Installing NAI's Anti-Virus on a OpenLinux 2.3 Machine

Written by: Bill Parker (dogbert@mail.netnevada.net)
Date: October 17, 2001

Tested on Caldera OpenLinux 2.3, 3.1 & Kernels 2.2.x, and 2.4.x

The first thing you must do is have a licensed copy of
NAI's Anti-Virus software to install on your computer.

The current virus engine for linux is:

Virus Scan for Linux v4.12.0
Copyright (c) 1992-2000 Networks Associates Technology Inc.
All rights reserved.
(408) 988-3832  LICENSED COPY - Nov 20 2000 

Scan engine v4.1.20 for Linux.
Virus data file v4121 created Feb 12 2001
Scanning for 56916 viruses, trojans and variants.

As you can see, the virus update was run on Feb 12, 2001

Next thing, this file usually comes in a .tar or .tar.gz
form which is unpacked on your linux box.  I put mine in
/usr/local/uvscan

Now, there is a install program with it, but I don't like
it all that much, so I did it the hard way (the easy way
is done by looking at readme.txt in /usr/local/uvscan)

1. do this procedure as the superuser (root)

2. The uvscan program in /usr/local/uvscan needs the
    libstdc++.so.2.8 library (which should go in /usr/lib),
    but it was not on my OpenLinux 2.3 system, so some kind
    soul mailed to me, and I placed it into /usr/lib (I do
    not know where this can be obtained from, at the moment).

2a. If you are running OpenLinux 3.1 Workstation or Server, the
    libstdc++.so.2.8 file is INCLUDED, so you can proceed with STEP 3 below:

3. the liblnxfv.so file needs to be added to the LD_LIBRARY_PATH

    or physically placed into /usr/lib (or symlinked in /usr/lib
    to /usr/local/uvscan/liblnxfv.so).

4. use ldconfig to update the libraries on your system, may
    take a second or two.

5. form a symlink for uvscan in /usr/local/bin with the following

    cd /usr/local/bin <enter>
   ln -s /usr/local/uvscan/uvscan uvscan

    the ls -al of /usr/local/bin/uvscan should look like this:

    lrwxrwxrwx 1 root root 24 Feb 13 10:18 uvscan -> /usr/local/uvscan/uvscan

    the ls -al of /usr/local/uvscan/uvscan should look like this:

    -r-xr-xr-x 1 root root 120831 Feb  4 12:50 /usr/local/uvscan/uvscan

6. Copy uvscan.1 (the manual page for uvscan) from /usr/local/uvscan
    to /usr/man/man1

7. type 'updatedb' to update the locate database on your system.

Next, log out as root, and go back to being to being your plain old
user self.

The moment of truth, if everything has been installed correctly,
type: uvscan <enter>

and this is the output which should appear:

Usage:
   uvscan [--allole] [--analyse | --analyze]
          [-c | --clean] [--cleandocall] [--config file]
          [--dam] [-d | --dat | --data-directory] [--delete]
          [--exclude file] [-e | --exit-on-error] [--extlist]
          [--extensions EXT1[,EXT2...]] [--extra file]
          [--fam] [-f | --file file] [--floppya] [--floppyb]
          [-h | --help] [--ignore-compressed] [--ignore-links] [--load file]
          [--manalyse | --manalyze | --macro-heuristics]
          [--maxfilesize XXX] [-m | --move directory]
          [--noboot] [--nocomp] [--nodecrypt] [--nodoc] [--noexpire]
          [--norename] [--one-file-system]
          [--panalyse | --panalyze] [-p | --atime-preserve | --plad]
          [-r | --recursive | --sub]
          [--secure] [-s | --selected] [--summary]
          [-u | --unzip] [-v | --verbose] [--version] [--virus-list]
          {file / directory}

A target has not been specified for scanning!

Now the final step is to follow the instructions in
/usr/local/uvscan/readme.txt about making the eicar.com file
(which was 69 bytes on my system) by pasting the following
(no, it's not a virus) into vi eicar.com

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

and saving the file as eicar.com on your system (in my case,
I saved it in /home/billp/eicar.com)

then I ran the scanner against it, and this is what was reported back
to me:

[billp@nermal billp]$ uvscan eicar.com
/home/billp/eicar.com
         Found: EICAR test file NOT a virus.

at this point, issue a rm eicar.com, and you are all finished.

I have mailed NAI's tech support people about the tarball of uvscan
not containing libstdc++.so.2.8, as the uvscan program uses it as a
shared library.  Hopefully, they will include this item in the
tarball so others won't go through the same problem I did.

Good Luck.
searchSearch Index