Linux AVG ANTIVIRUS FREE使用介绍
2015-08-28 12:25 潇湘隐者 阅读(5894) 评论(0) 编辑 收藏 举报杀毒软件AVG,没有用过估计也有所耳闻。AVG ANTIVIRUS FREE - FOR LINUX 是AVG在Linux下的一款免费杀毒软件。它的官方下载地址供了rpm、deb、源码安装包等多种安装方式。下面我下载了RPM安装包安装
AVG ANTIVIRUS FREE - FOR LINUX安装步骤
[root@localhost tmp]# rpm -ivh avg2013flx-r3118-a6926.i386.rpm
Preparing... ########################################### [100%]
1:avg2013flx ########################################### [100%]
Installing 'avgd' service initscripts...
Registering 'avgd' service to runlevels...
Please do configuration with /opt/avg/av/bin/avgsetup
Generating unique user id
/usr/bin/avgdiag: /opt/avg/av/bin/avgdiag: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
/usr/bin/avgdiag: line 17: /opt/avg/av/bin/avgdiag: Success
Starting AVG AV
Starting avgd[FAILED]
warning: %post(avg2013flx-r3118-a6926.i386) scriptlet failed, exit status 150
安装过程遇到上面错误,提示安装avg2013flx-r3118-a6926.i386.rpm需要依赖包glibc-2.12-1.80.el6_3.7.i686
[root@localhost ~]# yum whatprovides ld-linux.so.2
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
glibc-2.12-1.149.el6.i686 : The GNU libc libraries
Repo : media
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6_4.2.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6_4.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6_4.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.1.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.2.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.7.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.9.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.166.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.166.el6_7.1.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.25.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.25.el6_1.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6_2.12.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6_2.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6_2.9.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6_0.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6_0.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6_0.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.7.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
通过上面命令可以查找到所依赖的安装包,直接安装glibc-2.12-1.80.el6_3.7.i686
yum install glibc-2.12-1.80.el6_3.7.i686
如果在某些特殊情况下,安装过程中有依赖关系,可以通过下面命令 yum install glibc.i686解决。
[root@localhost ~]# yum install glibc.i686
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package glibc.i686 0:2.12-1.166.el6_7.1 will be installed
--> Processing Dependency: glibc-common = 2.12-1.166.el6_7.1 for package: glibc-2.12-1.166.el6_7.1.i686
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.166.el6_7.1.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.166.el6_7.1.i686
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.7 will be updated
--> Processing Dependency: glibc-common = 2.12-1.149.el6_6.7 for package: glibc-2.12-1.149.el6_6.7.x86_64
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.1 will be an update
---> Package nss-softokn-freebl.i686 0:3.14.3-22.el6_6 will be installed
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.149.el6_6.7 will be updated
--> Processing Dependency: glibc = 2.12-1.149.el6_6.7 for package: glibc-devel-2.12-1.149.el6_6.7.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.7 for package: glibc-headers-2.12-1.149.el6_6.7.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.1 will be an update
--> Running transaction check
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.7 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.1 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.7 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================
Installing:
glibc i686 2.12-1.166.el6_7.1 rhel-x86_64-server-6 4.3 M
Installing for dependencies:
nss-softokn-freebl i686 3.14.3-22.el6_6 rhel-x86_64-server-6 157 k
Updating for dependencies:
glibc x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 3.8 M
glibc-common x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 14 M
glibc-devel x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 985 k
glibc-headers x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 614 k
Transaction Summary
========================================================================================================================
Install 2 Package(s)
Upgrade 4 Package(s)
Total download size: 24 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): glibc-2.12-1.166.el6_7.1.i686.rpm | 4.3 MB 00:06
(2/6): glibc-2.12-1.166.el6_7.1.x86_64.rpm | 3.8 MB 00:03
(3/6): glibc-common-2.12-1.166.el6_7.1.x86_64.rpm | 14 MB 00:13
(4/6): glibc-devel-2.12-1.166.el6_7.1.x86_64.rpm | 985 kB 00:00
(5/6): glibc-headers-2.12-1.166.el6_7.1.x86_64.rpm | 614 kB 00:00
(6/6): nss-softokn-freebl-3.14.3-22.el6_6.i686.rpm | 157 kB 00:00
-----------------------------------------------------------------------------------------------------------------------
Total 680 kB/s | 24 MB 00:36
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of libmysqlclient.so.16()(64bit)
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of libmysqlclient.so.16(libmysqlclient_16)(64bit)
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of mysql-libs
Updating : glibc-2.12-1.166.el6_7.1.x86_64 1/10
Updating : glibc-common-2.12-1.166.el6_7.1.x86_64 2/10
Updating : glibc-headers-2.12-1.166.el6_7.1.x86_64 3/10
Installing : nss-softokn-freebl-3.14.3-22.el6_6.i686 4/10
Installing : glibc-2.12-1.166.el6_7.1.i686 5/10
Updating : glibc-devel-2.12-1.166.el6_7.1.x86_64 6/10
Cleanup : glibc-devel-2.12-1.149.el6_6.7.x86_64 7/10
Cleanup : glibc-headers-2.12-1.149.el6_6.7.x86_64 8/10
Cleanup : glibc-2.12-1.149.el6_6.7.x86_64 9/10
Cleanup : glibc-common-2.12-1.149.el6_6.7.x86_64 10/10
media/productid | 1.6 kB 00:00 ...
Verifying : glibc-common-2.12-1.166.el6_7.1.x86_64 1/10
Verifying : glibc-devel-2.12-1.166.el6_7.1.x86_64 2/10
Verifying : nss-softokn-freebl-3.14.3-22.el6_6.i686 3/10
Verifying : glibc-headers-2.12-1.166.el6_7.1.x86_64 4/10
Verifying : glibc-2.12-1.166.el6_7.1.i686 5/10
Verifying : glibc-2.12-1.166.el6_7.1.x86_64 6/10
Verifying : glibc-devel-2.12-1.149.el6_6.7.x86_64 7/10
Verifying : glibc-headers-2.12-1.149.el6_6.7.x86_64 8/10
Verifying : glibc-2.12-1.149.el6_6.7.x86_64 9/10
Verifying : glibc-common-2.12-1.149.el6_6.7.x86_64 10/10
Installed:
glibc.i686 0:2.12-1.166.el6_7.1
Dependency Installed:
nss-softokn-freebl.i686 0:3.14.3-22.el6_6
Dependency Updated:
glibc.x86_64 0:2.12-1.166.el6_7.1 glibc-common.x86_64 0:2.12-1.166.el6_7.1 glibc-devel.x86_64 0:2.12-1.166.el6_7.1 glibc-headers.x86_64 0:2.12-1.166.el6_7.1
Complete!
先卸载avg2013flx-r3118-a6926.i386包,然后安装
[root@localhost ~]# rpm -e avg2013flx-r3118-a6926.i386
Unregistering 'avgd' service ...
Uninstalling 'avgd' service initscripts...
[root@localhost ~]#
[root@localhost tmp]# rpm -ivh avg2013flx-r3118-a6926.i386.rpm
Preparing... ########################################### [100%]
1:avg2013flx ########################################### [100%]
Installing 'avgd' service initscripts...
Registering 'avgd' service to runlevels...
Please do configuration with /opt/avg/av/bin/avgsetup
Generating unique user id
Processing command line ...
Cfg file not specified using /opt/avg/av/cfg/diagcfg.xml.
New installation ID succesffully generated.
Starting AVG AV
Starting avgd[ OK ]
AVG ANTIVIRUS FREE - FOR LINUX帮助信息
帮助文档位于/opt/avg/av/doc/README, 囊括了安装、使用各方面帮助信息。非常有用。建议使用前先查看相关帮助信息
[root@localhost ~]# cat /opt/avg/av/doc/README
================================
AVG Anti-Virus for Linux/FreeBSD
Version 2013
================================
System requirements
-------------------
AVG Anti-Virus for Linux/FreeBSD requires system with following or
newer library:
- libc.so.6 (Linux)
- libc.so.7 (FreeBSD RELEASE-7.3)
For RELEASE-8 and CURRENT the compat7x port located in /usr/ports/misc is
needed.
- libiconv.so.3 (FreeBSD)
- for amd64 architecture the lib32 compat libraries are needed
For on-access scanning feature either redirfs, dazuko or dazukofs is needed.
Please follow the avgoad(1) man page for more detail description.
Minimum hardware requirements:
- CPU: i686 or amd64 on 800 MHz
- Mem: 512 MB, 1GB is recommended
- HDD: 500 MB of free space
Installation
------------
Download latest rpm, deb, sh or tar.gz package from http://www.avg.cz/linux and
follow these steps:
* Installation from RPM (Linux only)
# rpm -i avg2013flx-r{release}-a{vdb version}.{architecture}.rpm
* Installation from .deb (Linux only)
# dpkg -i avg2013flx-r{release}-a{vdb version}.{architecture}.deb
* Installation from sh
# chmod +x avg2013flx-r{release}-a{vdb version}.{architecture}.sh
# ./avg2013flx-r{release}-a{vdb version}.{architecture}.sh
* Installation from .tar.gz
# tar xzvf avg2013{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2013{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh
where:
- edition substitutes 'flx' for the Linux version and 'ffb' for the FreeBSD version
- release substitutes the build number
- vdb version substitutes virus database version
- architecture substitutes the target cpu architecture
It is recommended to run 'avgsetup' helper tool after the installation.
Running AVG
-----------
For any action to be performed within AVG system, such as updating, scanning,
e-mail server functionality or on-access server functionality, so called AVG
daemons have to be running.
AVG daemons are launched automatically on system boot by init script. Later,
they can be controlled either by init script or by special avgctl command line
tool.
1) Usage of init script on Linux / FreeBSD.
* Linux
# /etc/init.d/avgd {start|stop|status|restart|condrestart}
* FreeBSD
# /usr/local/etc/rc.d/avgd.sh {start|stop|status|restart|condrestart}
2) Usage of avgctl command line tool
# avgctl --start[=component] Starts AVG or specified component.
# avgctl --stop[=component] Stops AVG or specified component.
# avgctl --stat[=component] Shows statistics of AVG or specified component.
# avgctl --restart[=component] Restarts AVG or specified component.
# avgctl --reset=component Resets statistics of specified component.
For more detailed information please refer to the respective man page or avgctl help.
Description
-----------
Avg functions are secured by several daemons that are managed via command-line.
DAEMONS:
avgd -- general AVG daemon; starts first, manages other AVG daemons
avgavid -- AVI daemon; loads AVI into shared memory
avgsched -- scheduler for planning periodic events (update etc.)
avgtcpd -- e-mail scanning daemon; supports SMTP, AVG, and Milter protocol
avgspamd -- anti-spam daemon
avgscand -- anti-virus daemon
avgupd -- update daemon
avgoad -- on-access daemon
COMMAND-LINES:
avgctl -- basic control of AVG product, such as launching, stopping,
restarting, and getting statistics from running daemons
avgcfgctl -- can get and set configurations values
avgscan -- launch on-demand scan of requested path
avgupdate -- run virus database update or program update via avgupd with
specified parameters
avgvvctl -- AVG virus vault control utility
avgdiag -- tool for sending problem reports to crash analysis portal
avgevtlog -- tool for reading/managing AVG event log
avgsetup -- helper tool for basic integration with mail/file server
For more detailed information please refer to the respective man page.
AVG process tree (might look different in your configuration):
/opt/avg/av/bin//avgd
\--- /opt/avg/av/bin/avgavid
\--- /opt/avg/av/bin/avgtcpd
| \--- /opt/avg/av/bin/avgscand -c 3
\--- /opt/avg/av/bin/avgspamd
\--- /opt/avg/av/bin/avgoad
| \--- /opt/avg/av/bin/avgscand -c 4
\--- /opt/avg/av/bin/avgsched
If update is running:
\--- /opt/avg/av/bin/avgupd
/bin/login --
\--- -bash
\--- /opt/avg/av/bin/avgupdate
If on-demand scan is running:
/bin/login --
\--- -bash
\--- /opt/avg/av/bin/avgscan /
\--- /opt/avg/av/bin/avgscand -c 10
Diagnostic and system report
----------------------------
In case of troubles with any AVG Technologies product, gathering of specific
data is being performed by the avgdiag utility.
When sending data manually, it is very important to attach a detailed
description of this particular problem and to specify it with "-d, --dsc=<file>"
switches. It is also good to make sure that AVG customer support assigns a
specific ID to your report, which eventually facilitates its identification
(this is being defined by "-i, --id=<id>" switches).
Automatic reporting of AVG processes crashes is turned off by default; if you
want to enable this function, please add AVG_DIAG option to your
/opt/avg/av/cfg/dump.ini file. For example:
"actions = GDB_DUMP CRASH INFO AVG_DIAG"
This configuration ensures that should any AVG process crash, an adequate report
will be immediately sent to AVG Technologies.
For more detailed information please refer to the man page of avgdump, avgdiag
help or /opt/avg/av/doc/README.avgdiag document.
3rd party licenses
------------------
This product may use any of the 3rd party software which appropriate
copyright/license is enclosed in the "licenses" subdirectory.
A copy of Milter source code used in AVG is available upon request.
Copyrights
----------
libtar, Copyright (c) 1998-2003 University of Illinois Board of
Trustees, Copyright (c) 1998-2003 Mark D. Roth, All rights reserved.
MD4 and MD5 Message-Digest Algorithm, Copyright (C) 1991-2, RSA Data
Security, Inc. Created 1991. All rights reserved.
AVG ANTIVIRUS FREE - FOR LINUX服务启动
查看、启动、停止AVG Antiviruse服务可以通过下面命令操作
/etc/init.d/avgd {start|stop|status|restart|condrestart}
[root@localhost ~]# service avgd status
Checking for service avgd: (pid 15822) is running
AVG ANTIVIRUS FREE - FOR LINUX常用命名
具体命令使用帮助,可以查看帮助文档。在此略过。
COMMAND-LINES:
avgctl -- basic control of AVG product, such as launching, stopping,
restarting, and getting statistics from running daemons
avgcfgctl -- can get and set configurations values
avgscan -- launch on-demand scan of requested path
avgupdate -- run virus database update or program update via avgupd with
specified parameters
avgvvctl -- AVG virus vault control utility
avgdiag -- tool for sending problem reports to crash analysis portal
avgevtlog -- tool for reading/managing AVG event log
avgsetup -- helper tool for basic integration with mail/file server
AVG ANTIVIRUS FREE - FOR LINUX更新命令
avgupdate 可以更新反病毒数据库和应用程序。
avgupdate -h 查看更新帮助信息
[root@localhost ~]#avgupdate
在测试环境有一次碰到下面错误,重启相关服务后,问题解决。
[root@localhost ~]# avgupdate
AVG command line update
Copyright (c) 2013 AVG Technologies CZ
Running update.
Operation failed. The exit code could not be got because the thread or process is still alive.
[root@localhost ~]#
AVG ANTIVIRUS FREE - FOR LINUX扫描杀毒
查看相关帮助信息
[root@localhost ~]# avgscan -h
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
Anti-Virus scanner usage:
avgscan [options] [path-list]
Options:
-h, --help Display this help.
-v, --version Display version.
-d, --debug Verbose mode. Multiple -d options increase the
verbosity. The maximum is 3.
-T, --tui Use a terminal user interface.
-x, --exclude=<path> Exclude path from scan. Multiple --exclude can
be specified.
-e, --ext=<extension> Scan files with specified extension. Multiple
--ext can be specified. Can't be used with
--noext option.
-n, --noext=<extension> Exclude files with specified extension.
Multiple --noext options can be specified.
Can't be used with --ext option.
-l, --heal Automatically heal infected object.
-t, --delete Automatically delete infected object.
-u, --vv-move Automatically move infected object into vault.
-U, --vv-backup Backup infected object if healed by deletion.
--ignerrors Do not report object scan errors.
-H, --heur Use heuristics for scanning. By default on.
--no-heur Disable heuristics for scanning.
-p, --pup Scan for Potentially Unwanted Programs.
By default on.
--no-pup Disable scanning for PUPs.
-P, --pup2 Scan for enhanced set of Potentially Unwanted
Programs.
-c, --coo Scan cookies.
-i, --hidext Recognize hidden extensions.
-m, --macrow Report documents with macros.
-o, --repok Report also clean files.
-w, --pwdw Report password protected files.
-b, --arcbombsw Report archive bombs. By default on.
--no-arcbombsw Do not report archive bombs.
-M, --media Do not scan through media files.
-j, --paranoid Enable paranoid mode. Scan for less dangerous
malware and more time consuming algoritms.
-r, --report=<filename> Save scan report to specified file.
-a, --arc Scan through archives.
-L, --arc-reclevel=N Maximum recursion level while scanning archives.
Default value is 40.
-S, --arc-maxfilesize=N Maximum file size extracted from archives.
Default value is 268435456 B.
-N, --arc-maxfilenum=N Maximum number of files scanned in archives.
Default value is 50000.
-B, --boot-sector Scan boot sector.
-s, --specfs Scan special filesystems.
-R, --reclevel=N Descend at most N (a non-negative integer)
levels of directories. Default value is 16384.
-W, --winsysdir Specifies a comma separated list of windows
system directories. Any infected files found
in this directory are marked as whitelisted
in order to protect these files from being
removed/moved to vault.
-F, --filelist=<filename> Scan file paths specified in given file, all
other paths on command line will be ignored.
-k, --registryscan Scan Windows registry.
[root@localhost ~]# avgscan /
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
Virus database version: 4311/10513
Virus database release date: Wed, 26 Aug 2015 07:03:00 -1600
/lib/modules/2.6.32-504.16.2.el6.x86_64/build Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.16.2.el6.x86_64/source Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.el6.x86_64/build Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.el6.x86_64/source Object scan failed; Specified file was not found.
Files scanned : 13975(13975)
Infections found : 0(0)
PUPs found : 0
Files healed : 0
Warnings reported : 0
Errors reported : 4
AVG ANTIVIRUS FREE - FOR LINUX查看记录
avgevtlog 命令查看查杀、更新记录
AVG ANTIVIRUS FREE - FOR LINUX查看设置参数
avgcfgctl — can get and set configurations values 设置、获取配置参数值
[root@localhost ~]# avgcfgctl
AVG command line avgcfgctl
Copyright (c) 2013 AVG Technologies CZ
Default.aspam.spamassassin.address=127.0.0.1
Default.aspam.spamassassin.enabled=true
Default.aspam.spamassassin.port=783
Default.aspam.spamfilter=
Default.oad.avflt.paths.exclude=
Default.oad.avflt.paths.include=
Default.oad.avflt.timeout=0
Default.oad.darwin.cache.hashtable_size=4096
Default.oad.darwin.cache.max_items_number=65536
Default.oad.darwin.paths.exclude=|/dev|/proc|/sys|
Default.oad.darwin.paths.include=
Default.oad.dazuko.cache.hashtable_size=4096
Default.oad.dazuko.cache.max_items_number=65536
Default.oad.dazuko.events.close=false
Default.oad.dazuko.events.close_modified=true
Default.oad.dazuko.events.exec=true
Default.oad.dazuko.events.open=true
Default.oad.dazuko.paths.exclude=|/dev|/proc|/sys|
Default.oad.dazuko.paths.include=
Default.oad.deny_on_error=false
Default.oad.fanotify.cache.hashtable_size=4096
Default.oad.fanotify.cache.max_items_number=65536
Default.oad.fanotify.paths.exclude=
Default.oad.fanotify.paths.include=
Default.oad.timeout=0
Default.oad.use=fanotify
Default.scan.Options.PupExceptions=
Default.setup.daemonize=true
Default.setup.features.antispam=false
Default.setup.features.oad=true
Default.setup.features.scheduler=true
Default.setup.features.tcpd=true
Default.tcpd.avg.address=127.0.0.1
Default.tcpd.avg.enabled=true
Default.tcpd.avg.limiter_start=220
Default.tcpd.avg.limiter_stop=250
Default.tcpd.avg.ports=|54322|
Default.tcpd.avg.queue_max=20
Default.tcpd.avg.read_timeout=0
Default.tcpd.avg.request_timeout=0
Default.tcpd.avg.samba_plugin_socket=
Default.tcpd.avg.samba_plugin_support_enabled=false
Default.tcpd.avg.socket=
Default.tcpd.avg.use_socket=false
Default.tcpd.milter.enabled=false
Default.tcpd.milter.socket=
Default.tcpd.milter.verbosity=0
Default.tcpd.parsing.mime_certification_enabled=false
Default.tcpd.rules.spam.action=0
Default.tcpd.rules.spam.bounce_addr=
Default.tcpd.rules.virus.action=0
Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.scan.header.enabled=true
Default.tcpd.scan.max_restarts=3
Default.tcpd.scan.subj_prefix=[VIRUS]
Default.tcpd.scan.time_window=90
Default.tcpd.smtp.address=127.0.0.1
Default.tcpd.smtp.client_address=127.0.0.1
Default.tcpd.smtp.client_port=10025
Default.tcpd.smtp.drop_after_crash=false
Default.tcpd.smtp.enabled=true
Default.tcpd.smtp.envelope_memory_limit=0
Default.tcpd.smtp.limiter_start=220
Default.tcpd.smtp.limiter_stop=250
Default.tcpd.smtp.ports=|54321|
Default.tcpd.smtp.queue_max=20
Default.tcpd.smtp.read_buffer=102400
Default.tcpd.smtp.read_timeout=0
Default.tcpd.smtp.request_timeout=0
Default.tcpd.spam.enabled=true
Default.tcpd.spam.header.enabled=true
Default.tcpd.spam.subj_prefix=[SPAM]
Default.tcpd.threads.max=20
Default.tcpd.threshold.spam=1000
Default.tcpd.threshold.virus=1000
Default.update.Inet.UpdateServerName=|free update server|backup free update server|
Default.update.Inet.UpdateServerURL=|+http://guru.avg.com/softw/13free/update/|+http://bguru.avg.cz/softw/13free/update/|
Default.update.Inet.disconnect_speed_limit=500
Default.update.Inet.disconnect_time_limit=300
Default.update.Options.Proxy.AuthenticationType=0
Default.update.Options.Proxy.Login=
Default.update.Options.Proxy.Mode=0
Default.update.Options.Proxy.Password=
Default.update.Options.Proxy.Port=3128
Default.update.Options.Proxy.Server=
Default.update.Options.Proxy.UseLogin=false
Default.vv.system_location=vault
Default.vv.user_location=.avg/vault
Oad.scan.AutomaticActions.BackupInVault=false
Oad.scan.AutomaticActions.Enabled=false
Oad.scan.AutomaticActions.PreferedAction=1
Oad.scan.Options.ParanoidMode=false
Oad.scand.maxscanproc=0
Tcpd.scan.DirOptions.Extensions=
Tcpd.scan.DirOptions.MaxRecursionDepth=16384
Tcpd.scan.DirOptions.ScanAllFiles=true
Tcpd.scan.DirOptions.ScanFilesWithoutExtensions=true
Tcpd.scan.Options.ArchiveLevel=256
Tcpd.scan.Options.DetectCookies=false
Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true
Tcpd.scan.Options.MaxFileSize=268435456
Tcpd.scan.Options.MaxNumberOfFiles=50000
Tcpd.scan.Options.MaxRecursionDepth=40
Tcpd.scan.Options.ParanoidMode=false
Tcpd.scan.Options.ReportArchiveBombs=true
Tcpd.scan.Options.ReportHiddenExtensions=false
Tcpd.scan.Options.ReportMacros=false
Tcpd.scan.Options.ReportPwdProtectedArchs=false
Tcpd.scan.Options.ReportPwdProtectedDocs=false
Tcpd.scan.Options.ScanMediaFiles=true
Tcpd.scan.Options.UseHeuristics=true
Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=
Tcpd.scand.maxscanproc=0
UpdateProgram.sched.Repeat.BaseTime=INVALIDTIME
UpdateProgram.sched.Repeat.Interval=12
UpdateProgram.sched.Repeat.Type=1
UpdateProgram.sched.Task.Disabled=true
UpdateProgram.sched.Task.MissedStartAction=1
UpdateProgram.sched.Task.StartType=2
UpdateProgram.sched.Times.DayOfMonth=1
UpdateProgram.sched.Times.DayOfWeek=0
UpdateProgram.sched.Times.GracePeriod=300
UpdateProgram.sched.Times.SelectedDays=127
UpdateProgram.sched.Times.StartTime=2007-06-22/08-00-00
UpdateProgram.sched.Update.Path=
UpdateProgram.sched.Update.Source=inet
UpdateVir.sched.Repeat.BaseTime=INVALIDTIME
UpdateVir.sched.Repeat.Interval=4
UpdateVir.sched.Repeat.Type=1
UpdateVir.sched.Task.Disabled=false
UpdateVir.sched.Task.MissedStartAction=1
UpdateVir.sched.Task.StartType=2
UpdateVir.sched.Times.DayOfMonth=1
UpdateVir.sched.Times.DayOfWeek=0
UpdateVir.sched.Times.GracePeriod=180
UpdateVir.sched.Times.SelectedDays=127
UpdateVir.sched.Times.StartTime=2007-06-22/17-00-00
UpdateVir.sched.Update.Path=
UpdateVir.sched.Update.Source=inet
AVG ANTIVIRUS FREE - FOR LINUX 的扫描速率非常之快,消耗的资源也比较少。至于查杀能力如何呢,暂时还没有看到权威的评测的资料。暂时不能做过多评论。
在上篇文章“记一次Linux服务器上查杀木马经历”里面,我介绍了使用ClamAV清理了木马程序,当时以为清理干净了,但是过了一天后,使用NetHogs又发现可疑进程。使用ClamAV查杀清理又发现感染了Linux.BackDoor.Gates,查杀完成后,重启系统后到目前为止没有发现任何异常情况。后来我在这台Linux服务器安装了AVG Anti-Virus,扫描倒是非常快,比ClamAV的速度要快出几个等级,但是查杀能力无法验证。倒是扫出了很多Linux.BackDoor.Gates创建的一些链接。ClamAV倒是没有扫出这些。
[root@LNX17 ~]# ls -lrt /etc/rc.d/rc5.d/S97DbSecurityMdt
lrwxrwxrwx. 1 root root 25 Jul 17 08:28 /etc/rc.d/rc5.d/S97DbSecurityMdt -> /etc/init.d/DbSecurityMdt
[root@LNX17 ~]# ls -lrt /etc/init.d/DbSecurityMdt
ls: cannot access /etc/init.d/DbSecurityMdt: No such file or directory
[root@LNX17 ~]#
清理这些链接后,已经过了几天,再也没有发现异常情况,从网络发包、收包情况看,已经没有任何异常情况。
rm -f /etc/rc.d/rc5.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc5.d/S99selinux
rm -f /etc/rc.d/rc4.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc4.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc4.d/S99selinux
rm -f /etc/rc.d/rc1.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc1.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc1.d/S99selinux
rm -f /etc/rc.d/rc3.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc3.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc3.d/S99selinux
rm -f /etc/rc.d/rc2.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc2.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc2.d/S99selinux
关于这台服务器是如何挂马的呢? 我也在思考,奈何能力有限,无法确认一些猜测(个人猜测是利用Tomcat漏洞挂马)。关于Linux安全管理方面,个人觉得杀毒软件只是根治病毒木马的一种手段。我们需要从很多方面(安全补丁更新、正确配置、防火墙配置……)去预防、监控才能真正的确保系统的安全。
参考资料:
http://free.avg.com/us-en/download-free-all-product#tba2
http://www.avg.com/us-en/faq.num-4884
https://www.rootlinks.net/2015/05/20/avg-anti-virus-for-linux-free-edition/