View previous topic :: View next topic |
Author |
Message |
JoeG Apprentice
Joined: 30 Jul 2003 Posts: 179 Location: Kentucky, USA
|
Posted: Thu Jan 20, 2005 10:39 pm Post subject: |
|
|
Thanks for catching that. I've updated the script itself, but didn't catch the typo in step 2, immediately following the emerge . Don't worry, the executable for updating didn't change, I just "fat fingered" my keyboard and the typo demon made me pay for it. Glad to be of help.
JoeG _________________ Linux User#226477 |
|
Back to top |
|
|
braynyac n00b
Joined: 11 Mar 2003 Posts: 10
|
Posted: Wed Apr 06, 2005 3:48 pm Post subject: New update |
|
|
Hello All!!!
First, I must say thanks for the great script.
Second, I had to modify mine slightly, so I figured you guys might want this one =) I have a small problem where I mount a windows share in /mnt to my XP box. The disk is a 250GB NT partition, through Samba, so it's not exactly fast. Anyways, during scanning, it would grind my linux box to a halt while scanning that directory. So I set it exclude certain directories. Use as you see fit =)
Code: | #Script to automate virus scans and logging
#
#Get the system date and store some needed variables
set `date`
DAY=`echo $6$2$3`
LOGDIR=~/f-prot
#This sets up the exclusions, which are the "-I [folder_names]"
#In order to set multiple exclusions, each must be in the form "-I [folder_name]"
#and separated by a space.
bkupdirs=`ls --format=single-column / -I mnt -I razor*`
#
#Next, let's make sure that we're up-to-date
/opt/f-prot/tools/check-updates.pl -cron -quiet
#
#Mount /boot so it can be checked as well
mount /boot
#
#Change to a predetermined log directory, create it if need be.
if [ -d $LOGDIR ]
then
echo "Log folder exists.."
cd $LOGDIR
echo "Scanning...this may take awhile"
else
echo "Creating log folder..."
mkdir $LOGDIR
cd $LOGDIR
echo "Scanning...this may take awhile"
fi
#
#Run the virus scan...and log it.
#Thanks for the help on this part in particular, guys!
#Slightly modified to use the bkupdirs variable above.
for folder in $bkupdirs; do
/opt/f-prot/f-prot -disinf -list -report=$DAY.log -append /$folder;
done
#
#Unmount /boot
umount /boot
|
Enjoy =)
~Tim _________________ I never really understood how there could be things that would drive you insane just because you knew them until I ran into Windows.
- Peter da Silva |
|
Back to top |
|
|
braynyac n00b
Joined: 11 Mar 2003 Posts: 10
|
Posted: Wed Apr 06, 2005 4:07 pm Post subject: Quick thought |
|
|
Do any of you have any issues with f-prot being a system hog? I'm thinking of re-niceing the executable. Thoughts?
~Tim _________________ I never really understood how there could be things that would drive you insane just because you knew them until I ran into Windows.
- Peter da Silva |
|
Back to top |
|
|
JoeG Apprentice
Joined: 30 Jul 2003 Posts: 179 Location: Kentucky, USA
|
Posted: Wed Apr 06, 2005 9:54 pm Post subject: |
|
|
It does seem to be a resource hog. Might be that renicing isn't a bad idea. Usually, I just cron it at an ungodly hour that I'm sure I won't be on the system. Let us know if renicing helps.
JoeG _________________ Linux User#226477 |
|
Back to top |
|
|
menschmeier l33t
Joined: 15 Dec 2004 Posts: 727
|
Posted: Fri Jun 24, 2005 10:24 am Post subject: |
|
|
Hi,
I am not shure that the update really does what it should.
After I run check-updates.sh the signatures seems to be updated:
Code: | moon update_virus_26401 # cd /opt/f-prot/
moon f-prot # ll
total 4496
-rw-r--r-- 1 root root 18935 Jun 24 11:54 ENGLISH.TX0
-rw-r--r-- 1 root root 536911 Jun 24 11:54 MACRO.DEF
-rw-r--r-- 1 root root 1137212 Jun 24 11:54 SIGN.DEF
-rw-r--r-- 1 root root 2072492 Jun 24 11:54 SIGN2.DEF
-rwxr-xr-x 1 root root 831276 Jun 24 11:54 f-prot
drwxr-xr-x 2 root root 29 Jun 24 11:54 tools |
But when I call f-prot I got the message that the files are old:
Code: | moon tmp # f-prot /tmp
Warning: The SIGN.DEF file is rather old and does not contain
information on a substantial number of new viruses.
Warning: The MACRO.DEF file is rather old and does not contain
information on a substantial number of new viruses.
Virus scanning report - 24 June 2005 @ 11:55
F-PROT ANTIVIRUS
Program version: 4.5.4
Engine version: 3.16.6
VIRUS SIGNATURE FILES
SIGN.DEF created 8 February 2005
SIGN2.DEF created 8 February 2005
MACRO.DEF created 7 February 2005
... |
Does anyone know what could be the reason of this behaviour and how to update the virus signatures and to check if the update was successful?
Thanks
menschmeier _________________ Please notice the back of this message. |
|
Back to top |
|
|
umproko5 n00b
Joined: 11 Aug 2005 Posts: 17
|
Posted: Sun Aug 21, 2005 10:49 pm Post subject: |
|
|
JoeG wrote: | Master One wrote: |
Any idea, how to automate the use of f-prot on a normal workstation / notebook, that's not running 24/7?
The cron idea does not fit for such a machine.
What about running the scan on every boot?
|
Well, it would be easy enough to create an init script and add it to your default runlevel, but then your computer is going to take a long time to boot up.
If you're wanting to scan files as they download, I'm afraid (with f-prot at least) that we're out of luck. We'll have to scan after the download is complete, AFAIK. Anyone who knows differently, PLEASE let us know! According to their support page:
BUGS
We have received a request for the ability to scan stdin. This is actually rather difficult, as the engine design requires that the size of any scannable object is known before starting a scan.
I'm considering writing a mini-HOWTO for using ClamAV due to several factors:
1. I'm trying to be fair
2. ClamAV seems to integrate more smoothly with services
3. ClamAV can be run as a daemon (Well, so can f-prot, but you need file or mail server version)
4. ClamAV is GPL. 'Nuff said.
Ideas, Folks?
JoeG |
Has there been any work done on the mini-HOWTO?
/Jason |
|
Back to top |
|
|
JoeG Apprentice
Joined: 30 Jul 2003 Posts: 179 Location: Kentucky, USA
|
Posted: Mon Aug 22, 2005 12:36 am Post subject: |
|
|
umproko5 wrote: | Has there been any work done on the mini-HOWTO? |
This one? Not since my last post. To be honest, with everything else going on in my life, I hadn't really had time. Wanna add some to it? _________________ Linux User#226477 |
|
Back to top |
|
|
chieflilal n00b
Joined: 02 Mar 2006 Posts: 6 Location: Michigan, USA
|
Posted: Mon Apr 09, 2007 12:04 am Post subject: Updated script |
|
|
F-prot now places the update script into a new directory. I have updated the original script to reflect the change.
Code: |
##Script to automate virus scans and logging
#
#Get the system date and store some needed variables
set `date`
DAY=`echo $6$2$3`
LOGDIR=~/f-prot
#
#Next, let's make sure that we're up-to-date
/opt/f-prot/tools/check-updates.pl -cron -quiet
#
#Mount /boot so it can be checked as well
mount /boot
#
#Change to a predetermined log directory, create it if need be.
if [ -d $LOGDIR ]
then
echo "Log folder exists.."
cd $LOGDIR
echo "Scanning...this may take awhile"
else
echo "Creating log folder..."
mkdir $LOGDIR
cd $LOGDIR
echo "Scanning...this may take awhile"
fi
#
#Run the virus scan...and log it.
#Thanks for the help on this part in particular, guys!
/opt/f-prot/f-prot -disinf -list -report=$DAY.log -append /
#
#Unmount /boot
umount /boot
|
|
|
Back to top |
|
|
sleepingsun Guru
Joined: 03 May 2006 Posts: 458 Location: Bosnia
|
Posted: Thu Jun 28, 2007 6:28 pm Post subject: |
|
|
For updates on my version
Code: | /opt/f-prot/tools/check-updates.pl |
But where is the new directory for the script ? |
|
Back to top |
|
|
trossachs Veteran
Joined: 22 Jan 2004 Posts: 1204 Location: London
|
Posted: Sat Aug 11, 2007 10:09 am Post subject: |
|
|
I use f-prot with amavisd in conjunction with clamav. But recently I have started to get the following error in Postfix for f-prot:
Code: | Aug 11 11:00:52 foo amavis[19291]: (19291-02) (!)FRISK F-Prot Daemon: Can't connect to INET socket 127.0.0.1:10204: Connection refused,
retrying (10)
Aug 11 11:00:58 foo amavis[19291]: (19291-02) (!)run_av (FRISK F-Prot Daemon, built-in i/f): Too many retries to talk to 127.0.0.1:1020
0 (Can't connect to INET socket 127.0.0.1:10200: Connection refused) at (eval 59) line 310.
Aug 11 11:00:58 foo amavis[19291]: (19291-02) (!!)FRISK F-Prot Daemon av-scanner FAILED: CODE(0x8142bac) Too many retries to talk to 127.0.0.1:10200 (Can't connect to INET socket 127.0.0.1:10200: Connection refused) at (eval 59) line 310. at (eval 59) line 511.
|
And these errors for clamav:
Code: | Aug 11 11:04:02 foo amavis[19290]: (19290-03) p001 1 Content-Type: text/plain, size: 366 B, name:
Aug 11 11:04:02 foo amavis[19290]: (19290-03) ClamAV-clamd: Can't send to socket /var/run/clamav/clamd: Transport endpoint is not connected, retrying (1)
Aug 11 11:04:03 foo amavis[19290]: (19290-03) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory, retrying (2)
Aug 11 11:04:09 foo amavis[19290]: (19290-03) (!)run_av (ClamAV-clamd, built-in i/f): Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 59) line 310.
Aug 11 11:04:09 foo amavis[19290]: (19290-03) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x8142bac) Too many retries to
talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 59) line 310. at (eval 59) line 511. |
Have checked out netstat and cannot see any entry for f-prot with regards to: 127.0.0.1:10200 |
|
Back to top |
|
|
|