Télécharger gratuitement via le site officiel de Linux+DVD :
http://lpmagazine.org/fr/magazine/897-securite-reseau

Découvrez les articles de la sécurité :

• Règles de sécurisation sous Linux
• Firewall sous Linux
• Samurai, protégez vos applications web
• ClamAV, coment configurer de façon simple votre antivirus ?
• Le détecteur d’intrusion AFICK.

Bonne Lecture.

Penerbit: Majalah PC Media
Situs resmi: www.pcmedia.co.id
Versi: 2.2 + Build1
Ukuran file: ± 2,68 MB

Bug lama masih tetap ada di versi ini. Ketika dijalankan pada komputer yang telah diinstall KAV 2010, proses PCMav akan dianggap mencurigakan. Sebuah jendela peringatan akan muncul. Untuk mengatasi masalah ini, pilih opsi Allow atau masukkan PCMav pada daftar pengecualian Kaspersky.

Kaspersky juga akan mengeblok proses pembaruan database yang dilakukan PCMav. Untuk itu, apabila Anda akan menjalankan PCMav dan memperbarui database-nya, lebih baik Anda hentikan sementara Kaspersky dengan memilih opsi Pause protection … melalui ikon di taskbar.

Yang baru di versi ini:

1. Penambahan database pengenal dan pembersih untuk 71 virus lokal/asing/ varian baru yang dilaporkan menyebar di Indonesia. Total 3214 + 10 virus beserta variannya, termasuk varian virus Conficker yang canggih telah dikenal di versi 2.2 ini.
2. Penambahan pengenal khusus yang dapat mengenali virus Induc yang sedang banyak dilaporkan di seluruh dunia.
3. Perbaikan kesalahan deteksi (false alarm) heuristik pada beberapa program dan script.
4. Perubahan beberapa nama virus mengikuti varian baru yang ditemukan.
5. Perbaikan beberapa minor bug dan improvisasi kode internal.

Integrasikan dengan ClamAV

Agar PCMav Anda lebih ampuh dalam membasmi virus, Anda bisa mengintegrasikan PCMav dengan ClamAV. Berikut langkah-langkah untuk menggabungkan PCMav dengan ClamAV:

1. Unduh file library ClamAV dari alamat ini. Cari bagian "Current Stable" dan unduh file library ClamAV terbaru yang mengandung string "-win32-". Perlu diingat, ClamAV terbaru memerlukan program msvcrt80.dll yang dapat diunduh dari alamat ini (versi 32bit) atau alamat ini (versi 64bit).

2. Setelah Anda mendapatkan file library ClamAV hasil unduh tadi, lakukan ekstrak beberapa file berikut ke dalam folder \plugins\clamav 
            – libclamav.dll
            – libclamunrar.dll
            – libclamunrar_iface.dll
   Tambahkan juga file Microsoft.VC80.CRT.manifest, msvcm80.dll, msvcp80.dll, dan msvcr80.dll jika sistem Anda memerlukannya.

3. Prosedur penginstalan database virus ClamAV akan berjalan otomatis ketika Anda terhubung dengan internet atau kunjungi alamat ini untuk mengunduhnya secara manual.

Unduh PCMedia Antivirus 2.2

Kata sandi: komputrix.co.nr

Può capitare come a me di usare un sistema linux come file server per client windows, rendendo necessario eseguire scansioni alla ricerca di virus,  nelle directory condivise del server.

per far questo possiamo usare clamav e scrivere un piccolo script , per poi affidarlo alle amorevoli cure dello scheduler di sistema crontab .

Le distro ubuntu – Kubuntu hanno già nativamente disponibile nei repository l’ antivirus clamav, ma è comunque una buona idea usare la versioni contenute nei repository PPA ubuntu-clamav. Seguiamo le chiare e semplicissime istruzioni riportate a questa pagina

installiamo clamav e lo script per gli aggiornamenti delle definizioni con :

sudp apt-get update

sudo apt-get install clamav clamav-freshclam

creiamo una cartella nella nostra home dierctory per metterci i file di log e lo script ( opzionale potete metterli dove volete )

ES. mkdir /home/utente/clam

e una sottodirectory dove mettere i file eventualmente infetti

mkdir /home/utente/clam/clam_infected

all’ interno creiamo un nuovo file di testo chiamato clam.sh, editiamo tale file con un editor di testo ( kate o gedit o nano , ……)

inseriamo lo script

#!/bin/bash
# CLAMAV scan script for crontab
sudo freshclam >> /home/utente/clam/update.log ;
sudo clamscan -r /home –move=”/home/utente/clam/clam_infected” –log=“/home/utente/clam/antivirus.log”

Ovviamente adattate le path alle vostre esigenze, sostituite le parti segnate in rosso con il vostro nome utente, quella in verde invece è la directory che volete venga scansionata dall’ antivirus.

provate lo script, controllate i file di log update.log e antivirus.log

automatiziamo con :

sudo crontab -e

inseriamo la stringa in crontab,

0 0 * * * sh /home/utente/clam/clam.sh

sostituiamo 0 0 con l’ orario in cui vogliamo sia eseguita la scansione giornaliera.

Learn how to install ClamAV Antivirus Server and be safe on Ubuntu.
Installing ClamAV AntiVirus Server

1. Go to Applications > Add/Remove Applications

2. In Add/Remove Applications page, type virus in search box.
3. Select Virus Scanner (ClamAV) and click OK.


4. In Confirmation window, click on Apply to install the virus scanner successfully.

Automate scan files/folders for viruses

Automatically scan files/folders for viruses at midnight everyday. Just follow these steps to automate.

4. Go to Applications > Accessories > Terminal

5. In the terminal as shown below, copy paste the command export EDITOR=gedit && sudo crontab -e and run it.

Enter your password and hit return.

Note: User should have administrator permissions.

6. In Editor page, append : 00 00 * * * sudo clamscan -r /location_of_files_or_folders at the end of file save and close the editor.

Automation process is now set successfully and your system is monitored.

7. If you want to check for the Status of Scanning use command: sudo clamscan -r /location_of_files_or_folders

8. This will display the summary of scanning as indicated in the screen below.

sumber:http://www.zolved.com

bertindak sebagai root
root@muzakkir-laptop:~#apt-get install clamav clamav-daemon clamav-freshclam
jika sudah selesai maka anda bisa melakukan scan secara text, namun jika anda menginginkan aplikasi scanner virus muncul pada panel (fronted), maka anda harus menginstall clamtk
download terlebih dahulu clamtk dari sumbernya
root@muzakkir-laptop:~# wget http://puzzle.dl.sourceforge.net/sourceforge/clamtk/clamtk_3.05-1_all.deb
selanjutnya instalasi dengan dpkg -i
# dpkg -i clamtk_3.05-1_all.deb
jika anda dapat error ….tdk usah kaget…. cukup anda menuliskan baris berikut untuk menyempurnakan instalasi
#apt-get -f install
jika sudah selesai… sebaiknya melakukan update terhadap engine yang digunakan..caranya :
#apt-get update
dan # apt-get upgrade
maka clamtk 3.05-1 akan terganti dengan clamtk 4.05-1
untuk melakukan scan dari fronted, maka klik application —>system tools—->virus scanner

sumber:http://salewatan.wordpress.com

Hi guys,
Dont be puzzled by reading the heading.Let me tell you some scenarios.Then you will come to know whether you need an antivirus for linux or not.

Situation 1:
You are having a dual boot system with Windoze and Linux.You copied some files from your friend’s pendrive ,You didnt checked it and made a blind copy because you have linux and what the hell the virus can do( You thought in your mind ).Now you are logged into your windows operating system.All the sleeping viruses will woke up and start eating your system.What will you do????

Situation 2:
I have a system with one and only operating system and that is linux.But somehow you copied some viruses into your system and not aware of it.You sent a mail with an attachment( assume it contains some viruses and you are not aware of it ) to your friend who is using windoze.What will happen ????Bang!!!
Even you gave some data to your friend via pendrive or some other medium.If it contains some viruses then what will happen?? Bang again !!!

Solution :
Dont think that linux has no antivirus software.Even kasperski is providing one for linux.But it is proprietary and we need to spend some money.Regular updates ,regular patches,regular license
upgrades,painful ( pay money again ) version upgrades.So it is BLACKLISTED from our list.Then is there any FOSS ( Free and open source software ) for this pursose ??
Yes it is .CLAMAV.You can just install it with yum ( for
redhat,fedora) or apt-get ( Debian,ubuntu ).Install the following packages.
1.CLAMAV ( Engine)
2.CLAMAV-UPDATE ( Updater)
3.CLAMTK ( GUI )

Some useful commands to work with clamav:
1.clamscan
2.clamdscan
3.freshclam ( Update )
4.clamtk ( To start GUI )

HINT : You can clean your windows system from linux using clamav This is so cool isnt it ??

Just give a try instead of finding kasp keys dude.Worth to use

intipadi.com – Di linux, khususnya diplatform server ClamAV adalah salah satu utility antivirus yang sangat dibutuhkan dan dipasang secara default disistem. ClamAV sejak awal memang didesain untuk kebutuhan pengguna advance dan dengan interface yang ’selalu’ dalam cita rasa command line.

Bagi sebagian orang aplikasi berbasis konsol seperti ini sangat seram, sehingga tak urung mereka beralih menggunakan versi GUI atau sekadar GUI front endnya. Untuk ClamAV sendiri sudah ada banyak sekali front end, mulai dari Klamav yg berbasis KDE, sampai pada ClamTk yang berbasis GTK+.

Pada artikel kali ini kita akan membahas ClamTk, sebuah front end yang berbasis GTK+. Seperti dikutip dari description mereka, Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

Versi terbaru dari ClamTk saat tulisan ini diterbitkan adalah versi 4.19 yang dirilis kemarin. Dalam versi terbarunya ini ClamTk menambahkan beberapa fitur baru seperti kotak setting/preference yang menyatu.

Instalasi
Untuk menginstall ClamTk, diperlukan dependensi adanya ClamAV terlebih dulu. Dalam distro mandriva 2009.1 misalnya, cukup instalasi dengan:

urpmi clamav

kemudian menginstall ClamTk sendiri, dengan:

urpmi clamtk

Jika anda lebih suka instalasi manual tanpa urpmi atau apt-get, anda dapat mendownload file ClamTk dari Sourceforge sebagai berikut:

Je vais expliquer rapidement comment installer et configurer un serveur proxy transparent sur une debian dans mon cas c’est Lenny.

Le serveur proxy filtera aussi les contenu des site visités avec Dansguardian et vérifiera si les fichiers reçus par l’utilisateur contient des virus avec Clamav. Dans la configuration le proxy n’agira que sur le protocole HTTP sur le port 80 si vous cherchez un ‘full transparent’ utiliser plutôt tproxy . Le principe est simple, on redirige les trafics sur le port 80 vers le port 8080 de Dansguardian qui filtre selon les règles puis redirige sur le port 8090 de HAVP enfin Squid le reçoit sur le port par défaut 3128.

Selon les informations sur le net Squid est plus performant sur une partition en resiserfs qui gère mieux une grande quantité de petits fichiers. Choisissez aussi des disques rapides.

Dans l’exemple j’ai utilisé Debian 5.0 ou Lenny, ajouter cette ligne dans /etc/apt/sources.list :

deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free

Puis on installe les packets :

aptitude update
aptitude install squid3 dansguardian clamav clamav-base havp


Configuration de dansguardian :

Le fichier de configuration est le /etc/dansguardian/dansguardian.conf

cp /etc/dansguardian/dansguardian.conf /etc/dansguardian/dansguardian.conf.orig

Modifier le fichier et ça donne :


# grep -v '^#' dansguardian.conf | sed -e '/^$/d'
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'french'
loglevel = 2
logexceptionhits = 2
logfileformat = 3
syslog = on
loglocation = '/var/log/dansguardian/access.log'
filterip = 192.168.0.200
filterport = 8080
proxyip = 127.0.0.1
proxyport = 8090
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = on
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 5000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 128
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 180
minchildren = 32
minsparechildren = 8
preforkchildren = 10
maxsparechildren = 64
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
softrestart = off
mailer = '/usr/sbin/sendmail -t'
root@proxy:/etc/dansguardian#

Vous avez remarqué que mon proxy utilise l’IP 192.168.0.200 . Passons à HAVP, la configuration est simple :


root@proxy:~# grep -v '^#' /etc/havp/havp.config | sed -e '/^$/d'
PARENTPROXY 127.0.0.1
PARENTPORT 3128
FORWARDED_IP true
PORT 8090
BIND_ADDRESS 127.0.0.1
TEMPLATEPATH /etc/havp/templates/fr
ENABLECLAMLIB true
ENABLECLAMD false
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false
root@proxy:~#

Comme vous l’avez constaté HAVP peut être utilisé avec d’autre antivirus Avast, Nod32, … dans notre cas nous utilisons Clamav. Dans le fichier de configuration de HAVP nous avons redirigé les  traffic sur 127.0.0.1:3128, c’est le port par défaut de Squid.

Modifier votre fichier de configuration de Squid, changer la ligne qui commence par http_port :

http_port 127.0.0.1:3128 transparent

Pour spécifier la taille maximale de votre cache vous pouvez changer la ligne suivante ici dans l’exemple spécifie que squid peut utiliser 12000MB :

cache_dir ufs /var/spool/squid3 12000 16 256

Redémarrer les services :


# /etc/init.d/dansguardian restart
# /etc/init.d/havp restart
# /etc/init.d/squid3 restart

Il nous reste qu’à rediriger le trafic, vous pouvez utiliser des logiciels comme Shorewall, mais  ici pour simplifier, on utilise directement iptables :


# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080


Pour tester que ça marche vous pouvez vérifier avec les fichiers log

root@proxy:~# tail -f /var/log/dansguardian/access.log
root@proxy:~# tail -f /var/log/squid3/access.log
root@proxy:~# tail -f /var/log/havp/access.log


Vita tompoko, j’espère que ce petit post vous a aidé.

Clam Anti-Virus is an open-sourced,  GPL-licensed, and a cross-platform application. ClamAV is capable of scanning files, directories, and archives for infected files. Filtering, coping, moving, and removing viruses are all options. For a virus-free PC.

Installing ClamAV

To install Clam Anti-virus, open the terminal and type:

sudo apt-get install clamav

Updating ClamAV database

When Clam is installed, its database may not be up-to-date so to update it enter the following:

sudo freshclam

Now the database will be updated. If you do not want check whether your database is up-to-date each time you want to search for viruses, the following command will check for database updates twice a day (you can increase the times by changing the number “2″, and notice that your limit is 50).

sudo freshclam -d -c 2

Once the enter key has been pressed it’ll ask for your password. This command will run as a daemon (runs in background), and will stop when the computer shuts down. To make is starts automatically when ubuntu starts, follow the following steps:

1. Goto “System” –> “Preferences” –> “Startup Applications” (“Sessions” in ubuntu 8.10 & older).
2. Press the “Add” button.
3. In the name field type “ClamAV database update”, and in the command feild type “gksu freshclam -d -c 2“.
4. Click the “Add” Button.

Because we used “gksu", each time you log into your gnome session a window will pop up asking for password (freshclam needs administrative privileges)

Of course, by using this method, the daemon will only start when you log into your gnome desktop. if you want it to start when your system boots up, add it with the rest of the system’s daemons; hal fam, gdb, …

Usng Clam AV

For scanning files, the command “clamscan” will be used.

• To scan files under a specific file type this:

clamscan ~/MyFileToScan.extension (the viruses usually have the following extensions: .exe, .dll, .com, cmd, and .scr)

• To scan files under a specific directory type this:

clamscan -r ~/MyDirectoryToScan (-r is used to search recursively)

• To scan and delete the found viruses type:

clamscan -r --remove ~/MyDirectoryToScan

• To scan and copy the found viruses type:

clamscan -r --copy ~/CopiedToHere ~/MyDirectoryToScan

• To scan and Move the found viruses type:

clamscan -r --move ~/MovedToHere ~/MyDirectoryToScan

Other useful options:

• To have ClamAV prints only the infected files instead of all of them, add the option -i
• To make the console beeps whenever a virus is detected, ass the option --bell

The command I use for searching viruses:

sudo clamscan -r -i --bell --move ~/Directory ~/VirusArchive

I use sudo so that ClamAV gets the capability of moving all the files, even the ones that I don’t have the permission to move as a normal user

Important Notes

• This was tested on ubuntu 9.04 .
• For more information and details see manpages: clamscan(1) and freshclam(1).
• ClamAV also has a GUI, to install it type “sudo apt-get install clamtk” and then type “clamtk” to run the application.

This document was updated on 5 Nov. 2009

Anxious Nut

Mis hermanos, que viven en otro país, usan una PC con windows, y alguna vez que fuí a visitarlos les dejé instalado Ubuntu en su máquina (ahora tienen dual boot). Estos días me reportaron que su Windows no funciona (virus, sin duda) y solo pueden usar Ubuntu paratrabajar en el PC. Dado este caso, he decidido que lo mejor sería instalar un antivirus en Ubuntu, pero no para revisar el sistema Linux (que para un usuario normal no representa problemas de seguridad), sino para scannear nuestra partición Windows. Me he decidido por ClamAV, un antivirus de código abierto. Lo instalamos en consola con

sudo apt-get install clamav

Y el GUI lo instalamos con

sudo apt-get install clamtk

Una vez instalado, lo encuentras en Aplicaciones – Herramientas del sistema – Virus Scanner (no estoy muy seguro, puesto que tengo mi OS en inglés ).

La primera vez que lo abras te pedirá que selecciones la forma en la que se harán las actualizaciones

Y luego lo podrás usar:

Up The Irons!!

Quando avete un sistema Windows che a causa di virus non si avvia oppure non è stabile, impedendo così l’esecuzione di scansioni antivirus, è possibile appoggiarsi a Linux per eseguire una approfondita scansione antivirus con clamav¹.

Ad esempio ho sottomano un XP HE SP1 che si riavvia da solo, e non per problemi hardware, rendendo impossibile accedere al sistema per più di qualche decina di secondi alla volta.

Alla fine ho deciso di avviare quel pc con una linux live (knoppix) e copiare tutto il disco C su un hard disk esterno, che ho poi collegato a un pc Linux (in effetti vi ho riversato il backup), eseguendo infine:

acp@mantra:~$ sudo clamscan -ri /home/acp/clienti/backup_clienti/backup_consam

…e i risultati sono stati…. “positivi”

/home/acp/clienti/backup_clienti/backup_consam/WINDOWS/system32/hjgruiqofybwwo.dll: Trojan.Buzus-5500 FOUND
/home/acp/clienti/backup_clienti/backup_consam/Documents and Settings/nunzio/Impostazioni locali/Apps/2.0/R4QPG9Q3.3EN/ADK8OYP5.GJH/netv..tion_6cb8f1ea2755b88d_0002.0000_62daaaf1b7720d4c/NETVISION.exe: Dialer-742 FOUND (ecc…)

¹ al link info per l’installazione e l’aggiornamento di clamav

If you are a .NET programmer, then you find Python a bit tough. Reason? Python does not include library for each and every operation possible in this world. You may have to work around to find the necessary packages, download them and continue with your development.

Python’s standard module list has a finite number of entries as opposed to .NET    ( I use .NET at my workplace). Here this is an attempt to collect all such libraries which are outside standard modules, which you might badly need for your development. Many of them are extensions or wrapper packages for already existing libraries.

1 ) scapy

This is a library for  TCP/IP stack wherein you can have full control over the lowest detail of the Packet that leaves your computer. It supports many protocols like ETH, IP, ARP, ICMP, TCP, UDP etc. You can create custom TCP/IP packet and send it to any host. Typical implementation is ARP Ping, ICMP Ping.

Experience: Tried. Works perfectly. Havn’t stumbled across any bugs as of now.

2) soaplib

Used for creating lightweight web services. As the page says, it comes with a client and server built in and on-demand WSDL generation.

Experience: Havn’t tried. Heard about it’s existence.

3) mysql

Uh? Do I really have to tell what this is actually. I hope everyone knows.

Documentation for python-mysql

Experience: Obviously! Obviously! I think I should remove this line.

4) aubio

Stating directly from it’s site – “aubio is a library for audio labelling. Its features include segmenting a sound file before each of its attacks, performing pitch detection, tapping the beat and producing midi streams from live audio. The name aubio comes from ‘audio’ with a typo”

Experience: None. Presently in To-Do List.

5) Beautiful Soup

BeautifulSoup is an SGML parser which is highly robust and doesn’t die straight-off even if you give it poorly formed data. To make it scream and die all you have to do is to give something that isn’t SGML at all. It even has a parser class named BeautifulSOAP which is used to parse SOAP message (as the name applies). It even has a class named ICantBelieveItsBeautifulSoup. Sounds stupid? Who cares as long as it does it work.

Experience: Tried when I saw Anomit using it. Need more experience as I have lost touch as of now. Never tried BeautifulSOAP.

6) python-clamav

It is pending in my To-Do list. Will start working as I get time.  Check a small tutorial

Experience: No! Read the line above.

7) python-crypto

Presently in #1 position of To-Do list. Sounds just too promising. Hope it is as I thought it to be.

Check the API and it’s general overview

Experience: No

8 ) django

Now if you don’t know django – Go shoot yourself or read about it here if you somehow survive.

[ As pointed by Anomit, it isnt a framework, but library is a general name I have used for the title ]

Experience: Obviously!

9) gd

I have used GD a lot in PHP, but hardly on Python. GD is simpler than ImageMagik (never used) as people told me. Hope to use this library if I ever require.

If you ever require the documentation, head yourself to this page.

Experience: Not used in Python, but in PHP

10) gmp

GMP stands for GMP Multi Precision and gmpy is a python wrapper over it. Though you might not need it in Python, but if you are coming from C background, this might be a familiar name.

Experience: Normal, not an expert

11) python-jabber

Python-Jabber is a python module which implements jabber instant messaging protocol. Check out the documentation and a funny example .

Experience: Little experience. Not much. After all it doesn’t look so tough, so will sit down for a hacking session,

12) python-irclib

I encountered this library when I was searching more on python-jabber library. This also falls in the category of real-time messaging. The problem I can see is that there is no documentation. How to proceed? Use dir() and inspect module extensively?

Experience: Kidding? Please show me the documentation. I don’t have more time for hacks as I did with scapy.

–

Till now ,I had kept this list for my own reference. Many more required libraries are missing. If you have any more in mind, please mention it. I would be glad to add it.

Wenn Sicherheitssoftware vollkommen legitime und harmlose Dateien beanstandet, ist das mehr als lästig. Zwar sind Fehlalarme (False Positives) auf Dauer nahezu unvermeidlich, doch unterscheiden sich die einzelnen Virenscanner teilweise stark in der Zahl der fälschlicherweise als Malware gelabelten Files. Richtig gefährlich wird es, wenn notwendige Systemdateien von Windows falsch beurteilt und in die Quarantäne geschoben oder gar gelöscht werden. Eventuell lässt sich das System dann nicht einmal mehr normal starten. Sehr viel häufiger sind allerdings einfach Programme von kleineren und unbekannteren Software-Herstellern betroffen. Wenn sich die nicht mehr ausführen lassen, ist das nicht nur für den Nutzer ärgerlich – auch der Ruf der wegen eines Fehlalarms beanstandeten Software leidet. So werden etwa Nirsoft und Programmierer von AutoHotKey-Skripten immer wieder mit aggressiven Mails von Nutzern überschwemmt, die durch Fehlalarme aufgeschreckt wurden.

Wie geht man also am besten damit um, wenn die Antiviren-Software einen Fund meldet? Auf jeden Fall sollte man die Datei(en) nicht einfach löschen, insbesondere wenn es sich um Windows-Systemdateien oder wichtige Software handelt. Statt dessen kann man sich erst einmal bei einem Online-Virenscanner eine zweite Meinung einholen. Wenn danach der Verdacht besteht, dass es sich um einen Fehlalarm handelt, kann man die Datei zur Analyse beim Antiviren-Hersteller des Vertrauens einschicken. Bei vielen Herstellern geht das direkt aus dem Programm bzw. dem Quarantäne-Bereich. Zusätzlich gibt es bei den meisten auch Online-Formulare für den Dateiupload aus dem Browser. Eher selten ist inzwischen der Weg per Email-Anhang. Nach einer eingehenden Prüfung wird dann der Einsender informiert, ob es sich um einen Fehlalarm handelt. Sollte das der Fall sein, wird die Malware-Datenbank des Herstellers ausgebessert, und nach dem nächsten Update ist der Fehlalarm verschwunden.

Hier eine kleine Übersicht, wie man Fehlalarme bei unterschiedlichen Herstellern melden kann:

• Avira Antivir: Upload-Formular
• Bitdefender: Email (Anleitung )
• ClamAV: Upload-Formular
• Comodo: aus dem Programm (Anleitung)
• Dr.Web: Upload-Formular
• Emsisoft A-Squared: Email
• ESET: Email (Anleitung)
• F-Secure: Upload-Formular
• Kaspersky: Upload-Formular
• Norman: Upload-Formular
• PCTools Threatfire: Upload-Formular
• Sophos: Upload-Formular
• SUPERAntiSpyware: aus dem Programm (Anleitung)
• Sunbelt – Vipre & CounterSpy: Upload-Formular
• Symantec – Norton: Upload-Formular

Die Liste wird ständig erweitert, Tipps für weitere Anbieter kann man in den Kommentaren hinterlassen.

While uploading files through web, we can check for viruses. Following link contains the process

http://www.howtoforge.com/scan_viruses_with_php_clamavlib

forum link:

http://ubuntuforums.org/archive/index.php/t-318091.html

Una de las ventajas de usar GNU/Linux es que no le afectan virus y se puede navegar por internet, compartir y descargar archivos sin ningún miedo. El problema es que aunque no nos afecten, los virus siguen estando ahí, pudiendo infectar otros ordenadores con windows. La solución es muy sencilla, instalamos ClamAV y nuestros queridos amigos que usen Windows también estarán a salvo.

ClamAV es multiplataforma y funciona por comandos aunque también podemos instalar la interfaz gráfica para nuestro escritorio: KlamAV para KDE y ClamTK para Gnome.

Para instalarlo en Fedora abrimos una terminal y escribimos:

En Gnome | su -c ‘yum install clamav clamtk’

En KDE | su -c ‘yum install clamav klamav’

+ Web de ClamAV