Discussion:
[Grml] Test of Antivirus engines on GRML
Michael Schierl
2009-11-21 19:22:23 UTC
Permalink
Hi,


I tested a few antivirus engines in the last weeks and I wanted to
summarize what I found out (all engines I tested could be used on a GRML
live CD which is very cool) but it seems I cannot create pages in the wiki?

So, I just post the stuff here:

=====

Running antivirus software on GRML 2009.10 (Hello-Wien)
*******************************************************

This is a list of antivirus software that has been tested to work or not
work on GRML. Fortunately, all software I tested worked on GRML 2009.10
(which was quite different when I did this test a year ago). But of
course that was not GRML's fault.

ClamAV
------

Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.

Update command: freshclam
scan command: clamscan /mnt/somewhere


Avira
-----

Avira is free for non-commercial use and a free 30-day trial is
available for commercial use.

Personal: http://www.free-av.de/en/download/download_servers.php
(Direct download:
http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-pers.tar.gz)
Professional:
http://www.avira.com/de/downloads/avira_antivir_professional.html

To install:
tar xfvz antivir_*.tar.gz
cd antivir-*
./install

When prompted (except for the license) just accept the default. Dazuko
will not work because grml's kernel does not support it, but you can
continue anyway. You *have* to say Y (which is default) for installing
dazukofs, though (even if you don't have the kernel module), since
otherwise even the on-demand scanner will not start.

Before updating/scanning, start the avguard daemon: avguard start
Update command: avupdate --product=Guard
Scan command: avscan /mnt/somewhere


F-Prot
------

F-Prot Antivirus for Workstations is available free for non-commercial
use as well and as trial for commercial use.

Website: http://www.f-prot.com/download/home_user/download_fplinux.html
Direct link:
http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz

To install:
tar xfvz fp-Linux-i686-ws.tar.gz
cd f-prot
./install-f-prot.pl

(just accept the defaults, it will update signatures automatically when
installation is finished)

Scan command: fpscan /mnt/somewhere


Bitdefender
-----------

Bitdefender provides a Debian package (that works on GRML):
http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-scanner/bitdefender-scanner_7.6-3_i386.deb


AVG
---

AVG provides a Debian package (that works on GRML) as well:
http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb


Avast and Panda
---------------

Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.

Avast *does* work on GRML, Panda for some reason did not send me a
download link at all. Perhaps you have more luck? ;-)

=====

Regards,


Michael
T o n g
2009-11-22 05:29:22 UTC
Permalink
Post by Michael Schierl
but it seems I cannot create pages in the wiki?
Thanks a lot for sharing!
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
Andreas Gredler
2009-11-23 10:07:06 UTC
Permalink
Post by Michael Schierl
Hi,
I tested a few antivirus engines in the last weeks and I wanted to
summarize what I found out (all engines I tested could be used on a GRML
live CD which is very cool) but it seems I cannot create pages in the wiki?
I've created one for you that you can edit.
http://wiki.grml.org/doku.php?id=antivirus
Post by Michael Schierl
ClamAV
------
Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam
scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?

BTW: Had to clean some machines, too, recently. In my case clamav missed
a lot of viruses/trojans :-(
Post by Michael Schierl
Avast and Panda
---------------
Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.
avast4workstation can be downloaded directly:
http://www.avast.com/eng/download-avast-for-linux-edition.html
You still need the license key though.

Thx for documentating your work.

greets Jimmy
--
Andreas "Jimmy" Gredler
,'"`. http://www.jimmy.co.at/ | jimmy at g-tec.co.at
( grml.org -? Linux Live-CD for texttool-users and sysadmins
`._, http://www.grml.org/ | jimmy at grml.org
Michael Schierl
2009-11-23 17:52:36 UTC
Permalink
Post by Andreas Gredler
I've created one for you that you can edit.
http://wiki.grml.org/doku.php?id=antivirus
Thank you. I did so :)
Post by Andreas Gredler
Post by Michael Schierl
ClamAV
------
Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam
scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?
No. My experience with updating packages on grml was never very good
(maybe because you have to include a lot of different packages to get a
working system again?) and success of it changes from day to day.
Installing external packages is better for me because of that (I put the
files on an USB key and update them only when there is a new GRML
available). Updating of other antivirus works well from really old
versions. Or is there some grmlrepository somewhere where I can reliably
upgrade *only* clamav without running the risk I need to upgrade to new
versions of libfoo and libbar and therefor gazillions of other packages
(similar to backports repository of Debian)? Whenever I try it (not only
shortly after the release)?
Post by Andreas Gredler
BTW: Had to clean some machines, too, recently. In my case clamav missed
a lot of viruses/trojans :-(
Yeah. They usually do not include signatures for files that can only
appear like that on hard disk (if the virus unpacks itself from the
email, for example), as most people use clamav as an email scanner and
not for scanning real Windows boxes. That's why I use multiple
(different) scanners for scanning Windows boxes from grml.
Post by Andreas Gredler
Post by Michael Schierl
Avast and Panda
---------------
Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.
http://www.avast.com/eng/download-avast-for-linux-edition.html
You still need the license key though.
Ok, added that. Yes, I remember now, I could download it before getting
the license, but still had to wait for that e-mail so that I could
install it...
Post by Andreas Gredler
greets Jimmy
Hmm. That nick looked strange (especially as my email program by default
only shows real name and not email address) and I thought my email
program had problems with quoting ;-). But if you like to have a nick
that tries to imply a different first name, fine for me :)

Michael
Michael Schierl
2009-11-23 17:52:36 UTC
Permalink
Post by Andreas Gredler
I've created one for you that you can edit.
http://wiki.grml.org/doku.php?id=antivirus
Thank you. I did so :)
Post by Andreas Gredler
Post by Michael Schierl
ClamAV
------
Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam
scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?
No. My experience with updating packages on grml was never very good
(maybe because you have to include a lot of different packages to get a
working system again?) and success of it changes from day to day.
Installing external packages is better for me because of that (I put the
files on an USB key and update them only when there is a new GRML
available). Updating of other antivirus works well from really old
versions. Or is there some grmlrepository somewhere where I can reliably
upgrade *only* clamav without running the risk I need to upgrade to new
versions of libfoo and libbar and therefor gazillions of other packages
(similar to backports repository of Debian)? Whenever I try it (not only
shortly after the release)?
Post by Andreas Gredler
BTW: Had to clean some machines, too, recently. In my case clamav missed
a lot of viruses/trojans :-(
Yeah. They usually do not include signatures for files that can only
appear like that on hard disk (if the virus unpacks itself from the
email, for example), as most people use clamav as an email scanner and
not for scanning real Windows boxes. That's why I use multiple
(different) scanners for scanning Windows boxes from grml.
Post by Andreas Gredler
Post by Michael Schierl
Avast and Panda
---------------
Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.
http://www.avast.com/eng/download-avast-for-linux-edition.html
You still need the license key though.
Ok, added that. Yes, I remember now, I could download it before getting
the license, but still had to wait for that e-mail so that I could
install it...
Post by Andreas Gredler
greets Jimmy
Hmm. That nick looked strange (especially as my email program by default
only shows real name and not email address) and I thought my email
program had problems with quoting ;-). But if you like to have a nick
that tries to imply a different first name, fine for me :)

Michael
Michael Schierl
2009-11-23 17:52:36 UTC
Permalink
Post by Andreas Gredler
I've created one for you that you can edit.
http://wiki.grml.org/doku.php?id=antivirus
Thank you. I did so :)
Post by Andreas Gredler
Post by Michael Schierl
ClamAV
------
Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam
scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?
No. My experience with updating packages on grml was never very good
(maybe because you have to include a lot of different packages to get a
working system again?) and success of it changes from day to day.
Installing external packages is better for me because of that (I put the
files on an USB key and update them only when there is a new GRML
available). Updating of other antivirus works well from really old
versions. Or is there some grmlrepository somewhere where I can reliably
upgrade *only* clamav without running the risk I need to upgrade to new
versions of libfoo and libbar and therefor gazillions of other packages
(similar to backports repository of Debian)? Whenever I try it (not only
shortly after the release)?
Post by Andreas Gredler
BTW: Had to clean some machines, too, recently. In my case clamav missed
a lot of viruses/trojans :-(
Yeah. They usually do not include signatures for files that can only
appear like that on hard disk (if the virus unpacks itself from the
email, for example), as most people use clamav as an email scanner and
not for scanning real Windows boxes. That's why I use multiple
(different) scanners for scanning Windows boxes from grml.
Post by Andreas Gredler
Post by Michael Schierl
Avast and Panda
---------------
Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.
http://www.avast.com/eng/download-avast-for-linux-edition.html
You still need the license key though.
Ok, added that. Yes, I remember now, I could download it before getting
the license, but still had to wait for that e-mail so that I could
install it...
Post by Andreas Gredler
greets Jimmy
Hmm. That nick looked strange (especially as my email program by default
only shows real name and not email address) and I thought my email
program had problems with quoting ;-). But if you like to have a nick
that tries to imply a different first name, fine for me :)

Michael

Michael Schierl
2009-11-21 19:22:23 UTC
Permalink
Hi,


I tested a few antivirus engines in the last weeks and I wanted to
summarize what I found out (all engines I tested could be used on a GRML
live CD which is very cool) but it seems I cannot create pages in the wiki?

So, I just post the stuff here:

=====

Running antivirus software on GRML 2009.10 (Hello-Wien)
*******************************************************

This is a list of antivirus software that has been tested to work or not
work on GRML. Fortunately, all software I tested worked on GRML 2009.10
(which was quite different when I did this test a year ago). But of
course that was not GRML's fault.

ClamAV
------

Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.

Update command: freshclam
scan command: clamscan /mnt/somewhere


Avira
-----

Avira is free for non-commercial use and a free 30-day trial is
available for commercial use.

Personal: http://www.free-av.de/en/download/download_servers.php
(Direct download:
http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-pers.tar.gz)
Professional:
http://www.avira.com/de/downloads/avira_antivir_professional.html

To install:
tar xfvz antivir_*.tar.gz
cd antivir-*
./install

When prompted (except for the license) just accept the default. Dazuko
will not work because grml's kernel does not support it, but you can
continue anyway. You *have* to say Y (which is default) for installing
dazukofs, though (even if you don't have the kernel module), since
otherwise even the on-demand scanner will not start.

Before updating/scanning, start the avguard daemon: avguard start
Update command: avupdate --product=Guard
Scan command: avscan /mnt/somewhere


F-Prot
------

F-Prot Antivirus for Workstations is available free for non-commercial
use as well and as trial for commercial use.

Website: http://www.f-prot.com/download/home_user/download_fplinux.html
Direct link:
http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz

To install:
tar xfvz fp-Linux-i686-ws.tar.gz
cd f-prot
./install-f-prot.pl

(just accept the defaults, it will update signatures automatically when
installation is finished)

Scan command: fpscan /mnt/somewhere


Bitdefender
-----------

Bitdefender provides a Debian package (that works on GRML):
http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-scanner/bitdefender-scanner_7.6-3_i386.deb


AVG
---

AVG provides a Debian package (that works on GRML) as well:
http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb


Avast and Panda
---------------

Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.

Avast *does* work on GRML, Panda for some reason did not send me a
download link at all. Perhaps you have more luck? ;-)

=====

Regards,


Michael
T o n g
2009-11-22 05:29:22 UTC
Permalink
Post by Michael Schierl
but it seems I cannot create pages in the wiki?
Thanks a lot for sharing!
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
Andreas Gredler
2009-11-23 10:07:06 UTC
Permalink
Post by Michael Schierl
Hi,
I tested a few antivirus engines in the last weeks and I wanted to
summarize what I found out (all engines I tested could be used on a GRML
live CD which is very cool) but it seems I cannot create pages in the wiki?
I've created one for you that you can edit.
http://wiki.grml.org/doku.php?id=antivirus
Post by Michael Schierl
ClamAV
------
Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam
scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?

BTW: Had to clean some machines, too, recently. In my case clamav missed
a lot of viruses/trojans :-(
Post by Michael Schierl
Avast and Panda
---------------
Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.
avast4workstation can be downloaded directly:
http://www.avast.com/eng/download-avast-for-linux-edition.html
You still need the license key though.

Thx for documentating your work.

greets Jimmy
--
Andreas "Jimmy" Gredler
,'"`. http://www.jimmy.co.at/ | jimmy at g-tec.co.at
( grml.org -? Linux Live-CD for texttool-users and sysadmins
`._, http://www.grml.org/ | jimmy at grml.org
Michael Schierl
2009-11-21 19:22:23 UTC
Permalink
Hi,


I tested a few antivirus engines in the last weeks and I wanted to
summarize what I found out (all engines I tested could be used on a GRML
live CD which is very cool) but it seems I cannot create pages in the wiki?

So, I just post the stuff here:

=====

Running antivirus software on GRML 2009.10 (Hello-Wien)
*******************************************************

This is a list of antivirus software that has been tested to work or not
work on GRML. Fortunately, all software I tested worked on GRML 2009.10
(which was quite different when I did this test a year ago). But of
course that was not GRML's fault.

ClamAV
------

Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.

Update command: freshclam
scan command: clamscan /mnt/somewhere


Avira
-----

Avira is free for non-commercial use and a free 30-day trial is
available for commercial use.

Personal: http://www.free-av.de/en/download/download_servers.php
(Direct download:
http://dlpe.antivir.com/package/wks_avira/unix/en/pers/antivir_workstation-pers.tar.gz)
Professional:
http://www.avira.com/de/downloads/avira_antivir_professional.html

To install:
tar xfvz antivir_*.tar.gz
cd antivir-*
./install

When prompted (except for the license) just accept the default. Dazuko
will not work because grml's kernel does not support it, but you can
continue anyway. You *have* to say Y (which is default) for installing
dazukofs, though (even if you don't have the kernel module), since
otherwise even the on-demand scanner will not start.

Before updating/scanning, start the avguard daemon: avguard start
Update command: avupdate --product=Guard
Scan command: avscan /mnt/somewhere


F-Prot
------

F-Prot Antivirus for Workstations is available free for non-commercial
use as well and as trial for commercial use.

Website: http://www.f-prot.com/download/home_user/download_fplinux.html
Direct link:
http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz

To install:
tar xfvz fp-Linux-i686-ws.tar.gz
cd f-prot
./install-f-prot.pl

(just accept the defaults, it will update signatures automatically when
installation is finished)

Scan command: fpscan /mnt/somewhere


Bitdefender
-----------

Bitdefender provides a Debian package (that works on GRML):
http://content-down.bitdefender.com/repos/deb/pool/non-free/b/bitdefender-scanner/bitdefender-scanner_7.6-3_i386.deb


AVG
---

AVG provides a Debian package (that works on GRML) as well:
http://download.avgfree.com/filedir/inst/avg85flx-r290-a2950.i386.deb


Avast and Panda
---------------

Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.

Avast *does* work on GRML, Panda for some reason did not send me a
download link at all. Perhaps you have more luck? ;-)

=====

Regards,


Michael
T o n g
2009-11-22 05:29:22 UTC
Permalink
Post by Michael Schierl
but it seems I cannot create pages in the wiki?
Thanks a lot for sharing!
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
Andreas Gredler
2009-11-23 10:07:06 UTC
Permalink
Post by Michael Schierl
Hi,
I tested a few antivirus engines in the last weeks and I wanted to
summarize what I found out (all engines I tested could be used on a GRML
live CD which is very cool) but it seems I cannot create pages in the wiki?
I've created one for you that you can edit.
http://wiki.grml.org/doku.php?id=antivirus
Post by Michael Schierl
ClamAV
------
Clamav has the advantage it is included in grml. Unfortunately as of
writing this, the scan engine is not the latest one available. You can
scan anyway, a few of the newest signatures will not work, though.
Update command: freshclam
scan command: clamscan /mnt/somewhere
Did you try to upgrade the debian package to the latest version?

BTW: Had to clean some machines, too, recently. In my case clamav missed
a lot of viruses/trojans :-(
Post by Michael Schierl
Avast and Panda
---------------
Avast provide download for trial versions for their Linux products only
by e-mail. So, if you really want to try them, fill in their web forms
and receive link and license file by e-mail.
avast4workstation can be downloaded directly:
http://www.avast.com/eng/download-avast-for-linux-edition.html
You still need the license key though.

Thx for documentating your work.

greets Jimmy
--
Andreas "Jimmy" Gredler
,'"`. http://www.jimmy.co.at/ | jimmy at g-tec.co.at
( grml.org -? Linux Live-CD for texttool-users and sysadmins
`._, http://www.grml.org/ | jimmy at grml.org
Loading...