Test of Antivirus engines on GRML
Hi,
I tested a few antivirus engines in the last weeks and I wanted to summarize what I found out (all engines I tested could be used on a GRML live CD which is very cool) but it seems I cannot create pages in the wiki?
So, I just post the stuff here:
=====
Running antivirus software on GRML 2009.10 (Hello-Wien) *******************************************************
This is a list of antivirus software that has been tested to work or not work on GRML. Fortunately, all software I tested worked on GRML 2009.10 (which was quite different when I did this test a year ago). But of course that was not GRML's fault.
ClamAV ------
Clamav has the advantage it is included in grml. Unfortunately as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam scan command: clamscan /mnt/somewhere
Avira -----
Avira is free for non-commercial use and a free 30-day trial is available for commercial use.
Personal: http://www.free-av.de/en/download/download_servers.php (Direct download: http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-p...) Professional: http://www.avira.com/de/downloads/avira_antivir_professional.html
To install: tar xfvz antivir_*.tar.gz cd antivir-* ./install
When prompted (except for the license) just accept the default. Dazuko will not work because grml's kernel does not support it, but you can continue anyway. You *have* to say Y (which is default) for installing dazukofs, though (even if you don't have the kernel module), since otherwise even the on-demand scanner will not start.
Before updating/scanning, start the avguard daemon: avguard start Update command: avupdate --product=Guard Scan command: avscan /mnt/somewhere
F-Prot ------
F-Prot Antivirus for Workstations is available free for non-commercial use as well and as trial for commercial use.
Website: http://www.f-prot.com/download/home_user/download_fplinux.html Direct link: http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz
To install: tar xfvz fp-Linux-i686-ws.tar.gz cd f-prot ./install-f-prot.pl
(just accept the defaults, it will update signatures automatically when installation is finished)
Scan command: fpscan /mnt/somewhere
Bitdefender -----------
Bitdefender provides a Debian package (that works on GRML): http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-sc...
AVG ---
AVG provides a Debian package (that works on GRML) as well: http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb
Avast and Panda ---------------
Avast provide download for trial versions for their Linux products only by e-mail. So, if you really want to try them, fill in their web forms and receive link and license file by e-mail.
Avast *does* work on GRML, Panda for some reason did not send me a download link at all. Perhaps you have more luck? ;-)
=====
Regards,
Michael
On Sat, 21 Nov 2009 20:22:23 +0100, Michael Schierl wrote:
but it seems I cannot create pages in the wiki?
So, I just post the stuff here:
Thanks a lot for sharing!
On Sat, Nov 21, 2009 at 08:22:23PM +0100, Michael Schierl wrote:
Hi,
I tested a few antivirus engines in the last weeks and I wanted to summarize what I found out (all engines I tested could be used on a GRML live CD which is very cool) but it seems I cannot create pages in the wiki?
I've created one for you that you can edit. http://wiki.grml.org/doku.php?id=antivirus
ClamAV
Clamav has the advantage it is included in grml. Unfortunately as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?
BTW: Had to clean some machines, too, recently. In my case clamav missed a lot of viruses/trojans :-(
Avast and Panda
Avast provide download for trial versions for their Linux products only by e-mail. So, if you really want to try them, fill in their web forms and receive link and license file by e-mail.
avast4workstation can be downloaded directly: http://www.avast.com/eng/download-avast-for-linux-edition.html You still need the license key though.
Thx for documentating your work.
greets Jimmy
Andreas Gredler wrote:
I've created one for you that you can edit. http://wiki.grml.org/doku.php?id=antivirus
Thank you. I did so :)
ClamAV
Clamav has the advantage it is included in grml. Unfortunately as of writing this, the scan engine is not the latest one available. You can scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?
No. My experience with updating packages on grml was never very good (maybe because you have to include a lot of different packages to get a working system again?) and success of it changes from day to day. Installing external packages is better for me because of that (I put the files on an USB key and update them only when there is a new GRML available). Updating of other antivirus works well from really old versions. Or is there some grmlrepository somewhere where I can reliably upgrade *only* clamav without running the risk I need to upgrade to new versions of libfoo and libbar and therefor gazillions of other packages (similar to backports repository of Debian)? Whenever I try it (not only shortly after the release)?
BTW: Had to clean some machines, too, recently. In my case clamav missed a lot of viruses/trojans :-(
Yeah. They usually do not include signatures for files that can only appear like that on hard disk (if the virus unpacks itself from the email, for example), as most people use clamav as an email scanner and not for scanning real Windows boxes. That's why I use multiple (different) scanners for scanning Windows boxes from grml.
Avast and Panda
Avast provide download for trial versions for their Linux products only by e-mail. So, if you really want to try them, fill in their web forms and receive link and license file by e-mail.
avast4workstation can be downloaded directly: http://www.avast.com/eng/download-avast-for-linux-edition.html You still need the license key though.
Ok, added that. Yes, I remember now, I could download it before getting the license, but still had to wait for that e-mail so that I could install it...
greets Jimmy
Hmm. That nick looked strange (especially as my email program by default only shows real name and not email address) and I thought my email program had problems with quoting ;-). But if you like to have a nick that tries to imply a different first name, fine for me :)
Michael
participants (3)
-
Andreas Gredler -
Michael Schierl -
T o n g