McAfee VirusScan Command Line Scanner for Linux
[root@linuxas3 src]# tar zxvf vlnx432e.tar.Z [root@linuxas3 src]# mkdir uvscan [root@linuxas3 src]# cd uvscan/ [root@linuxas3 uvscan]# tar zxvf ../vlnx432e.tar.Z scan.dat names.dat clean.dat readme.txt license.txt contact.txt e4320upg.pdf uvscan.1 liblnxfv.so.4 uvscan messages.dat license.dat install-uvscan uninstall-uvscan uvscan_secure signlic.txt liblnxfv.so [root@linuxas3 uvscan]# ls clean.dat e4320upg.pdf liblnxfv.so license.dat messages.dat readme.txt signlic.txt uvscan uvscan_secure contact.txt install-uvscan liblnxfv.so.4 license.txt names.dat scan.dat uninstall-uvscan uvscan.1 [root@linuxas3 uvscan]# [root@linuxas3 uvscan]# ./install-uvscan Which directory do you want to install into? [/usr/local/uvscan] /usr/local/uvscan doesn't exist. Create it? [y]/n Do you want to create the link(s) to uvscan in /usr/local/bin [y]/n Do you want to create the link(s) to uvscan_secure in /usr/local/bin [y]/n Do you want to create the link(s) to liblnxfv.so.4 in /usr/local/lib [y]/n Do you want to create the link(s) to uvscan.1 in /usr/local/man/man1 [y]/n Installation complete. Do you want to perform a scan of all filesystems y/[n] [root@linuxas3 uvscan]# |
crontab -e
1 0 * * * /updatevir.sh目录/updatevir.sh |
升级脚本
#!/bin/sh # # $Id$ # PATH=/bin:/usr/local/bin:/usr/bin # wget,rm,tar 的路径 export PATH UVPATH=/usr/local/libexec/uvscan/ #uvscan数据文件目录 cd $UVPATH rm update.ini* wget http://open-systems.ufl.edu/mirrors/ftp.nai.com/virusdefs/4.x/update.ini >/dev/null # 下载升级配置文件 AVVER=`grep DAT /usr/local/libexec/uvscan/update.ini | head -4 | grep '[^0-9]4[0-9][0-9][0-9][^0-9]' | head -1 | sed -e 's/^.*[^0-9]\(4[0-9]*\)[^0-9].*$/\1/'` # 取得最新数据包版本 if [ ! -f $UVPATH/dat-$AVVER.tar ]; then for i in *.tar ; do mv $i $i.old done if wget http://open-systems.ufl.edu/mirrors/ftp.nai.com/virusdefs/4.x/dat-$AVVER.tar >/dev/null ; then for i in *.dat ; do cp -p $i $i.bak done if tar xf dat-$AVVER.tar ; then rm -f *.old echo `date` Successfully updated AntiVirus DAT files to $AVVER fi fi fi |
如果你想卸载运行下面脚本
rm -rf /usr/local/uvscan rm -rf /usr/local/bin uvscan rm -rf /usr/local/bin uvscan_secure rm -rf /usr/local/lib/liblnxfv.* rm -rf /usr/local/man/man1/uvscan.1 |
[root@linuxas3 postfix]# postfix stop postfix/postfix-script: stopping the Postfix mail system [root@linuxas3 postfix]# postfix start postfix/postfix-script: starting the Postfix mail system [root@linuxas3 postfix]# cat /var/log/maillog [root@linuxas3 root]# cat /var/log/maillog |grep NAI Apr 21 21:48:04 linuxas3 amavis[2621]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan [root@linuxas3 root]# telnet 127.0.0.1 10024 EHLO example.net MAIL FROM: <[email protected]> RCPT TO: <[email protected]> DATA Subject: Test 2 X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出现这个表示系统已经认出这个邮件中含有 Virus QUIT |
[root@linuxas3 root]# echo > /var/log/maillog [root@linuxas3 root]# postfix stop postfix/postfix-script: stopping the Postfix mail system [root@linuxas3 root]# postfix start postfix/postfix-script: starting the Postfix mail system [root@linuxas3 root]# cat /var/log/maillog Apr 21 21:32:13 linuxas3 postfix/postfix-script: stopping the Postfix mail system Apr 21 21:32:13 linuxas3 postfix/master[2285]: terminating on signal 15 Apr 21 21:32:16 linuxas3 postfix/postfix-script: starting the Postfix mail system Apr 21 21:32:16 linuxas3 postfix/master[2391]: daemon started -- version 2.0.19 [root@linuxas3 root]# [root@linuxas3 root]# telnet localhost 10024 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused [root@linuxas3 root]# telnet localhost 10025 Trying 127.0.0.1... Connected to linuxas3.9812.net (127.0.0.1). Escape character is '^]'. 220 mail.example.net ESMTP Postfix EHLO example.net 250-mail.example.net 250-PIPELINING 250-SIZE 50000000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-XVERP 250 8BITMIME MAIL FROM: <[email protected]> 250 Ok RCPT TO: <[email protected]> 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> Subject: test2 - virus test pattern X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 250 Ok: queued as ECE9C225D90 quit 221 Bye Connection closed by foreign host. [root@linuxas3 root]# |