防病毒系统 NAI McAfee AntiVirus (uvscan)

McAfee VirusScan Command Line Scanner for Linux

[root@linuxas3 src]# tar zxvf vlnx432e.tar.Z
[root@linuxas3 src]# mkdir uvscan
[root@linuxas3 src]# cd uvscan/
[root@linuxas3 uvscan]# tar zxvf ../vlnx432e.tar.Z
scan.dat
names.dat
clean.dat
readme.txt
license.txt
contact.txt
e4320upg.pdf
uvscan.1
liblnxfv.so.4
uvscan
messages.dat
license.dat
install-uvscan
uninstall-uvscan
uvscan_secure
signlic.txt
liblnxfv.so
[root@linuxas3 uvscan]# ls
clean.dat    e4320upg.pdf    liblnxfv.so    license.dat  messages.dat  readme.txt  signlic.txt       uvscan    uvscan_secure
contact.txt  install-uvscan  liblnxfv.so.4  license.txt  names.dat     scan.dat    uninstall-uvscan  uvscan.1
[root@linuxas3 uvscan]#

[root@linuxas3 uvscan]# ./install-uvscan
Which directory do you want to install into? [/usr/local/uvscan]
/usr/local/uvscan doesn't exist. Create it? [y]/n
Do you want to create the link(s) to uvscan in /usr/local/bin [y]/n
Do you want to create the link(s) to uvscan_secure in /usr/local/bin [y]/n
Do you want to create the link(s) to liblnxfv.so.4 in /usr/local/lib [y]/n
Do you want to create the link(s) to uvscan.1 in /usr/local/man/man1 [y]/n

Installation complete.

Do you want to perform a scan of all filesystems y/[n]
[root@linuxas3 uvscan]#
		

crontab -e

1 0 * * * /updatevir.sh目录/updatevir.sh
		
		

升级脚本

#!/bin/sh 
# 
# $Id$ 
# 
PATH=/bin:/usr/local/bin:/usr/bin
# wget,rm,tar 的路径
export PATH 
UVPATH=/usr/local/libexec/uvscan/
#uvscan数据文件目录 
cd $UVPATH 
rm update.ini*  
wget http://open-systems.ufl.edu/mirrors/ftp.nai.com/virusdefs/4.x/update.ini  >/dev/null
# 下载升级配置文件 
AVVER=`grep DAT /usr/local/libexec/uvscan/update.ini | head -4 | grep '[^0-9]4[0-9][0-9][0-9][^0-9]' | head -1 | sed -e 's/^.*[^0-9]\(4[0-9]*\)[^0-9].*$/\1/'` 
# 取得最新数据包版本 
if [ ! -f $UVPATH/dat-$AVVER.tar ]; then 
        for i in *.tar ; do 
                mv $i $i.old 
        done 
        if wget http://open-systems.ufl.edu/mirrors/ftp.nai.com/virusdefs/4.x/dat-$AVVER.tar >/dev/null ; then 
                for i in *.dat ; do 
                        cp -p $i $i.bak 
                done 
                if tar xf dat-$AVVER.tar ; then
                        rm -f *.old 
                        echo `date` Successfully updated AntiVirus DAT files to $AVVER 
                fi 
        fi 
fi 
		

如果你想卸载运行下面脚本

rm -rf /usr/local/uvscan
rm -rf /usr/local/bin uvscan
rm -rf /usr/local/bin uvscan_secure
rm -rf /usr/local/lib/liblnxfv.*
rm -rf /usr/local/man/man1/uvscan.1
		
[root@linuxas3 postfix]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
[root@linuxas3 postfix]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@linuxas3 postfix]# cat /var/log/maillog
        
[root@linuxas3 root]# cat /var/log/maillog |grep NAI
Apr 21 21:48:04 linuxas3 amavis[2621]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
[root@linuxas3 root]# telnet 127.0.0.1 10024 
EHLO example.net
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
DATA 
Subject: Test 2 

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 
. 
250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出现这个表示系统已经认出这个邮件中含有 Virus 
QUIT 
		
[root@linuxas3 root]# echo > /var/log/maillog
[root@linuxas3 root]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
[root@linuxas3 root]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@linuxas3 root]# cat /var/log/maillog

Apr 21 21:32:13 linuxas3 postfix/postfix-script: stopping the Postfix mail system
Apr 21 21:32:13 linuxas3 postfix/master[2285]: terminating on signal 15
Apr 21 21:32:16 linuxas3 postfix/postfix-script: starting the Postfix mail system
Apr 21 21:32:16 linuxas3 postfix/master[2391]: daemon started -- version 2.0.19
[root@linuxas3 root]#
		
[root@linuxas3 root]# telnet localhost 10024
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
[root@linuxas3 root]# telnet localhost 10025
Trying 127.0.0.1...
Connected to linuxas3.9812.net (127.0.0.1).
Escape character is '^]'.
220 mail.example.net ESMTP Postfix
EHLO example.net
250-mail.example.net
250-PIPELINING
250-SIZE 50000000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-XVERP
250 8BITMIME
MAIL FROM: <[email protected]>
250 Ok
RCPT TO: <[email protected]>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test2 - virus test pattern

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 Ok: queued as ECE9C225D90
quit
221 Bye
Connection closed by foreign host.
[root@linuxas3 root]#