Antivirvexirainstallmeldungen
Aus Arktur
Version vom 23. Juni 2005, 10:48 Uhr von JFiebig (Diskussion | Beiträge)
Antivir - Installationsmeldungen
Arktur:/antivir-server-2.1.1 # ./install Starting AntiVir for UNIX Server 2.1.1 installation... 1) installing command line scanner creating install directory /usr/lib/AntiVir ... done checking for existing /etc/antivir.conf ... not found copying bin/antivir to /usr/lib/AntiVir ... done copying vdf/antivir.vdf to /usr/lib/AntiVir ... done copying conf/antivir.conf to /etc ... done copying sh/configantivir to /usr/lib/AntiVir ... done Would you like to create a link in /usr/bin ? [y] linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done installation of command line scanner complete 2) installing automatic internet updater An automatic internet updater is available with version 2.1.1 of AntiVir for UNIX. This is a daemon that will run in the background and automatically check for updates (internet access is required). You may also manually check for updates using: antivir --update You do not need to install the automatic internet updater in order to manually check for updates. Please read the README file for more information on updates and how they can best suit you. Would you like to install the automatic internet updater? [n] y copying sh/avupdater to /usr/lib/AntiVir ... done Would you like the automatic updater to start automatically? [y] n installation of automatic internet updater complete 3) installing AvGuard Version 2.1.1 of AntiVir for UNIX is capable of on-access, real-time scanning of files. This provides the ultimate protection against viruses and other unwanted software. The on-access scanner (called AvGuard) is based on Dazuko, a free software project providing access control. In order to use AvGuard you will need to compile Dazuko for your kernel. Please refer to src/HOWTO-Dazuko for information on how to do this. There are several ways in which you can install AvGuard. module - Dazuko will be loaded by the avguard script kernel - Dazuko is always loaded (and should not be loaded by the avguard script) no install - do not install AvGuard at this time Note: Dazuko currently only works with GNU/Linux and FreeBSD systems. If you are interested in helping us port Dazuko to OpenBSD, feel free to check out the Dazuko Project at: http://www.dazuko.org available options: m k n How should AvGuard be installed? [n] m Enter the full path to dazuko.o: /lib/modules/2.4.26/misc/dazuko.o testing /lib/modules/2.4.26/misc/dazuko.o ... ok detecting kernel version ... linux-2.4.26 copying /lib/modules/2.4.26/misc/dazuko.o to /usr/lib/AntiVir/linux-2.4.26 ... done Would you like to configure antivir? [y] y NumDaemons (1 of 14) ========== Files that are accessed by multiple processes at the same time can be scanned by AvGuard in parallel. This is accomplished by running multiple scanning daemons, which allows your machine to run AvGuard with the least amount of performance reduction. A typical workstation only requires 3 daemons for optimal performance. If you are running additional servers (such as file, http, ftp, etc) then it is recommended that more daemons are used. You can disable AvGuard by setting a value of 0 here. available options: 0-20 How many daemons would you like to run? [3] 5 AccessMask(1) (2 of 14) ============= Files may be scanned as they are opened. This is useful for preventing users from accessing concerning files. This includes opening, reading and copying concerning files. available options: y n Would you like to scan files as they are opened? [y] y AccessMask(2) (3 of 14) ============= Files may be scanned as they are closed. This is useful for preventing users from creating concerning files. This includes saving, downloading and copying concerning files. available options: y n Would you like to scan files as they are closed? [y] y AccessMask(4) (4 of 14) ============= Files may be scanned as they are executed. This is useful for preventing users from running concerning programs. available options: y n Would you like to scan files as they are executed? [n] n RepairConcerningFiles ===================== If a concerning file is found, AvGuard can try to remove the problem. If the problem cannot be removed, access to the file will still be blocked. However, if the problem can be removed, the user will be allowed normal access. available options: y n Would you like to try to repair concerning files? [n] n LogOnly/Rename/MoveConcerningFilesTo (6 of 14) ==================================== When an alert is found, there are several ways in which AvGuard can respond. log only - the name of the concerning file will only be logged using syslog rename - the concerning file will be renamed to have a .XXX extension move - the concerning file will be moved to a directory of your choice Regardless of which option you choose, the event involving the concerning file will be logged using syslog and access to the file will be blocked. available options: l r m How should concerning files be handled? [l] l IncludePath (7 of 14) =========== AvGuard gives you the option of specifying the paths from which files will be scanned. All sub-directories of specified paths will also be scanned as files are accessed. You must specify at least one path. Current include paths = NONE available options: y n Would you like to specify new include paths? [y] y Type in the paths one at time, pressing ENTER after each path. All paths must be absolute (beginning with '/'). When you are finished, simply enter a blank line. [IncludePath 1] /home [IncludePath 2] ExcludePath (8 of 14) =========== Unless under the specified included paths, files will not be scanned. You may also want that particular sub-directories within the included paths are also not scanned. For example, perhaps you want the entire /home directory scanned except for /home/bill. AvGuard allows you to specify sub-directories of the included paths that will not be scanned. These sub-directories are called exclude paths. In this example /home/bill would be an exclude path. Current exclude paths = NONE available options: y n Would you like to specify new exclude paths? [n] y [ExcludePath 1] /home/adm [ExcludePath 2] /home/www [ExcludePath 3] ArchiveScan (9 of 14) =========== There may be alerts hiding within compressed files (.zip, .gz, .tar, etc). You may configure AvGuard so that these compressed files are decompressed and searched for concerning files. This will help to ensure that your server is free from unwanted files. available options: y n Would you like to scan compressed files? [n] y ArchiveMaxSize (9-2 of 14) ============== In order to scan the contents of compressed files, the files must be decompressed. For very large compressed files it could take a long time to decompress everything. For this reason, you may wish you put a size limit for compressed files that will be scanned. The size limit is given in bytes. For example, 1 gigabyte = 1073741824 bytes. You may set this value to 0 to have no limit on the size of scanned compressed files. available options: 0-?? What is the maximum size compressed file (in bytes) to be scanned? [1073741824] ArchiveMaxRecursion (9-3 of 14) =================== It is possible that a compressed file has many compressed files as contents. For example, inside of filename.zip there may be a file1.zip file. Each compressed file within a compressed file is referred to as a recursion level. If AvGuard should decompress filename.zip it must scan recursion level 1. If it is supposed to also decompress file1.zip, it must scan recursion level 2. Since decompressing takes extra time, you may wish to set a limit on the recursion level that will be scanned. A value of 0 means that there will be no limit. available options: 0-?? What is the maximum recursion level in compressed files to be scanned? [5] ArchiveMaxRatio (9-4 of 14) =============== Compressed files are usually smaller than the original files. The amount that the files are reduced in size is called the compression ratio. If an archive has a compression ratio of 5, this means that the decompressed contents of the archive take up 5 times the amount of space as the archive. It is possible that a compressed file has many compressed files as Sometimes the compression ratio for files can be very large. These types of files can cause an enormous strain on system resources if they are decompressed. For this reason, you may will to set a limit on the compression ratio. A value of 0 means that there will be no limit. available options: 0-?? What is the maximum allowed ratio for compressed files to be scanned? [150] AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct. AntiVir Status: avguard-server (not loaded). AntiVir Status: avupdater (not running). Here are some commands that you should remember... AvGuard ======= configure: /usr/lib/AntiVir/configavguard start: /usr/lib/AntiVir/avguard start stop: /usr/lib/AntiVir/avguard stop check: /usr/lib/AntiVir/avguard status AutoUpdateEvery2Hours/AutoUpdateDaily (10 of 14) ===================================== AntiVir is equipped with an Automatic Internet Updater. At specified intervals, AntiVir will connect to an updater server to check for newer versions of the AntiVir engine or the data files. If a newer version is available, AntiVir will automatically download and install the updates without requiring any special attention. This allows AntiVir to be kept current against attacks and problems. AntiVir can be configured to check for updates every 2 hours (2) or once a day (d). You can also choose to have the Automatic Internet Updater never check (n). available options: 2 d n How often should AntiVir check for updates? [n] n EmailTo (11 of 14) ======= You may set AntiVir to send out an email message every time a concerning file is accessed. The message will also list the action that was taken to handle the file. available options: y n Would you like email notification of alerts? [n] y What email address will receive notifications? [] fiebig@arktur.test.fib LogTo (12 of 14) ===== In addition to logging concerning activity through syslog, you may als specify your own log file. This can make it simpler to review past concerning activity without having to sift through syslog files. available options: y n Would you like AntiVir to log to a custom file? [n] y What will be the log file name with absolute path (it must begin with '/') ? [] /var/log/antivir.log HTTPProxyServer/HTTPProxyPort (13 of 14) ============================= If this machine is sitting behind an HTTP proxy server, you will need to configure AntiVir with the appropriate proxy settings. Internet access is required in order to make updates. available options: y n Does this machine use an HTTP proxy server? [n] y What is the HTTP proxy server name? [] arktur Which port number does the HTTP proxy server use? [8080] HTTPProxyUsername/HTTPProxyPassword (13 of 14) =================================== Proxy servers may be configured to require a username and password. If the HTTP proxy server for this machine requires a username and password AntiVir needs to be appropriately configured. available options: y n Does the HTTP proxy server require a username/password? [n] n SyslogFacility/SyslogPriority (14 of 14) ============================= Regardless of the other configuration options, AntiVir will always log important information using syslog. Syslog uses two values to classify the information to log: facility and priority. Facility specifies the type of program making the log entry. Priority specifies the importance of the log entry. If you are unfamiliar with syslog then you may simply accept the default values. However, it is encouraged that you learn about syslog since it is used by many services to log important events. available FACILITIES: authpriv cron daemon kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 Which syslog FACILITY should AntiVir use? [user] available PRIORITIES: emerg alert crit err warning notice info debug Which syslog PRIORITY should AntiVir use? [notice] AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct. number of daemons: 5 scan on: open/close repair concerning files: no handling of concerning files: log only include paths: /home exclude paths: :/home/adm::/home/www scan archives: yes max archive size: 1073741824 bytes max archive recursion: 5 levels max archive ratio: 150:1 email notification: fiebig@arktur.test.fib specific logfile: /var/log/antivir.log update frequency: never http proxy server: arktur:8080 syslog output: user.notice available options: y n Save configuration settings? [y] y AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct. Configuration Complete ====================== number of daemons: 5 scan on: open/close repair concerning files: no handling of concerning files: log only include paths: /home exclude paths: :/home/adm::/home/www scan archives: yes max archive size: 1073741824 bytes max archive recursion: 5 levels max archive ratio: 150:1 email notification: fiebig@arktur.test.fib specific logfile: /var/log/antivir.log update frequency: never http proxy server: arktur:8080 syslog output: user.notice Press <ENTER> to continue. AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct. AntiVir Status: avguard-server (not loaded). AntiVir Status: avupdater (not running). Here are some commands that you should remember... AvGuard ======= configure: /usr/lib/AntiVir/configavguard start: /usr/lib/AntiVir/avguard start stop: /usr/lib/AntiVir/avguard stop check: /usr/lib/AntiVir/avguard status Automatic Internet Updater ========================== start: /usr/lib/AntiVir/avupdater start stop: /usr/lib/AntiVir/avupdater stop check: /usr/lib/AntiVir/avupdater status Press <ENTER> to continue. Installation of the following features complete: AntiVir command line scanner AntiVir Automatic Internet Updater AntiVir Guard If you have any license key files, please copy them to /usr/lib/AntiVir before running the software. Without a valid license key, it will run in DEMO mode. Be sure to read the README file for additional information. Thank you for your interest in AntiVir for UNIX. Arktur:/antivir-server-2.1.1 #
--JFiebig 11:48, 23. Jun 2005 (CEST)