respond.
log only - the name of the concerning file will only
be logged using syslog
rename - the concerning file will be renamed to have
a .XXX extension
move - the concerning file will be moved to a
directory of your choice
Regardless
of which option you choose, the event involving the concerning
file will be
logged using syslog and access to the file will be blocked.
available
options: l r m
How should
concerning files be handled? [l] l
IncludePath
(7 of 14)
===========
AvGuard
gives you the option of specifying the paths from which files
will be
scanned. All sub-directories of specified paths will also be
scanned as
files are accessed. You must specify at least one path.
Current
include paths = NONE
available
options: y n
Would you
like to specify new include paths? [y] y
Type in the
paths one at time, pressing ENTER after each path. All paths
must be
absolute (beginning with '/'). When you are finished, simply
enter a
blank line.
[IncludePath
1] /home
[IncludePath
2]
ExcludePath
(8 of 14)
===========
Unless under
the specified included paths, files will not be scanned.
You may also
want that particular sub-directories within the included
paths are
also not scanned.
For example,
perhaps you want the entire /home directory scanned except
for
/home/bill. AvGuard allows you to specify sub-directories of the
included
paths that will not be scanned. These sub-directories are called
exclude
paths. In this example /home/bill would be an exclude path.
Current
exclude paths = NONE
available
options: y n
Would you
like to specify new exclude paths? [n] y
[ExcludePath
1] /home/adm
[ExcludePath
2] /home/www
[ExcludePath
3]
ArchiveScan
(9 of 14)
===========
There may be
alerts hiding within compressed files (.zip, .gz, .tar, etc).
You may
configure AvGuard so that these compressed files are decompressed
and searched
for concerning files. This will help to ensure that your server
is free from
unwanted files.
available
options: y n
Would you
like to scan compressed files? [n] y
ArchiveMaxSize
(9-2 of 14)
==============
In order to
scan the contents of compressed files, the files must be
decompressed.
For very large compressed files it could take a long time
to
decompress everything. For this reason, you may wish you put a size
limit for
compressed files that will be scanned. The size limit is given
in bytes.
For example, 1 gigabyte = 1073741824 bytes. You may set this
value to 0
to have no limit on the size of scanned compressed files.
available
options: 0-??
What is the
maximum size compressed file (in bytes)
to be
scanned? [1073741824]
ArchiveMaxRecursion
(9-3 of 14)
===================
It is
possible that a compressed file has many compressed files as
contents.
For example, inside of filename.zip there may be a file1.zip
file. Each
compressed file within a compressed file is referred to as
a recursion
level. If AvGuard should decompress filename.zip it must scan
recursion
level 1. If it is supposed to also decompress file1.zip, it
must scan
recursion level 2.
Since
decompressing takes extra time, you may wish to set a limit on
the
recursion level that will be scanned. A value of 0 means that there
will be no
limit.
available
options: 0-??
What is the
maximum recursion level in compressed files
to be
scanned? [5]
ArchiveMaxRatio
(9-4 of 14)
===============
Compressed
files are usually smaller than the original files. The amount
that the
files are reduced in size is called the compression ratio. If
an archive
has a compression ratio of 5, this means that the decompressed
contents of
the archive take up 5 times the amount of space as the archive.
It is
possible that a compressed file has many compressed files as
Sometimes
the compression ratio for files can be very large. These types
of files can
cause an enormous strain on system resources if they are
decompressed.
For this reason, you may will to set a limit on the
compression
ratio. A value of 0 means that there will be no limit.
available
options: 0-??
What is the
maximum allowed ratio for compressed files
to be
scanned? [150]
AntiVir
Configuration
=====================
Here are the
configuration settings you have specified. Look them over
to make sure
they are correct.
AntiVir
Status: avguard-server (not loaded).
AntiVir
Status: avupdater (not running).
Here are
some commands that you should remember...
AvGuard
=======
configure:
/usr/lib/AntiVir/configavguard
start:
/usr/lib/AntiVir/avguard start
stop:
/usr/lib/AntiVir/avguard stop
check:
/usr/lib/AntiVir/avguard status
AutoUpdateEvery2Hours/AutoUpdateDaily
(10 of 14)
=====================================
AntiVir is
equipped with an Automatic Internet Updater. At specified
intervals,
AntiVir will connect to an updater server to check for newer
versions of
the AntiVir engine or the data files. If a newer
version is
available, AntiVir will automatically download and install
the updates
without requiring any special attention. This allows AntiVir
to be kept
current against attacks and problems.
AntiVir can
be configured to check for updates every 2 hours (2) or
once a day
(d). You can also choose to have the Automatic Internet
Updater
never check (n).
available
options: 2 d n
How often
should AntiVir check for updates? [n] n
EmailTo
(11 of 14)
=======
You may set
AntiVir to send out an email message every time a concerning
file is
accessed. The message will also list the action that was taken
to handle
the file.
available
options: y n
Would you
like email notification of alerts? [n] y
What email
address will receive notifications? [] fiebig@arktur.test.fib
LogTo
(12 of 14)
=====
In addition
to logging concerning activity through syslog, you may
als specify
your own log file. This can make it simpler to review
past
concerning activity without having to sift through syslog files.
available
options: y n
Would you
like AntiVir to log to a custom file? [n] y
What will be
the log file name with absolute path (it must begin with '/')
? []
/var/log/antivir.log
HTTPProxyServer/HTTPProxyPort
(13 of 14)
=============================
If this
machine is sitting behind an HTTP proxy server, you will need to
configure
AntiVir with the appropriate proxy settings. Internet access
is required
in order to make updates.
available
options: y n
Does this
machine use an HTTP proxy server? [n] y
What is the
HTTP proxy server name? [] arktur
Which port
number does the HTTP proxy server use? [8080]
HTTPProxyUsername/HTTPProxyPassword
(13 of 14)
===================================
Proxy
servers may be configured to require a username and password. If
the HTTP
proxy server for this machine requires a username and password
AntiVir
needs to be appropriately configured.
available
options: y n
Does the
HTTP proxy server require a username/password? [n] n
SyslogFacility/SyslogPriority
(14 of 14)
=============================
Regardless
of the other configuration options, AntiVir will always log
important
information using syslog. Syslog uses two values to classify
the
information to log: facility and priority. Facility specifies the
type of
program making the log entry. Priority specifies the importance
of the log
entry.
If you are
unfamiliar with syslog then you may simply accept the default
values.
However, it is encouraged that you learn about syslog since it
is used by
many services to log important events.
available
FACILITIES: authpriv cron daemon kern lpr mail news syslog user uucp
local0 local1 local2 local3 local4 local5 local6 local7
Which syslog
FACILITY should AntiVir use? [user]
available
PRIORITIES: emerg alert crit err warning notice info debug
Which syslog
PRIORITY should AntiVir use? [notice]
AntiVir
Configuration
=====================
Here are the
configuration settings you have specified. Look them over
to make sure
they are correct.
number of
daemons:
5
scan
on:
open/close
repair
concerning files: no
handling of
concerning files: log only
include
paths:
/home
exclude
paths:
:/home/adm::/home/www
scan
archives:
yes
max archive
size:
1073741824 bytes
max archive
recursion: 5 levels
max archive
ratio:
150:1
email
notification:
fiebig@arktur.test.fib
specific
logfile:
/var/log/antivir.log
update
frequency:
never
http proxy
server:
arktur:8080
syslog
output:
user.notice
available
options: y n
Save
configuration settings? [y] y
AntiVir
Configuration
=====================
Here are the
configuration settings you have specified. Look them over
to make sure
they are correct.
Configuration
Complete
======================
number of
daemons:
5
scan
on:
open/close
repair
concerning files: no
handling of
concerning files: log only
include
paths:
/home
exclude
paths:
:/home/adm::/home/www
scan
archives:
yes
max archive
size:
1073741824 bytes
max archive
recursion: 5 levels
max archive
ratio:
150:1
email
notification:
fiebig@arktur.test.fib
specific
logfile:
/var/log/antivir.log
update
frequency:
never
http proxy
server:
arktur:8080
syslog
output:
user.notice
Press
<ENTER> to continue.
AntiVir
Configuration
=====================
Here are the
configuration settings you have specified. Look them over
to make sure
they are correct.
AntiVir
Status: avguard-server (not loaded).
AntiVir
Status: avupdater (not running).
Here
are some commands that you should remember...
AvGuard
=======
configure:
/usr/lib/AntiVir/configavguard
start:
/usr/lib/AntiVir/avguard start
stop:
/usr/lib/AntiVir/avguard stop
check:
/usr/lib/AntiVir/avguard status
Automatic
Internet Updater
==========================
start:
/usr/lib/AntiVir/avupdater start
stop:
/usr/lib/AntiVir/avupdater stop
check:
/usr/lib/AntiVir/avupdater status
Press
<ENTER> to continue.
Installation
of the following features complete:
AntiVir command line scanner
AntiVir Automatic Internet Updater
AntiVir Guard
If you have
any license key files, please copy them to /usr/lib/AntiVir
before
running the software. Without a valid license key, it will
run in DEMO
mode.
Be sure to
read the README file for additional information.
Thank you
for your interest in AntiVir for UNIX.
Arktur:/antivir-server-2.1.1
#
zurück zur Beschreibung