ウィルス対策

Linuxもウィルス対策ということで、FRISK Software 社のF-Portをインストールすることにした。
GENTOOにはパッケージが存在するので、下記のようにインストールすると、こんなメッセージが表示されインストールは完了。注目はRememberから始まる文章で「ウイルスのデータベースを最新保つために規則的にアップデートをしなきゃだめよ。cronで動かすのがいいじゃん。そして毎日（草木も目覚める寅七つ時）にね。」そんなことが書いてあるみたい。



# emerge f-prot

* Remember to run /opt/f-prot/tools/check-updates.pl regularly to keep virus
* database up to date. Recommended method is to use cron. See manpages for
* cron(8) and crontab(5) for more info.
* An example crontab entry, causing check-updates.pl to run every night at 4AM:

0 4 * * * /opt/f-prot/tools/check-updates.pl >/dev/null

* For more examples, see /usr/share/doc/f-prot-4.6.3/html/auto_updt.html

* As of 4.5.4, the update script is installed correctly into directory designed
* by upstream again. Check your crontab, so the path matches the one above.

>>> Regenerating /etc/ld.so.cache...
>>> app-antivirus/f-prot-4.6.3 merged.
>>> Recording app-antivirus/f-prot in "world" favorites file...

>>> clean: No packages selected for removal.

>>> Auto-cleaning packages ...

>>> No outdated packages were found on your system.


* GNU info directory index is up-to-date.

じゃあ案内に従いcronに登録します。コマンドはこんなかんじです。

# crontab -e


そんなこんなでまずは/tmpあたりをチェックすると、ウイルスの署名ファイルが古いね！ # f-prot /tmp
Virus scanning report - 22 February 2006 @ 10:46

F-PROT ANTIVIRUS
Program version: 4.6.3
Engine version: 3.16.10

VIRUS SIGNATURE FILES
SIGN.DEF created 24 November 2005
SIGN2.DEF created 24 November 2005
MACRO.DEF created 20 November 2005

Search: /tmp
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER


Results of virus scanning:

Files: 423
MBRs: 0
Boot sectors: 0
Objects scanned: 1237

Time: 0:04

No viruses or suspicious files/boot sectors were found.

そこで先ほどのアップデートスクリプトを寅七つ時まで待たずに実行することに。

# cd /opt/f-prot/tools/
# ./check-updates.pl

*********************************

＊ F-Prot Antivirus Updater *

*********************************

There's a new version of:
"Document/Office/Macro viruses" signatures on the web.
Starting to download...
Download completed.

There's a new version of:
"Application/Script viruses and Trojans" signatures on the web.
Starting to download...
Download completed.

Preparing to install Application/Script viruses and Trojans signatures.
Application/Script viruses and Trojans signatures have successfully been installed.

Preparing to install Document/Office/Macro viruses signatures.
Document/Office/Macro viruses signatures have successfully been installed.

****************************

＊ Update completed successfully. *

****************************

そしてもう一回チェック。新しくなっています。

# f-prot /tmp
Virus scanning report - 22 February 2006 @ 10:53

F-PROT ANTIVIRUS
Program version: 4.6.3
Engine version: 3.16.10

VIRUS SIGNATURE FILES
SIGN.DEF created 17 February 2006
SIGN2.DEF created 19 February 2006
MACRO.DEF created 15 February 2006

Search: /tmp
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER


Results of virus scanning:

Files: 423
MBRs: 0
Boot sectors: 0
Objects scanned: 1237

Time: 0:03

No viruses or suspicious files/boot sectors were found.

あとはどのタイミング、頻度でスキャンするかです。全体を週1回とか特定フォルダは2〜3時間おきとか、これもcronに追加すると良いでしょう。
それともしウィルスを見つけたらどんな処理をするのかが不明で、ログを残す必要もあるかもしれません。そのうち調べて楽しいスクリプトを書きます。それでは！