I have deep misgivings about "anti-virus" software. The immutable commercial AV tools that bedevil all Windows installations have been far more pernicious to me personally than any actual putative viruses. Although I work in the pharmaceutical industry, I can’t think of a business with more of a conflict of interest than "anti-virus" companies.
Stern words on the topic.
That said, it does seem that there is some malware out there that is well-known, easily characterized, identifiable, and simple to eradicate. This is what I’m going to focus on.
Because of the conflict of interest issue and the reprehensible extortionate marketing tactics of the major commercial providers, I’m going to focus mainly on ClamAV, an open source (GPL) antivirus engine that runs especially well on Unix/Linux.
clamav on my backup file servers during off times. The
idea is that in between when my main server makes backups, the
material can be scanned essentially off line.
My file servers run Gentoo and getting ClamAV was as simple as:
emerge -avuD clamav
The default installation does not come with a database of malware
(signatures I presume) pre-installed. To get that set up you need to
run a helper command called
freshclam. This program’s actions are
freshclam runs, it logs its activities to
/var/log/clamav/freshclam.log. Make sure your clock is right
/etc/init.d/ntp status) and run:
It should tell you some interesting things and ultimately say something nice like:
Database updated (1306932 signatures) from database.clamav.net
Have a look in
/var/lib/clamav/ to see things are being populated
My usage mode is to simply get ClamAV to tell me if it recognizes any bad stuff anywhere in a particular directory tree. I will initiate the scan and I will control what to do about it personally. To do this use:
time clamscan -r -i -l /root/scan.txt /raid/fsbackup/users
-r is recursive so that all sub directories are checked. The
-i is so that only "infected" files are listed, not all that are
-l is to specify a location to write the log file too.
The main path argument is the top level of the tree to search.
This can take a long time. Better put it in a
screen session or some
other background method. Also after launching it I thought it would be
decent of me to
renice 19 16501 where 16501 is the process id of the