Linux AVG ANTIVIRUS FREE使用介绍
杀毒软件AVG,没有用过估计也有所耳闻。AVG ANTIVIRUS FREE - FOR LINUX 是AVG在Linux下的一款免费杀毒软件。它的官方下载地址供了rpm、deb、源码安装包等多种安装方式。下面我下载了RPM安装包安装
AVG ANTIVIRUS FREE - FOR LINUX安装步骤
[root@localhost tmp]# rpm -ivh avg2013flx-r3118-a6926.i386.rpm
Preparing... ########################################### [100%]
1:avg2013flx ########################################### [100%]
Installing 'avgd' service initscripts...
Registering 'avgd' service to runlevels...
Please do configuration with /opt/avg/av/bin/avgsetup
Generating unique user id
/usr/bin/avgdiag: /opt/avg/av/bin/avgdiag: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
/usr/bin/avgdiag: line 17: /opt/avg/av/bin/avgdiag: Success
Starting AVG AV
Starting avgd[FAILED]
warning: %post(avg2013flx-r3118-a6926.i386) scriptlet failed, exit status 150
安装过程遇到上面错误,提示安装avg2013flx-r3118-a6926.i386.rpm需要依赖包glibc-2.12-1.80.el6_3.7.i686
[root@localhost ~]# yum whatprovides ld-linux.so.2
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
glibc-2.12-1.149.el6.i686 : The GNU libc libraries
Repo : media
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6_4.2.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6_4.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.107.el6_4.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.1.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.2.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.132.el6_5.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.7.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.149.el6_6.9.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.166.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.166.el6_7.1.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.25.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.25.el6_1.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6_2.12.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6_2.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.47.el6_2.9.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6_0.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6_0.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.7.el6_0.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.3.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.4.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.5.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.6.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
glibc-2.12-1.80.el6_3.7.i686 : The GNU libc libraries
Repo : rhel-x86_64-server-6
Matched from:
Other : ld-linux.so.2
通过上面命令可以查找到所依赖的安装包,直接安装glibc-2.12-1.80.el6_3.7.i686
yum install glibc-2.12-1.80.el6_3.7.i686
如果在某些特殊情况下,安装过程中有依赖关系,可以通过下面命令 yum install glibc.i686解决。
[root@localhost ~]# yum install glibc.i686
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package glibc.i686 0:2.12-1.166.el6_7.1 will be installed
--> Processing Dependency: glibc-common = 2.12-1.166.el6_7.1 for package: glibc-2.12-1.166.el6_7.1.i686
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.166.el6_7.1.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.166.el6_7.1.i686
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.7 will be updated
--> Processing Dependency: glibc-common = 2.12-1.149.el6_6.7 for package: glibc-2.12-1.149.el6_6.7.x86_64
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.1 will be an update
---> Package nss-softokn-freebl.i686 0:3.14.3-22.el6_6 will be installed
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.149.el6_6.7 will be updated
--> Processing Dependency: glibc = 2.12-1.149.el6_6.7 for package: glibc-devel-2.12-1.149.el6_6.7.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.7 for package: glibc-headers-2.12-1.149.el6_6.7.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.1 will be an update
--> Running transaction check
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.7 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.1 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.7 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================
Installing:
glibc i686 2.12-1.166.el6_7.1 rhel-x86_64-server-6 4.3 M
Installing for dependencies:
nss-softokn-freebl i686 3.14.3-22.el6_6 rhel-x86_64-server-6 157 k
Updating for dependencies:
glibc x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 3.8 M
glibc-common x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 14 M
glibc-devel x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 985 k
glibc-headers x86_64 2.12-1.166.el6_7.1 rhel-x86_64-server-6 614 k
Transaction Summary
========================================================================================================================
Install 2 Package(s)
Upgrade 4 Package(s)
Total download size: 24 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): glibc-2.12-1.166.el6_7.1.i686.rpm | 4.3 MB 00:06
(2/6): glibc-2.12-1.166.el6_7.1.x86_64.rpm | 3.8 MB 00:03
(3/6): glibc-common-2.12-1.166.el6_7.1.x86_64.rpm | 14 MB 00:13
(4/6): glibc-devel-2.12-1.166.el6_7.1.x86_64.rpm | 985 kB 00:00
(5/6): glibc-headers-2.12-1.166.el6_7.1.x86_64.rpm | 614 kB 00:00
(6/6): nss-softokn-freebl-3.14.3-22.el6_6.i686.rpm | 157 kB 00:00
-----------------------------------------------------------------------------------------------------------------------
Total 680 kB/s | 24 MB 00:36
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of libmysqlclient.so.16()(64bit)
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of libmysqlclient.so.16(libmysqlclient_16)(64bit)
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of mysql-libs
Updating : glibc-2.12-1.166.el6_7.1.x86_64 1/10
Updating : glibc-common-2.12-1.166.el6_7.1.x86_64 2/10
Updating : glibc-headers-2.12-1.166.el6_7.1.x86_64 3/10
Installing : nss-softokn-freebl-3.14.3-22.el6_6.i686 4/10
Installing : glibc-2.12-1.166.el6_7.1.i686 5/10
Updating : glibc-devel-2.12-1.166.el6_7.1.x86_64 6/10
Cleanup : glibc-devel-2.12-1.149.el6_6.7.x86_64 7/10
Cleanup : glibc-headers-2.12-1.149.el6_6.7.x86_64 8/10
Cleanup : glibc-2.12-1.149.el6_6.7.x86_64 9/10
Cleanup : glibc-common-2.12-1.149.el6_6.7.x86_64 10/10
media/productid | 1.6 kB 00:00 ...
Verifying : glibc-common-2.12-1.166.el6_7.1.x86_64 1/10
Verifying : glibc-devel-2.12-1.166.el6_7.1.x86_64 2/10
Verifying : nss-softokn-freebl-3.14.3-22.el6_6.i686 3/10
Verifying : glibc-headers-2.12-1.166.el6_7.1.x86_64 4/10
Verifying : glibc-2.12-1.166.el6_7.1.i686 5/10
Verifying : glibc-2.12-1.166.el6_7.1.x86_64 6/10
Verifying : glibc-devel-2.12-1.149.el6_6.7.x86_64 7/10
Verifying : glibc-headers-2.12-1.149.el6_6.7.x86_64 8/10
Verifying : glibc-2.12-1.149.el6_6.7.x86_64 9/10
Verifying : glibc-common-2.12-1.149.el6_6.7.x86_64 10/10
Installed:
glibc.i686 0:2.12-1.166.el6_7.1
Dependency Installed:
nss-softokn-freebl.i686 0:3.14.3-22.el6_6
Dependency Updated:
glibc.x86_64 0:2.12-1.166.el6_7.1 glibc-common.x86_64 0:2.12-1.166.el6_7.1 glibc-devel.x86_64 0:2.12-1.166.el6_7.1 glibc-headers.x86_64 0:2.12-1.166.el6_7.1
Complete!
先卸载avg2013flx-r3118-a6926.i386包,然后安装
[root@localhost ~]# rpm -e avg2013flx-r3118-a6926.i386
Unregistering 'avgd' service ...
Uninstalling 'avgd' service initscripts...
[root@localhost ~]#
[root@localhost tmp]# rpm -ivh avg2013flx-r3118-a6926.i386.rpm
Preparing... ########################################### [100%]
1:avg2013flx ########################################### [100%]
Installing 'avgd' service initscripts...
Registering 'avgd' service to runlevels...
Please do configuration with /opt/avg/av/bin/avgsetup
Generating unique user id
Processing command line ...
Cfg file not specified using /opt/avg/av/cfg/diagcfg.xml.
New installation ID succesffully generated.
Starting AVG AV
Starting avgd[ OK ]
AVG ANTIVIRUS FREE - FOR LINUX帮助信息
帮助文档位于/opt/avg/av/doc/README, 囊括了安装、使用各方面帮助信息。非常有用。建议使用前先查看相关帮助信息
[root@localhost ~]# cat /opt/avg/av/doc/README
================================
AVG Anti-Virus for Linux/FreeBSD
Version 2013
================================
System requirements
-------------------
AVG Anti-Virus for Linux/FreeBSD requires system with following or
newer library:
- libc.so.6 (Linux)
- libc.so.7 (FreeBSD RELEASE-7.3)
For RELEASE-8 and CURRENT the compat7x port located in /usr/ports/misc is
needed.
- libiconv.so.3 (FreeBSD)
- for amd64 architecture the lib32 compat libraries are needed
For on-access scanning feature either redirfs, dazuko or dazukofs is needed.
Please follow the avgoad(1) man page for more detail description.
Minimum hardware requirements:
- CPU: i686 or amd64 on 800 MHz
- Mem: 512 MB, 1GB is recommended
- HDD: 500 MB of free space
Installation
------------
Download latest rpm, deb, sh or tar.gz package from http://www.avg.cz/linux and
follow these steps:
* Installation from RPM (Linux only)
# rpm -i avg2013flx-r{release}-a{vdb version}.{architecture}.rpm
* Installation from .deb (Linux only)
# dpkg -i avg2013flx-r{release}-a{vdb version}.{architecture}.deb
* Installation from sh
# chmod +x avg2013flx-r{release}-a{vdb version}.{architecture}.sh
# ./avg2013flx-r{release}-a{vdb version}.{architecture}.sh
* Installation from .tar.gz
# tar xzvf avg2013{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2013{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh
where:
- edition substitutes 'flx' for the Linux version and 'ffb' for the FreeBSD version
- release substitutes the build number
- vdb version substitutes virus database version
- architecture substitutes the target cpu architecture
It is recommended to run 'avgsetup' helper tool after the installation.
Running AVG
-----------
For any action to be performed within AVG system, such as updating, scanning,
e-mail server functionality or on-access server functionality, so called AVG
daemons have to be running.
AVG daemons are launched automatically on system boot by init script. Later,
they can be controlled either by init script or by special avgctl command line
tool.
1) Usage of init script on Linux / FreeBSD.
* Linux
# /etc/init.d/avgd {start|stop|status|restart|condrestart}
* FreeBSD
# /usr/local/etc/rc.d/avgd.sh {start|stop|status|restart|condrestart}
2) Usage of avgctl command line tool
# avgctl --start[=component] Starts AVG or specified component.
# avgctl --stop[=component] Stops AVG or specified component.
# avgctl --stat[=component] Shows statistics of AVG or specified component.
# avgctl --restart[=component] Restarts AVG or specified component.
# avgctl --reset=component Resets statistics of specified component.
For more detailed information please refer to the respective man page or avgctl help.
Description
-----------
Avg functions are secured by several daemons that are managed via command-line.
DAEMONS:
avgd -- general AVG daemon; starts first, manages other AVG daemons
avgavid -- AVI daemon; loads AVI into shared memory
avgsched -- scheduler for planning periodic events (update etc.)
avgtcpd -- e-mail scanning daemon; supports SMTP, AVG, and Milter protocol
avgspamd -- anti-spam daemon
avgscand -- anti-virus daemon
avgupd -- update daemon
avgoad -- on-access daemon
COMMAND-LINES:
avgctl -- basic control of AVG product, such as launching, stopping,
restarting, and getting statistics from running daemons
avgcfgctl -- can get and set configurations values
avgscan -- launch on-demand scan of requested path
avgupdate -- run virus database update or program update via avgupd with
specified parameters
avgvvctl -- AVG virus vault control utility
avgdiag -- tool for sending problem reports to crash analysis portal
avgevtlog -- tool for reading/managing AVG event log
avgsetup -- helper tool for basic integration with mail/file server
For more detailed information please refer to the respective man page.
AVG process tree (might look different in your configuration):
/opt/avg/av/bin//avgd
\--- /opt/avg/av/bin/avgavid
\--- /opt/avg/av/bin/avgtcpd
| \--- /opt/avg/av/bin/avgscand -c 3
\--- /opt/avg/av/bin/avgspamd
\--- /opt/avg/av/bin/avgoad
| \--- /opt/avg/av/bin/avgscand -c 4
\--- /opt/avg/av/bin/avgsched
If update is running:
\--- /opt/avg/av/bin/avgupd
/bin/login --
\--- -bash
\--- /opt/avg/av/bin/avgupdate
If on-demand scan is running:
/bin/login --
\--- -bash
\--- /opt/avg/av/bin/avgscan /
\--- /opt/avg/av/bin/avgscand -c 10
Diagnostic and system report
----------------------------
In case of troubles with any AVG Technologies product, gathering of specific
data is being performed by the avgdiag utility.
When sending data manually, it is very important to attach a detailed
description of this particular problem and to specify it with "-d, --dsc=<file>"
switches. It is also good to make sure that AVG customer support assigns a
specific ID to your report, which eventually facilitates its identification
(this is being defined by "-i, --id=<id>" switches).
Automatic reporting of AVG processes crashes is turned off by default; if you
want to enable this function, please add AVG_DIAG option to your
/opt/avg/av/cfg/dump.ini file. For example:
"actions = GDB_DUMP CRASH INFO AVG_DIAG"
This configuration ensures that should any AVG process crash, an adequate report
will be immediately sent to AVG Technologies.
For more detailed information please refer to the man page of avgdump, avgdiag
help or /opt/avg/av/doc/README.avgdiag document.
3rd party licenses
------------------
This product may use any of the 3rd party software which appropriate
copyright/license is enclosed in the "licenses" subdirectory.
A copy of Milter source code used in AVG is available upon request.
Copyrights
----------
libtar, Copyright (c) 1998-2003 University of Illinois Board of
Trustees, Copyright (c) 1998-2003 Mark D. Roth, All rights reserved.
MD4 and MD5 Message-Digest Algorithm, Copyright (C) 1991-2, RSA Data
Security, Inc. Created 1991. All rights reserved.
AVG ANTIVIRUS FREE - FOR LINUX服务启动
查看、启动、停止AVG Antiviruse服务可以通过下面命令操作
/etc/init.d/avgd {start|stop|status|restart|condrestart}
[root@localhost ~]# service avgd status
Checking for service avgd: (pid 15822) is running
AVG ANTIVIRUS FREE - FOR LINUX常用命名
具体命令使用帮助,可以查看帮助文档。在此略过。
COMMAND-LINES:
avgctl -- basic control of AVG product, such as launching, stopping,
restarting, and getting statistics from running daemons
avgcfgctl -- can get and set configurations values
avgscan -- launch on-demand scan of requested path
avgupdate -- run virus database update or program update via avgupd with
specified parameters
avgvvctl -- AVG virus vault control utility
avgdiag -- tool for sending problem reports to crash analysis portal
avgevtlog -- tool for reading/managing AVG event log
avgsetup -- helper tool for basic integration with mail/file server
AVG ANTIVIRUS FREE - FOR LINUX更新命令
avgupdate 可以更新反病毒数据库和应用程序。
avgupdate -h 查看更新帮助信息
[root@localhost ~]#avgupdate
在测试环境有一次碰到下面错误,重启相关服务后,问题解决。
[root@localhost ~]# avgupdate
AVG command line update
Copyright (c) 2013 AVG Technologies CZ
Running update.
Operation failed. The exit code could not be got because the thread or process is still alive.
[root@localhost ~]#
AVG ANTIVIRUS FREE - FOR LINUX扫描杀毒
查看相关帮助信息
[root@localhost ~]# avgscan -h
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
Anti-Virus scanner usage:
avgscan [options] [path-list]
Options:
-h, --help Display this help.
-v, --version Display version.
-d, --debug Verbose mode. Multiple -d options increase the
verbosity. The maximum is 3.
-T, --tui Use a terminal user interface.
-x, --exclude=<path> Exclude path from scan. Multiple --exclude can
be specified.
-e, --ext=<extension> Scan files with specified extension. Multiple
--ext can be specified. Can't be used with
--noext option.
-n, --noext=<extension> Exclude files with specified extension.
Multiple --noext options can be specified.
Can't be used with --ext option.
-l, --heal Automatically heal infected object.
-t, --delete Automatically delete infected object.
-u, --vv-move Automatically move infected object into vault.
-U, --vv-backup Backup infected object if healed by deletion.
--ignerrors Do not report object scan errors.
-H, --heur Use heuristics for scanning. By default on.
--no-heur Disable heuristics for scanning.
-p, --pup Scan for Potentially Unwanted Programs.
By default on.
--no-pup Disable scanning for PUPs.
-P, --pup2 Scan for enhanced set of Potentially Unwanted
Programs.
-c, --coo Scan cookies.
-i, --hidext Recognize hidden extensions.
-m, --macrow Report documents with macros.
-o, --repok Report also clean files.
-w, --pwdw Report password protected files.
-b, --arcbombsw Report archive bombs. By default on.
--no-arcbombsw Do not report archive bombs.
-M, --media Do not scan through media files.
-j, --paranoid Enable paranoid mode. Scan for less dangerous
malware and more time consuming algoritms.
-r, --report=<filename> Save scan report to specified file.
-a, --arc Scan through archives.
-L, --arc-reclevel=N Maximum recursion level while scanning archives.
Default value is 40.
-S, --arc-maxfilesize=N Maximum file size extracted from archives.
Default value is 268435456 B.
-N, --arc-maxfilenum=N Maximum number of files scanned in archives.
Default value is 50000.
-B, --boot-sector Scan boot sector.
-s, --specfs Scan special filesystems.
-R, --reclevel=N Descend at most N (a non-negative integer)
levels of directories. Default value is 16384.
-W, --winsysdir Specifies a comma separated list of windows
system directories. Any infected files found
in this directory are marked as whitelisted
in order to protect these files from being
removed/moved to vault.
-F, --filelist=<filename> Scan file paths specified in given file, all
other paths on command line will be ignored.
-k, --registryscan Scan Windows registry.
[root@localhost ~]# avgscan /
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
Virus database version: 4311/10513
Virus database release date: Wed, 26 Aug 2015 07:03:00 -1600
/lib/modules/2.6.32-504.16.2.el6.x86_64/build Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.16.2.el6.x86_64/source Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.el6.x86_64/build Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.el6.x86_64/source Object scan failed; Specified file was not found.
Files scanned : 13975(13975)
Infections found : 0(0)
PUPs found : 0
Files healed : 0
Warnings reported : 0
Errors reported : 4
AVG ANTIVIRUS FREE - FOR LINUX查看记录
avgevtlog 命令查看查杀、更新记录
AVG ANTIVIRUS FREE - FOR LINUX查看设置参数
avgcfgctl — can get and set configurations values 设置、获取配置参数值
[root@localhost ~]# avgcfgctl
AVG command line avgcfgctl
Copyright (c) 2013 AVG Technologies CZ
Default.aspam.spamassassin.address=127.0.0.1
Default.aspam.spamassassin.enabled=true
Default.aspam.spamassassin.port=783
Default.aspam.spamfilter=
Default.oad.avflt.paths.exclude=
Default.oad.avflt.paths.include=
Default.oad.avflt.timeout=0
Default.oad.darwin.cache.hashtable_size=4096
Default.oad.darwin.cache.max_items_number=65536
Default.oad.darwin.paths.exclude=|/dev|/proc|/sys|
Default.oad.darwin.paths.include=
Default.oad.dazuko.cache.hashtable_size=4096
Default.oad.dazuko.cache.max_items_number=65536
Default.oad.dazuko.events.close=false
Default.oad.dazuko.events.close_modified=true
Default.oad.dazuko.events.exec=true
Default.oad.dazuko.events.open=true
Default.oad.dazuko.paths.exclude=|/dev|/proc|/sys|
Default.oad.dazuko.paths.include=
Default.oad.deny_on_error=false
Default.oad.fanotify.cache.hashtable_size=4096
Default.oad.fanotify.cache.max_items_number=65536
Default.oad.fanotify.paths.exclude=
Default.oad.fanotify.paths.include=
Default.oad.timeout=0
Default.oad.use=fanotify
Default.scan.Options.PupExceptions=
Default.setup.daemonize=true
Default.setup.features.antispam=false
Default.setup.features.oad=true
Default.setup.features.scheduler=true
Default.setup.features.tcpd=true
Default.tcpd.avg.address=127.0.0.1
Default.tcpd.avg.enabled=true
Default.tcpd.avg.limiter_start=220
Default.tcpd.avg.limiter_stop=250
Default.tcpd.avg.ports=|54322|
Default.tcpd.avg.queue_max=20
Default.tcpd.avg.read_timeout=0
Default.tcpd.avg.request_timeout=0
Default.tcpd.avg.samba_plugin_socket=
Default.tcpd.avg.samba_plugin_support_enabled=false
Default.tcpd.avg.socket=
Default.tcpd.avg.use_socket=false
Default.tcpd.milter.enabled=false
Default.tcpd.milter.socket=
Default.tcpd.milter.verbosity=0
Default.tcpd.parsing.mime_certification_enabled=false
Default.tcpd.rules.spam.action=0
Default.tcpd.rules.spam.bounce_addr=
Default.tcpd.rules.virus.action=0
Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.scan.header.enabled=true
Default.tcpd.scan.max_restarts=3
Default.tcpd.scan.subj_prefix=[VIRUS]
Default.tcpd.scan.time_window=90
Default.tcpd.smtp.address=127.0.0.1
Default.tcpd.smtp.client_address=127.0.0.1
Default.tcpd.smtp.client_port=10025
Default.tcpd.smtp.drop_after_crash=false
Default.tcpd.smtp.enabled=true
Default.tcpd.smtp.envelope_memory_limit=0
Default.tcpd.smtp.limiter_start=220
Default.tcpd.smtp.limiter_stop=250
Default.tcpd.smtp.ports=|54321|
Default.tcpd.smtp.queue_max=20
Default.tcpd.smtp.read_buffer=102400
Default.tcpd.smtp.read_timeout=0
Default.tcpd.smtp.request_timeout=0
Default.tcpd.spam.enabled=true
Default.tcpd.spam.header.enabled=true
Default.tcpd.spam.subj_prefix=[SPAM]
Default.tcpd.threads.max=20
Default.tcpd.threshold.spam=1000
Default.tcpd.threshold.virus=1000
Default.update.Inet.UpdateServerName=|free update server|backup free update server|
Default.update.Inet.UpdateServerURL=|+http://guru.avg.com/softw/13free/update/|+http://bguru.avg.cz/softw/13free/update/|
Default.update.Inet.disconnect_speed_limit=500
Default.update.Inet.disconnect_time_limit=300
Default.update.Options.Proxy.AuthenticationType=0
Default.update.Options.Proxy.Login=
Default.update.Options.Proxy.Mode=0
Default.update.Options.Proxy.Password=
Default.update.Options.Proxy.Port=3128
Default.update.Options.Proxy.Server=
Default.update.Options.Proxy.UseLogin=false
Default.vv.system_location=vault
Default.vv.user_location=.avg/vault
Oad.scan.AutomaticActions.BackupInVault=false
Oad.scan.AutomaticActions.Enabled=false
Oad.scan.AutomaticActions.PreferedAction=1
Oad.scan.Options.ParanoidMode=false
Oad.scand.maxscanproc=0
Tcpd.scan.DirOptions.Extensions=
Tcpd.scan.DirOptions.MaxRecursionDepth=16384
Tcpd.scan.DirOptions.ScanAllFiles=true
Tcpd.scan.DirOptions.ScanFilesWithoutExtensions=true
Tcpd.scan.Options.ArchiveLevel=256
Tcpd.scan.Options.DetectCookies=false
Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true
Tcpd.scan.Options.MaxFileSize=268435456
Tcpd.scan.Options.MaxNumberOfFiles=50000
Tcpd.scan.Options.MaxRecursionDepth=40
Tcpd.scan.Options.ParanoidMode=false
Tcpd.scan.Options.ReportArchiveBombs=true
Tcpd.scan.Options.ReportHiddenExtensions=false
Tcpd.scan.Options.ReportMacros=false
Tcpd.scan.Options.ReportPwdProtectedArchs=false
Tcpd.scan.Options.ReportPwdProtectedDocs=false
Tcpd.scan.Options.ScanMediaFiles=true
Tcpd.scan.Options.UseHeuristics=true
Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=
Tcpd.scand.maxscanproc=0
UpdateProgram.sched.Repeat.BaseTime=INVALIDTIME
UpdateProgram.sched.Repeat.Interval=12
UpdateProgram.sched.Repeat.Type=1
UpdateProgram.sched.Task.Disabled=true
UpdateProgram.sched.Task.MissedStartAction=1
UpdateProgram.sched.Task.StartType=2
UpdateProgram.sched.Times.DayOfMonth=1
UpdateProgram.sched.Times.DayOfWeek=0
UpdateProgram.sched.Times.GracePeriod=300
UpdateProgram.sched.Times.SelectedDays=127
UpdateProgram.sched.Times.StartTime=2007-06-22/08-00-00
UpdateProgram.sched.Update.Path=
UpdateProgram.sched.Update.Source=inet
UpdateVir.sched.Repeat.BaseTime=INVALIDTIME
UpdateVir.sched.Repeat.Interval=4
UpdateVir.sched.Repeat.Type=1
UpdateVir.sched.Task.Disabled=false
UpdateVir.sched.Task.MissedStartAction=1
UpdateVir.sched.Task.StartType=2
UpdateVir.sched.Times.DayOfMonth=1
UpdateVir.sched.Times.DayOfWeek=0
UpdateVir.sched.Times.GracePeriod=180
UpdateVir.sched.Times.SelectedDays=127
UpdateVir.sched.Times.StartTime=2007-06-22/17-00-00
UpdateVir.sched.Update.Path=
UpdateVir.sched.Update.Source=inet
AVG ANTIVIRUS FREE - FOR LINUX 的扫描速率非常之快,消耗的资源也比较少。至于查杀能力如何呢,暂时还没有看到权威的评测的资料。暂时不能做过多评论。
在上篇文章“记一次Linux服务器上查杀木马经历”里面,我介绍了使用ClamAV清理了木马程序,当时以为清理干净了,但是过了一天后,使用NetHogs又发现可疑进程。使用ClamAV查杀清理又发现感染了Linux.BackDoor.Gates,查杀完成后,重启系统后到目前为止没有发现任何异常情况。后来我在这台Linux服务器安装了AVG Anti-Virus,扫描倒是非常快,比ClamAV的速度要快出几个等级,但是查杀能力无法验证。倒是扫出了很多Linux.BackDoor.Gates创建的一些链接。ClamAV倒是没有扫出这些。
[root@LNX17 ~]# ls -lrt /etc/rc.d/rc5.d/S97DbSecurityMdt
lrwxrwxrwx. 1 root root 25 Jul 17 08:28 /etc/rc.d/rc5.d/S97DbSecurityMdt -> /etc/init.d/DbSecurityMdt
[root@LNX17 ~]# ls -lrt /etc/init.d/DbSecurityMdt
ls: cannot access /etc/init.d/DbSecurityMdt: No such file or directory
[root@LNX17 ~]#
清理这些链接后,已经过了几天,再也没有发现异常情况,从网络发包、收包情况看,已经没有任何异常情况。
rm -f /etc/rc.d/rc5.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc5.d/S99selinux
rm -f /etc/rc.d/rc4.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc4.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc4.d/S99selinux
rm -f /etc/rc.d/rc1.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc1.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc1.d/S99selinux
rm -f /etc/rc.d/rc3.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc3.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc3.d/S99selinux
rm -f /etc/rc.d/rc2.d/S97DbSecuritySpt
rm -f /etc/rc.d/rc2.d/S97DbSecurityMdt
rm -f /etc/rc.d/rc2.d/S99selinux
关于这台服务器是如何挂马的呢? 我也在思考,奈何能力有限,无法确认一些猜测(个人猜测是利用Tomcat漏洞挂马)。关于Linux安全管理方面,个人觉得杀毒软件只是根治病毒木马的一种手段。我们需要从很多方面(安全补丁更新、正确配置、防火墙配置……)去预防、监控才能真正的确保系统的安全。
参考资料:
http://free.avg.com/us-en/download-free-all-product#tba2
http://www.avg.com/us-en/faq.num-4884
https://www.rootlinks.net/2015/05/20/avg-anti-virus-for-linux-free-edition/
http://bbs.kafan.cn/thread-1124520-1-1.html
Linux AVG ANTIVIRUS FREE使用介绍的更多相关文章
- linux中ldconfig的使用介绍
linux中ldconfig的使用介绍 ldconfig是一个动态链接库管理命令,其目的为了让动态链接库为系统所共享. ldconfig的主要用途: 默认搜寻/lilb和/usr/lib,以及配置文件 ...
- [转] - Linux网络编程 -- 网络知识介绍
(一)Linux网络编程--网络知识介绍 Linux网络编程--网络知识介绍客户端和服务端 网络程序和普通的程序有一个最大的区别是网络程序是由两个部分组成的--客户端和服务器端. 客户 ...
- Window VNC远程控制LINUX:VNC详细配置介绍
Window VNC远程控制LINUX:VNC详细配置介绍 //---------------------------------------vnc linux下的详细配置 1.VNC的启动/停止/重 ...
- Linux常见目录及命令介绍
一.Linux中常用的目录介绍: / -根目录 /bin -命令保存目录(普通用户亦可读取的命令) /boot -启动目录,启动相关文件 /d ...
- Linux truncate的使用方法介绍
Linux truncate的使用方法介绍 参考资料:https://www.fengbohello.top/archives/linux-truncate 本命令缩减或扩充指定文件的大小为指定值.参 ...
- Rsync,Linux日志及Screen工具介绍
第十六次课 Rsync,Linux日志及Screen工具介绍 目录 一.rsync工具介绍 二.rsync常用选项 三.rsync通过ssh同步 四. rsync通过服务同步 五.linux系统日志 ...
- Linux中systemctl命令详细介绍
Linux Systemctl是一个系统管理守护进程.工具和库的集合,用于取代System V.service和chkconfig命令,初始进程主要负责控制systemd系统和服务管理器.通过Syst ...
- linux动态追踪神器——Strace实例介绍【转】
Strace是Linux下一款通用的进程动态跟踪工具,用来追踪程序执行时的系统调用和所接收的信号.其应用方法如下图(部分). 首先,简单说说它的使用参数,Strace的参数包括输出参数.过滤参数.统计 ...
- Linux 文件内容查看工具介绍-cat,less,more,tail,head
Linux 文件内容查看工具介绍 作者:北南南北来自:LinuxSir.Org摘要: 本文讲述几种常用文件内容的查看工具,比如cat.more.less.head.tail等,把这些工具最常用的参数. ...
随机推荐
- 如何通过一个类名找到它属于哪个jar包?
最简单的方式: 如果用eclipse选中类名,然后ctrl shift T,就可看到包含比类的包了 最有效的方式: import java.net.URL; /** * 检查class文件属于哪个ja ...
- react-native 学习之TextInput组件篇
/** * Sample React Native App * https://github.com/facebook/react-native */ 'use strict'; import Rea ...
- SQL SERVER四舍五入你除了用ROUND还有其他方法吗?
引言 今天和测试沟通一个百分比计算方式时遇到一个问题, 我在存储过程里用到了强转CAST(32.678 AS DECIMAL(5,1)) 我认为该方式只会保留一位小数,我给测试的回复是我并没有用到四 ...
- Visual Studio 2013中因SignalR的Browser Link引起的Javascript错误一则
众所周知Visual Studio 2013中有一个由SignalR机制实现的Browser Link功能,意思是开发人员可以同时使用多个浏览器进行调试,当按下IDE中的Browser Link按钮后 ...
- Debugging into .NET Core源代码的两种方式
一.前言 .NET开源时间还不长,因为一直在做YOYOFx的关系,所似我常常有更深入的了解.NET Core和ASP.NET Core内容的需求,并且.NET Core平台与之前版本的变化太大,这也导 ...
- linq分页组合查询
一.linq高级查 1.模糊查(字符串包含) 1 public List<User> Select(string name) 2 { 3 return con.User.Where(r = ...
- 设计模式(Design Pattern)系列之.NET专题
最近,不是特别忙,重新翻了下设计模式,特地在此记录一下.会不定期更新本系列专题文章. 设计模式(Design pattern)是一套被反复使用.多数人知晓的.经过分类编目的.代码设计经验的总结. 使用 ...
- .net线程池内幕
本文通过对.NET4.5的ThreadPool源码的分析讲解揭示.NET线程池的内幕,并总结ThreadPool设计的好与不足. 线程池的作用线程池,顾名思义,线程对象池.Task和TPL都有用到线程 ...
- csharp: .NET Object Relationional Mapper (ORM)- SubSonic
https://github.com/subsonic/SubSonic-3.0 http://subsonic.codeplex.com/ https://code.google.com/archi ...
- 关于zigbee 网络拓扑节点数量的一点说明
理论上,一个zigbee网络可以存在65535个节点,即一个协调器下挂这么多个节点(ZR & ZE),但是实际应用中几乎是不可能达到的,达到100~200已经是很不错了,达到300几乎也是凤毛 ...