본문 바로가기
운영체제 (LNX,WIN)

리눅스 바이러스 검색 및 제거 프로그램 F-PROT

by 날으는물고기 2009. 12. 2.

리눅스 바이러스 검색 및 제거 프로그램 F-PROT

리눅스 백신을 물어보는 이가 있어서 설치하다가 설치기를 올려봅니다.
물론 다른 백신도 많이 있고, GUI로 되어 있지만, 이 녀석은 TUI방식이네요..
아주 오래된 녀석입니다.
v3 때도 있었던 걸로 기억나네요... 

1. 프로그램을 다운로드 합니다.

[root@src]# wget http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz

2. 압축을 해제 합니다.

[root@src]# tar zxvf fp-Linux-i686-ws.tar.gz

3. 설치를 합니다.

[root@src]# cd f-prot/
[root@81 f-prot]# ls
antivir.def          fpscan             license.key           README
doc                  fpupdate           product.data
f-prot.conf.default  install-f-prot.pl  product.data.default
[root@81 f-prot]# ./install-f-prot.pl

        (c) FRISK Software International

        http://www.f-prot.com/

        You are about to install F-Prot Antivirus for Linux Workstations
        on a RedHat Linux 2.6.18 running on i686 into the '/usr/local/src/f-prot'
        directory

        Be warned that the documentation and user manuals assume that
        F-Prot is installed in the default directory '/opt/f-prot'.

        F-Prot will run just fine from '/usr/local/src/f-prot'
        but you will of course have to adjust sample configuration and
        such to match that change.

Where do you want a symbolic link to 'F-Prot Antivirus command line scanner (fpscan)' to be created?
(Just press Enter to accept the default) [/usr/local/bin]:

설치 장소를 물어봅니다. 가급적 default로 설치합니다.

Where do you want a symbolic link to 'section 8 manuals' to be created?
(Just press Enter to accept the default) [/usr/local/man/man8]:

Where do you want a symbolic link to 'section 1 manuals' to be created?
(Just press Enter to accept the default) [/usr/local/man/man1]:

Where do you want a symbolic link to 'section 5 manuals' to be created?
(Just press Enter to accept the default) [/usr/local/man/man5]:

Changing file access permissions on the installed files and directories ...ok
Checking if you have an existing license key...yes

Found an existing license key in /usr/local/src/f-prot/license.key, updating antivir.def ...

몇 가지 man page에 등록하는 것과 라이센스 키는 무료로 줍니다.

Downloading update (%100)
We've generated the following crontab entries to update the
antivir.def file via fpupdate. Updates will be run hourly at a
randomly picked minute to distribute load, and thus make your updates
faster than if they were run during obvious high load times, e.g. on
the hour.

The global crontab entry we made to add to /etc/crontab is the following:

        45 * * * * root /usr/local/src/f-prot/fpupdate > /dev/null

Would you like to have this crontab appended to /etc/crontab?
(Just press Enter to accept the default) [Y/n]: n 

No changes to /etc/crontab have been made but you should manually add
the crontab entry above or its equivalent somewhere so that the
antivir.def file is kept up to date.

        All done!

If you reconfigured your MTA you should restart it now to activate the changes.

        Have a nice day

Frisk software (www.f-prot.com)

[root@f-prot]#

설치가 완료되었습니다.

4. 차후에 수동으로 업데이트 하려면
#/usr/local/f-prot/tools/check-updates.pl
이라는 명령을 주면 된다. 자동업데이트를 하려면 크론에 이 내용을 적어주면 될 것이다.
이런 식으로    27 4,16 * * * /usr/local/f-prot/tools/check-updates.pl

5. 다음으로 실행 명령은
#/usr/local/f-prot/f-prot /(스캔할 디렉토리)

[root@f-prot]# fpscan -a

F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.4.56
Virus signatures: 2009112416035f07579582d5addd53c6123e9b146d8e
                  (/usr/local/src/f-prot/antivir.def)

Scanning: -

6. 다음은 f-prot에 사용되는 옵션들이다. 참고하기 바란다.

Options Description
-ai Enable neural-network virus detection. The -ai option should not be used with the -noheur option.
-archive=n [default is 5] Scan inside supported archives n levels deep, the supported range is between 1 and 99, the default level is 5.  Supported archives are .zip, .cab, .tar, .gz, .izh and .arj files. Currently F-Prot Antivirus does not support disinfection or removal of infected files within archives. Unix mailboxes are considered to be archives and therefore F-Prot Antivirus is not able to remove infected attachments.
-noarchive Does not scan inside archives. The option -noarchive implies -noserver.
-server [default] Attempts to identify infections within password protected archives. The option -server implies -archive.
-type Scan files by content. By default f-prot scans all files. By using the-type option, you are instructing the scanner to limit the search to scanning by content.
-noverver Does not attempt to identify infections within password protected archives.
-auto Automatically remove detected viruses. As noted above, this will not work on archived files.
-collect Scan a virus collection. This option is intended for advanced users. When this option is used it will, e.g.  scan for bootsector viruses within files, even though the virus resides within a file instead of a bootsector.
-delete Delete infected files. By default this requires user confirmation but if you include the -auto option F-Prot Antivirus   will not prompt you for confirmation before deleting infected files. F-Prot Antivirus does not support removal of infected   files located within archives.
-disinf Disinfect whenever possible. By default this requires user confirmation but if you include the -auto option f-prot  will not prompt you for confirmation before disinfecting infected files. F-Prot Antivirus does not support disinfection of infected   files located within archives.
-dumb [default] Scan all files, regardless of extensions or content.
-ext Scan only files with default extensions. By default f-prot scans all files. By using the-ext option, you are instructing the scanner to limit the search to files with default extensions.
-follow Follow symbolic links. This should be used with care, as the program does  not detect "circular" directories, and may get stuck in an endless loop.
-noheur Disable heuristic scanning. The -noheur option should not be used with the -ai option.
-nosub Do not scan subdirectories.
-onlyheur Only use heuristics, do not scan for known virus signatures. By using this option F-Prot Antivirus will only detect a fraction of infected files.
-packed [default] Unpack compressed executables. There is no corresponding -nopacked option. This option is provided for legacy reasons.
-rename Rename extensions of infected files to prevent them from being executed, e.g. renaming file.com to file.vom  and file.exe to file.vxe. This will not prevent files from being executed on UNIX because: 
  • .exe files and .com files from Windows are not executable on a UNIX platform by default  
  • file extensions are not used on Unix systems with regards to executability.

  • 출처 : http://blog.naver.com/incoinco
    728x90

    댓글