/os/ - Online Security

News, techniques and methods for computer network security.

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Board Rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Magrathea | Catalog | Bottom


Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Expand All Images


Antivirus Software Endwall 02/12/2024 (Mon) 02:06 [Preview] No. 1840
Antivirus Software and Methods

I generally don't trust antivirus software packages but I think they may be useful in cases where you download files from the internet and open or view them. Place useful tips about virus cleaning and antivirus software tips in this thread.


ClamAV Endwall 02/12/2024 (Mon) 02:34 [Preview] No.1841 del
On Debian and Windows I use ClamAV which is maintained by Cisco systems.

https://www.clamav.net/
https://www.clamav.net/downloads

It comes packaged with Debian and other GNU/Linux distributions, and I've used it on OpenBSD. On windows I use the Windows defender suite but this also works on windows through an admin CMD command line. You download the package from the above link and install it. Then you need to edit two config files in the directory "C:\Program Files\ClamAV\conf_examples\". Copy these files to the main directory
 
C:\> copy "C:\Program Files\ClamAV\conf_examples\*.sample" .. 
C:\> cd "C:\Program Files\ClamAV\" 
C:\> move clamd.conf.sample clamd.conf
C:\> move freshclam.conf.sample freshclam.conf
C:\> notepad clamd.conf

#Comment or remove the line below.
#Example

Save and close the file, then do the same for freshclam.conf
C:\> notepad freshclam.conf

# Comment or remove the line below.
#Example

Save and close the file after commenting Example with #
C:\> freshclam

This will update the database of signatures and definitions
Next change directory into the root directory.
C:\> cd C:\  
C:\> "C:\Program Files\ClamAV\clamscan" -help | more
## read the instructions
C:\> mkdir C:\temp 
C:\> mkdir C:\temp\virus\

Now run the program from the root directory
C:\> "C:\Program Files\ClamAV\clamscan" -v -a -o -i -r -z --memory --kill --move=C:\temp\virus

This will run the antivirus program on windows and move the infected files to C:\temp\virus
you can delete these after you inspect the directory
C:\> cd C:\temp\virus\
C:\> dir 
C:\> rm C:\temp\virus\*

For GNU/Linux, the package installation will already have the #Example commented out and you simply run :
$ su
# cd /
# freshclam
# mkdir /tmp/virus/
# clamscan -v -a -o -i -r -z --move=/tmp/virus

To run the program from the current working directory
# cd /tmp/virus/
# ls /tmp/virus/
# rm /tmp/virus/* 


I'm sad to say that ClamAV found stuff on my server on Parabola GNU/Linux and on my daily driver computer on Debian, and on my Windows Computers, but found nothing on my OpenBSD machines. I don't know if it reports matched hashed files back to a central server or not so this may not be for you if you have stolen documents in your possession. For my use case I'm only concerned about Trojans, worms and files that have viruses. It's the best I have to go on. Use this with windows defender on windows, and as mentioned on *NIX and GNU/Linux systems. If you know more about this kind of stuff and have tips to share, feel free to share them below.
Edited last time by Endwall on 02/22/2024 (Thu) 03:00.


Endwall 02/22/2024 (Thu) 03:08 [Preview] No.1842 del
If you just want to scan your home directories, you can just run this on /home/ or a specific directory cd'ing into the directory. Also --remove will do the deletion for you if you'd rather the program handle the process of bad flagged file removal. For a silent non verbose run remove -a and -v. Example:
$ su
# cd /home/
# freshclam
# clamscan -i -o -r -z --remove

Run it on the root directory / to get everything, however removal might break programs so its best to run verbose to a log file and move the bad files to a quarantine location before deletion. Post any tips about anti-virus if you have any.
Edited last time by Endwall on 02/22/2024 (Thu) 03:09.



Top | Catalog | Post a reply | Magrathea | Return