Author |
Message |
RetroTechGuy

Joined: 15 Dec 2009 Posts: 2849 Location: USA
|
Posted: Thu 04 Mar 2010, 19:32 Post subject:
ClamAV - Anti Virus software Subject description: Loading the latest Debian files and libraries (on a fresh Puppy) |
|
So I just checked to make sure this collection works on a new Puppy pupsave (sorry guys, I haven't learned my way around building .pets yet).
I picked the install from "squeeze" (though it is probably the same as "Lenny")
http://packages.debian.org/squeeze/clamav
You need the following packages for Puppy 4.3.1 (I'm assuming that you have i386-family hardware):
Updated: See 2nd post for new packages (0.96)
<snipped 0.95 packages>
And from the Clam page (http://www.clamav.net/), get the virus definition files:
http://db.local.clamav.net/main.cvd
http://db.local.clamav.net/daily.cvd
Which you will place in /var/lib/clamav/
The command-line is:
Though you probably want something more like:
Code: | clamscan -r -i -l /tmp/clamav.log |
Which will do a recursive scan, report only viruses and write a log file to /tmp/
Enjoy!
Last edited by RetroTechGuy on Tue 04 May 2010, 12:21; edited 1 time in total
|
Back to top
|
|
 |
RetroTechGuy

Joined: 15 Dec 2009 Posts: 2849 Location: USA
|
Posted: Tue 04 May 2010, 10:46 Post subject:
Update ClamAV 0.96 in Puppy (using Debian) |
|
OK Folks, here's an update for ClamAV, which works in Puppy 4.3.1 (haven't tried earlier versions, but there is probably no reason it won't work).
Updated 06Dec2010:
I went to Debian "squeeze":
http://packages.debian.org/squeeze/clamav
And grabbed the following .deb files (updated on 06Aug2010 for Clam 0.96.4+dfsg-1):
http://http.us.debian.org/debian/pool/main/c/clamav/clamav_0.96.4+dfsg-1_i386.deb
http://http.us.debian.org/debian/pool/main/c/clamav/libclamav6_0.96.4+dfsg-1_i386.deb
Running clamscan, it complained about zlib, but appeared to run just fine.
06Dec2010 update: I did not upgrade these on my system, but newer versions can be found (I have not tested the newer versions -- but these worked on mine):
http://http.us.debian.org/debian/pool/main/libt/libtool/libltdl7_2.2.6b-2_i386.deb
http://http.us.debian.org/debian/pool/main/libt/libtommath/libtommath0_0.39-3_i386.deb
http://http.us.debian.org/debian/pool/main/e/eglibc/libc6_2.10.2-6_i386.deb
If you had previously installed 0.95, you only need the first 2 files. If you are installing from scratch, you need all 5 files (just click them sequentially to install all of them).
Then get the 2 virus definition files from the Clam site:
http://www.clamav.net/lang/en/
and place them in /var/lib/clamav/ (you must create the "clamav" folder)
Clamscan works from the command line, just as before.
Yorkiesnorkie is also working on building a .pet for this, but I'm not completely sure where he is with it:
See towards the bottom of the page:
http://murga-linux.com/puppy/viewtopic.php?t=54583
And his current progress:
http://www.murga-linux.com/puppy/viewtopic.php?p=414761
Last edited by RetroTechGuy on Mon 06 Dec 2010, 13:11; edited 2 times in total
|
Back to top
|
|
 |
aarf
Joined: 30 Aug 2007 Posts: 3613 Location: around the bend
|
Posted: Tue 04 May 2010, 10:52 Post subject:
|
|
there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.
_________________
ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_
<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
|
Back to top
|
|
 |
RetroTechGuy

Joined: 15 Dec 2009 Posts: 2849 Location: USA
|
Posted: Tue 04 May 2010, 11:04 Post subject:
|
|
aarf wrote: | there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run. |
To my knowledge, there are no config files requiring editing.
Before posting, I had just tested the process it on a brand new pupsave (created fresh, just for the purpose of testing).
The only "tricky" part is that you must create the directory /var/lib/clamav/ and you must place the 2 virus definition files in that folder.
If you get an error, read carefully (as it is probably the missing virus defs).
|
Back to top
|
|
 |
aarf
Joined: 30 Aug 2007 Posts: 3613 Location: around the bend
|
Posted: Tue 04 May 2010, 11:47 Post subject:
|
|
RetroTechGuy wrote: | aarf wrote: | there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run. |
To my knowledge, there are no config files requiring editing.
Before posting, I had just tested the process it on a brand new pupsave (created fresh, just for the purpose of testing).
The only "tricky" part is that you must create the directory /var/lib/clamav/ and you must place the 2 virus definition files in that folder.
If you get an error, read carefully (as it is probably the missing virus defs). |
my tries for an antivirus on that day included multiple install methods/sources of clamav and fprot, on lupu113, quirky21 and xandros, all failed. so i may be a little confused as to which and where, so i will try again. thanks.
_________________
ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_
<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
|
Back to top
|
|
 |
RetroTechGuy

Joined: 15 Dec 2009 Posts: 2849 Location: USA
|
Posted: Tue 04 May 2010, 12:00 Post subject:
|
|
aarf wrote: | RetroTechGuy wrote: | aarf wrote: | there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run. |
To my knowledge, there are no config files requiring editing.
Before posting, I had just tested the process it on a brand new pupsave (created fresh, just for the purpose of testing).
The only "tricky" part is that you must create the directory /var/lib/clamav/ and you must place the 2 virus definition files in that folder.
If you get an error, read carefully (as it is probably the missing virus defs). |
my tries for an antivirus on that day included multiple install methods/sources of clamav and fprot, on lupu113, quirky21 and xandros, all failed. so i may be a little confused as to which and where, so i will try again. thanks. |
Yeah, I started getting lost when installing these things too.
That's when I started created a new, blank pupsave and installing from scratch -- a mature system is likely to have all the libraries, a new system doesn't. So I install the base package, then run it from the command line, so I can see the missing dependencies. Then I add the missing libs, and repeat until it works (Puppy has some of the libs, but not necessarily all of them).
Once I get a package working, I make a sub-folder and store the package and all the required libs together, in case I need to install it again in the future. It makes doing a system rebuild really easy.
|
Back to top
|
|
 |
aarf
Joined: 30 Aug 2007 Posts: 3613 Location: around the bend
|
Posted: Tue 04 May 2010, 12:17 Post subject:
|
|
<wrong links from first post removed>
_________________
ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_
<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
|
Back to top
|
|
 |
aarf
Joined: 30 Aug 2007 Posts: 3613 Location: around the bend
|
Posted: Wed 05 May 2010, 11:57 Post subject:
|
|
ok installed into puppeee (431) by downloading and clicking on the .deb files
and making the directory for the downloaded definitions
simple. thanks. but i want to scan more than /root and cant see from how to do that. i want to scan all mounted partitions and everything everywhere on the laptop.
Code: | # clamscan -r -i -l /tmp/clamav.log
----------- SCAN SUMMARY -----------
Known viruses: 761105
Engine version: 0.96
Scanned directories: 752
Scanned files: 1274
Infected files: 0
Data scanned: 20.29 MB
Data read: 20.04 MB (ratio 1.01:1)
Time: 47.651 sec (0 m 47 s)
#
|
_________________
ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_
<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
|
Back to top
|
|
 |
RetroTechGuy

Joined: 15 Dec 2009 Posts: 2849 Location: USA
|
Posted: Wed 05 May 2010, 14:40 Post subject:
|
|
aarf wrote: | ok installed into puppeee (431) by downloading and clicking on the .deb files
and making the directory for the downloaded definitions
simple. thanks. but i want to scan more than /root and cant see from how to do that. i want to scan all mounted partitions and everything everywhere on the laptop.
Code: | # clamscan -r -i -l /tmp/clamav.log
----------- SCAN SUMMARY -----------
Known viruses: 761105
Engine version: 0.96
Scanned directories: 752
Scanned files: 1274
Infected files: 0
Data scanned: 20.29 MB
Data read: 20.04 MB (ratio 1.01:1)
Time: 47.651 sec (0 m 47 s)
#
|
|
When you open a terminal (rxvt), it drops you into /root/, so your search ran through /root/.
Instead:
then
Code: | clamscan -r -i -l /tmp/clamav.log |
Which will scan everything under /mnt/ (all mounted partitions), or everything, including /mnt/ (I don't know if /mnt/ will include /root/, due to the way the system is mounted -- but starting from "/" will).
Or, if you prefer, just specify the filename or location of your search
Code: | clamscan -irl /tmp/clamav.log /mnt/sdb1/virus.exe |
note: you generally do not need to put a space between command line options, so "-i -r -l" = "-irl"
note2: clamscan will append new searches to the existing .log file (and also note that /tmp/ is cleared on reboot, so only save there if you don't care about preserving the log file)
BTW, to see where you are "sitting", enter "pwd" (i.e. "print working directory"), so you know from whence you will recursively search into directories.
|
Back to top
|
|
 |
yorkiesnorkie

Joined: 04 Jun 2007 Posts: 505 Location: George's Island
|
Posted: Thu 06 May 2010, 08:13 Post subject:
|
|
aarf wrote: | there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run. |
It's not that bad really. clamd.conf and clamscan.conf are in /etc. Each has a line in red (if you open it in Geany) which looks like this
you have to comment it out
I also change the user from clamav to root. I'll post an example of my conf files a little later so you can see what I did. (I am not home) Those are the only changes I made. I found I had to do that with the old pet package I downloaded.
Usually, if you haven't commented out "example", Clamav will complain when you run a clamscan or freshclam from the command line.
Thanks for the link by the way RetroTechGuy to the new debs of 0.96. I'll have to see if those files are smaller than the 28 mb PET I made. That pet is now available at pupplinux.ca http://puppylinux.ca/tpp/ttuuxxx/other/clamav-0.96-i486.pet Consider it a test version! I compiled it in 4.3.0 and ttuuxxx said it did not work with 2.14x so I'll be taking a run at making one for that version of puppy.
y.
_________________ www.busygamemaster.com
|
Back to top
|
|
 |
RetroTechGuy

Joined: 15 Dec 2009 Posts: 2849 Location: USA
|
Posted: Thu 06 May 2010, 08:20 Post subject:
|
|
yorkiesnorkie wrote: | aarf wrote: | there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run. |
It's not that bad really. clamd.conf and clamscan.conf are in /etc. Each has a line in red (if you open it in Geany) which looks like this
you have to comment it out
I also change the user from clamav to root. I'll post an example of my conf files a little later so you can see what I did. (I am not home) Those are the only changes I made. I found I had to do that with the old pet package I downloaded.
Usually, if you haven't commented out "example", Clamav will complain when you run a clamscan or freshclam from the command line.
|
I created a brand new pupsave, and installed the .deb files, and received no warnings from clamscan (however, freshclam is not installed).
I suspect that this is a freshclam config file... (I did try installing the .deb version of freshclam, and had some sort of error -- haven't dug into it further).
|
Back to top
|
|
 |
yorkiesnorkie

Joined: 04 Jun 2007 Posts: 505 Location: George's Island
|
Posted: Sat 08 May 2010, 16:48 Post subject:
my conf files |
|
Here are my conf files:
y.
Description |
my conf files
|

Download |
Filename |
clamav_conf_files.tar.gz |
Filesize |
7.23 KB |
Downloaded |
930 Time(s) |
_________________ www.busygamemaster.com
|
Back to top
|
|
 |
yorkiesnorkie

Joined: 04 Jun 2007 Posts: 505 Location: George's Island
|
Posted: Mon 10 May 2010, 08:05 Post subject:
Response times |
|
RetroTechGuy wrote: |
I created a brand new pupsave, and installed the .deb files, and received no warnings from clamscan (however, freshclam is not installed).
I suspect that this is a freshclam config file... (I did try installing the .deb version of freshclam, and had some sort of error -- haven't dug into it further). |
The error I got when I first ran freshclam was somewhat cryptic. First I got some error about the database owner. That led me to the, there's no user clamav in puppy. I've even added a user "clamav", which works for the compile, but doesn't in fact actually work when you run freshclam. Hence, I had to change to root. If you check the freshclam.conf file you'll see where I changed it.
The clamav pet works, but I found the clamscan very slow. You do get there but it takes quite a while. What you've done is very interesting because you are only working with clamscan, rather than the whole meal deal which is in my pet. It makes me wonder what I could trim out and still get it to work. Basically all I'd want is clamscan and freshclam.
How fast is your deb running? Do you get a fairly immediate response?
y.
_________________ www.busygamemaster.com
|
Back to top
|
|
 |
yorkiesnorkie

Joined: 04 Jun 2007 Posts: 505 Location: George's Island
|
Posted: Mon 10 May 2010, 09:07 Post subject:
|
|
I found this:
Quote: | Clamscan is fine for scanning file systems where long lists of files are scanned with very few processes because of the db loading penalty at each startup, but clamd, which provides the same thing, loads the database files once and can be re-used thousands of times an hour via sockets, streams, and file pointers either directly (direct calls to the socket from your code) or from clamdscan which can be called from scripts. |
http://linux.die.net/man/1/clamdscan
What this suggests is that when clamscan runs it's database is being loaded multiple times. ??? If that is the case basically what they are saying is you can use clamdscan instead of clamscan. From my reading clamdscan is supposed to increase the speed of the scanning of a file or directory, etc. I have yet to try it. However the command from the man page above suggests it is used in exactly the same way as clamscan.
Code: | clamdscan --bell -r --log=/virus.log -i /root/my-documents/Downloaded |
The above command should scan directory root/my-documents/Downloaded recursively (-r) and log (--log) the result in the virus.log file, will beep (--bell) each time a virus has been detected and only print (-i) infected files to the output.
I'll run this and let you know if anything improves.
y.
_________________ www.busygamemaster.com
|
Back to top
|
|
 |
yorkiesnorkie

Joined: 04 Jun 2007 Posts: 505 Location: George's Island
|
Posted: Wed 12 May 2010, 07:40 Post subject:
|
|
Hah, I forgot that I took clamdscan out of the pet I made... I'm going to have another go-around at compiling this anyway for 214xrc5.
y.
_________________ www.busygamemaster.com
|
Back to top
|
|
 |
|