杀毒软件AVG,没有用过估计也有所耳闻。AVG ANTIVIRUS FREE - FOR LINUX 是AVG在Linux下的一款免费杀毒软件。它的官方下载地址供了rpm、deb、源码安装包等多种安装方式。下面我下载了RPM安装包安装

 

AVG ANTIVIRUS FREE - FOR LINUX安装步骤

[root@localhost tmp]# rpm -ivh avg2013flx-r3118-a6926.i386.rpm 
Preparing...                ########################################### [100%]
   1:avg2013flx             ########################################### [100%]
Installing 'avgd' service initscripts...
Registering 'avgd' service to runlevels...
Please do configuration with /opt/avg/av/bin/avgsetup
Generating unique user id
/usr/bin/avgdiag: /opt/avg/av/bin/avgdiag: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
/usr/bin/avgdiag: line 17: /opt/avg/av/bin/avgdiag: Success
Starting AVG AV
Starting avgd[FAILED]
warning: %post(avg2013flx-r3118-a6926.i386) scriptlet failed, exit status 150

clip_image001

安装过程遇到上面错误,提示安装avg2013flx-r3118-a6926.i386.rpm需要依赖包glibc-2.12-1.80.el6_3.7.i686

[root@localhost ~]# yum whatprovides ld-linux.so.2
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
glibc-2.12-1.149.el6.i686 : The GNU libc libraries
Repo        : media
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.107.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.107.el6_4.2.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.107.el6_4.4.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.107.el6_4.5.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.132.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.132.el6_5.1.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.132.el6_5.2.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.132.el6_5.3.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.132.el6_5.4.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.149.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.149.el6_6.4.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.149.el6_6.5.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.149.el6_6.7.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.149.el6_6.9.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.166.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.166.el6_7.1.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.25.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.25.el6_1.3.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.47.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.47.el6_2.12.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.47.el6_2.5.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.47.el6_2.9.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.7.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.7.el6_0.3.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.7.el6_0.4.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.7.el6_0.5.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.80.el6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.80.el6_3.3.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.80.el6_3.4.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.80.el6_3.5.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.80.el6_3.6.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2
 
 
 
glibc-2.12-1.80.el6_3.7.i686 : The GNU libc libraries
Repo        : rhel-x86_64-server-6
Matched from:
Other       : ld-linux.so.2

通过上面命令可以查找到所依赖的安装包,直接安装glibc-2.12-1.80.el6_3.7.i686

yum install glibc-2.12-1.80.el6_3.7.i686

如果在某些特殊情况下,安装过程中有依赖关系,可以通过下面命令 yum install glibc.i686解决。

[root@localhost ~]# yum install glibc.i686
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package glibc.i686 0:2.12-1.166.el6_7.1 will be installed
--> Processing Dependency: glibc-common = 2.12-1.166.el6_7.1 for package: glibc-2.12-1.166.el6_7.1.i686
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.166.el6_7.1.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.166.el6_7.1.i686
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.7 will be updated
--> Processing Dependency: glibc-common = 2.12-1.149.el6_6.7 for package: glibc-2.12-1.149.el6_6.7.x86_64
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.1 will be an update
---> Package nss-softokn-freebl.i686 0:3.14.3-22.el6_6 will be installed
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.149.el6_6.7 will be updated
--> Processing Dependency: glibc = 2.12-1.149.el6_6.7 for package: glibc-devel-2.12-1.149.el6_6.7.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.7 for package: glibc-headers-2.12-1.149.el6_6.7.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.1 will be an update
--> Running transaction check
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.7 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.1 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.7 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.1 will be an update
--> Finished Dependency Resolution
 
Dependencies Resolved
 
=========================================================================================================================
 Package                                            Arch                                   Version                                            Repository                                            Size
=========================================================================================================================
Installing:
 glibc                                              i686                                   2.12-1.166.el6_7.1                                 rhel-x86_64-server-6                                 4.3 M
Installing for dependencies:
 nss-softokn-freebl                                 i686                                   3.14.3-22.el6_6                                    rhel-x86_64-server-6                                 157 k
Updating for dependencies:
 glibc                                              x86_64                                 2.12-1.166.el6_7.1                                 rhel-x86_64-server-6                                 3.8 M
 glibc-common                                       x86_64                                 2.12-1.166.el6_7.1                                 rhel-x86_64-server-6                                  14 M
 glibc-devel                                        x86_64                                 2.12-1.166.el6_7.1                                 rhel-x86_64-server-6                                 985 k
 glibc-headers                                      x86_64                                 2.12-1.166.el6_7.1                                 rhel-x86_64-server-6                                 614 k
 
Transaction Summary
========================================================================================================================
Install       2 Package(s)
Upgrade       4 Package(s)
 
Total download size: 24 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): glibc-2.12-1.166.el6_7.1.i686.rpm                                                                                                                                          | 4.3 MB     00:06     
(2/6): glibc-2.12-1.166.el6_7.1.x86_64.rpm                                                                                                                                        | 3.8 MB     00:03     
(3/6): glibc-common-2.12-1.166.el6_7.1.x86_64.rpm                                                                                                                                 |  14 MB     00:13     
(4/6): glibc-devel-2.12-1.166.el6_7.1.x86_64.rpm                                                                                                                                  | 985 kB     00:00     
(5/6): glibc-headers-2.12-1.166.el6_7.1.x86_64.rpm                                                                                                                                | 614 kB     00:00     
(6/6): nss-softokn-freebl-3.14.3-22.el6_6.i686.rpm                                                                                                                                | 157 kB     00:00     
-----------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                    680 kB/s |  24 MB     00:36     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of libmysqlclient.so.16()(64bit)
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of libmysqlclient.so.16(libmysqlclient_16)(64bit)
2:postfix-2.6.6-6.el6_5.x86_64 has missing requires of mysql-libs
  Updating   : glibc-2.12-1.166.el6_7.1.x86_64                                                                                                                                                      1/10 
  Updating   : glibc-common-2.12-1.166.el6_7.1.x86_64                                                                                                                                               2/10 
  Updating   : glibc-headers-2.12-1.166.el6_7.1.x86_64                                                                                                                                              3/10 
  Installing : nss-softokn-freebl-3.14.3-22.el6_6.i686                                                                                                                                              4/10 
  Installing : glibc-2.12-1.166.el6_7.1.i686                                                                                                                                                        5/10 
  Updating   : glibc-devel-2.12-1.166.el6_7.1.x86_64                                                                                                                                                6/10 
  Cleanup    : glibc-devel-2.12-1.149.el6_6.7.x86_64                                                                                                                                                7/10 
  Cleanup    : glibc-headers-2.12-1.149.el6_6.7.x86_64                                                                                                                                              8/10 
  Cleanup    : glibc-2.12-1.149.el6_6.7.x86_64                                                                                                                                                      9/10 
  Cleanup    : glibc-common-2.12-1.149.el6_6.7.x86_64                                                                                                                                              10/10 
media/productid                                                                                                                                                                   | 1.6 kB     00:00 ... 
  Verifying  : glibc-common-2.12-1.166.el6_7.1.x86_64                                                                                                                                               1/10 
  Verifying  : glibc-devel-2.12-1.166.el6_7.1.x86_64                                                                                                                                                2/10 
  Verifying  : nss-softokn-freebl-3.14.3-22.el6_6.i686                                                                                                                                              3/10 
  Verifying  : glibc-headers-2.12-1.166.el6_7.1.x86_64                                                                                                                                              4/10 
  Verifying  : glibc-2.12-1.166.el6_7.1.i686                                                                                                                                                        5/10 
  Verifying  : glibc-2.12-1.166.el6_7.1.x86_64                                                                                                                                                      6/10 
  Verifying  : glibc-devel-2.12-1.149.el6_6.7.x86_64                                                                                                                                                7/10 
  Verifying  : glibc-headers-2.12-1.149.el6_6.7.x86_64                                                                                                                                              8/10 
  Verifying  : glibc-2.12-1.149.el6_6.7.x86_64                                                                                                                                                      9/10 
  Verifying  : glibc-common-2.12-1.149.el6_6.7.x86_64                                                                                                                                              10/10 
 
Installed:
  glibc.i686 0:2.12-1.166.el6_7.1                                                                                                                                                                        
 
Dependency Installed:
  nss-softokn-freebl.i686 0:3.14.3-22.el6_6                                                                                                                                                              
 
Dependency Updated:
  glibc.x86_64 0:2.12-1.166.el6_7.1           glibc-common.x86_64 0:2.12-1.166.el6_7.1           glibc-devel.x86_64 0:2.12-1.166.el6_7.1           glibc-headers.x86_64 0:2.12-1.166.el6_7.1          
 
Complete!

先卸载avg2013flx-r3118-a6926.i386包,然后安装

[root@localhost ~]# rpm -e avg2013flx-r3118-a6926.i386
Unregistering 'avgd' service ...
Uninstalling 'avgd' service initscripts...
[root@localhost ~]# 
 
[root@localhost tmp]# rpm -ivh avg2013flx-r3118-a6926.i386.rpm 
Preparing...                ########################################### [100%]
   1:avg2013flx             ########################################### [100%]
Installing 'avgd' service initscripts...
Registering 'avgd' service to runlevels...
Please do configuration with /opt/avg/av/bin/avgsetup
Generating unique user id
Processing command line ...
Cfg file not specified using /opt/avg/av/cfg/diagcfg.xml.
New installation ID succesffully generated.
Starting AVG AV
Starting avgd[  OK  ]

clip_image002

 

AVG ANTIVIRUS FREE - FOR LINUX帮助信息

帮助文档位于/opt/avg/av/doc/README, 囊括了安装、使用各方面帮助信息。非常有用。建议使用前先查看相关帮助信息

 
[root@localhost ~]# cat /opt/avg/av/doc/README
================================
AVG Anti-Virus for Linux/FreeBSD
Version 2013
================================
 
System requirements
-------------------
 
AVG Anti-Virus for Linux/FreeBSD requires system with following or
newer library:
- libc.so.6 (Linux)
- libc.so.7 (FreeBSD RELEASE-7.3)
  For RELEASE-8 and CURRENT the compat7x port located in /usr/ports/misc is
  needed.
- libiconv.so.3 (FreeBSD)
- for amd64 architecture the lib32 compat libraries are needed
 
For on-access scanning feature either redirfs, dazuko or dazukofs is needed.
Please follow the avgoad(1) man page for more detail description.
 
Minimum hardware requirements:
- CPU: i686 or amd64 on 800 MHz
- Mem: 512 MB, 1GB is recommended
- HDD: 500 MB of free space
 
Installation
------------
 
Download latest rpm, deb, sh or tar.gz package from http://www.avg.cz/linux and
follow these steps:
 
* Installation from RPM (Linux only)
 
# rpm -i avg2013flx-r{release}-a{vdb version}.{architecture}.rpm
 
* Installation from .deb (Linux only)
 
# dpkg -i avg2013flx-r{release}-a{vdb version}.{architecture}.deb
 
* Installation from sh
 
# chmod +x avg2013flx-r{release}-a{vdb version}.{architecture}.sh
# ./avg2013flx-r{release}-a{vdb version}.{architecture}.sh
 
* Installation from .tar.gz
 
# tar xzvf avg2013{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2013{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh
 
where:
- edition substitutes 'flx' for the Linux version and 'ffb' for the FreeBSD version
- release substitutes the build number
- vdb version substitutes virus database version
- architecture substitutes the target cpu architecture
 
It is recommended to run 'avgsetup' helper tool after the installation.
 
 
Running AVG
-----------
 
For any action to be performed within AVG system, such as updating, scanning,
e-mail server functionality or on-access server functionality, so called AVG
daemons have to be running.
 
AVG daemons are launched automatically on system boot by init script. Later,
they can be controlled either by init script or by special avgctl command line
tool.
 
 
1) Usage of init script on Linux / FreeBSD.
 
* Linux
# /etc/init.d/avgd  {start|stop|status|restart|condrestart}
 
* FreeBSD
# /usr/local/etc/rc.d/avgd.sh {start|stop|status|restart|condrestart}
 
2) Usage of avgctl command line tool
 
# avgctl --start[=component]      Starts AVG or specified component.
# avgctl --stop[=component]       Stops AVG or specified component. 
# avgctl --stat[=component]       Shows statistics of AVG or specified component.
# avgctl --restart[=component]    Restarts AVG or specified component.
# avgctl --reset=component        Resets statistics of specified component.
 
For more detailed information please refer to the respective man page or avgctl help.
 
Description
-----------
 
Avg functions are secured by several daemons that are managed via command-line.  
 
DAEMONS:
   avgd       -- general AVG daemon; starts first, manages other AVG daemons
   avgavid    -- AVI daemon; loads AVI into shared memory
   avgsched   -- scheduler for planning periodic events (update etc.) 
   avgtcpd    -- e-mail scanning daemon; supports SMTP, AVG, and Milter protocol
   avgspamd   -- anti-spam daemon
   avgscand   -- anti-virus daemon
   avgupd     -- update daemon
   avgoad     -- on-access daemon
 
COMMAND-LINES:
   avgctl     -- basic control of AVG product, such as launching, stopping,
                 restarting, and getting statistics from running daemons
   avgcfgctl  -- can get and set configurations values
   avgscan    -- launch on-demand scan of requested path
   avgupdate  -- run virus database update or program update via avgupd with
                 specified parameters
   avgvvctl   -- AVG virus vault control utility
   avgdiag    -- tool for sending problem reports to crash analysis portal
   avgevtlog  -- tool for reading/managing AVG event log
   avgsetup   -- helper tool for basic integration with mail/file server
 
For more detailed information please refer to the respective man page.
 
AVG process tree (might look different in your configuration):
 
/opt/avg/av/bin//avgd 
 \--- /opt/avg/av/bin/avgavid
 \--- /opt/avg/av/bin/avgtcpd
 |     \--- /opt/avg/av/bin/avgscand -c 3
 \--- /opt/avg/av/bin/avgspamd
 \--- /opt/avg/av/bin/avgoad
 |     \--- /opt/avg/av/bin/avgscand -c 4
 \--- /opt/avg/av/bin/avgsched
 
If update is running:
 \--- /opt/avg/av/bin/avgupd
/bin/login --     
  \--- -bash
        \--- /opt/avg/av/bin/avgupdate
 
If on-demand scan is running:
/bin/login --     
 \--- -bash
       \--- /opt/avg/av/bin/avgscan /
             \--- /opt/avg/av/bin/avgscand -c 10
 
 
 
Diagnostic and system report
----------------------------
 
In case of troubles with any AVG Technologies product, gathering of specific
data is being performed by the avgdiag utility.
 
When sending data manually, it is very important to attach a detailed
description of this particular problem and to specify it with "-d, --dsc=<file>"
switches.  It is also good to make sure that AVG customer support assigns a
specific ID to your report, which eventually facilitates its identification
(this is being defined by "-i, --id=<id>" switches).
 
Automatic reporting of AVG processes crashes is turned off by default; if you
want to enable this function, please add AVG_DIAG option to your
/opt/avg/av/cfg/dump.ini file.  For example:
 
"actions = GDB_DUMP CRASH INFO AVG_DIAG"
 
This configuration ensures that should any AVG process crash, an adequate report
will be immediately sent to AVG Technologies.
 
For more detailed information please refer to the man page of avgdump, avgdiag
help or /opt/avg/av/doc/README.avgdiag document.
 
3rd party licenses
------------------
 
This product may use any of the 3rd party software which appropriate
copyright/license is enclosed in the "licenses" subdirectory.
 
A copy of Milter source code used in AVG is available upon request.
 
Copyrights
----------
 
libtar, Copyright (c) 1998-2003 University of Illinois Board of
Trustees, Copyright (c) 1998-2003 Mark D. Roth, All rights reserved.
 
MD4 and MD5 Message-Digest Algorithm, Copyright (C) 1991-2, RSA Data
Security, Inc. Created 1991. All rights reserved.

 

AVG ANTIVIRUS FREE - FOR LINUX服务启动

 

查看、启动、停止AVG Antiviruse服务可以通过下面命令操作

/etc/init.d/avgd {start|stop|status|restart|condrestart}

[root@localhost ~]# service avgd status

Checking for service avgd: (pid 15822) is running

 

AVG ANTIVIRUS FREE - FOR LINUX常用命名

具体命令使用帮助,可以查看帮助文档。在此略过。

COMMAND-LINES:
   avgctl     -- basic control of AVG product, such as launching, stopping,
                 restarting, and getting statistics from running daemons
   avgcfgctl  -- can get and set configurations values
   avgscan    -- launch on-demand scan of requested path
   avgupdate  -- run virus database update or program update via avgupd with
                 specified parameters
   avgvvctl   -- AVG virus vault control utility
   avgdiag    -- tool for sending problem reports to crash analysis portal
   avgevtlog  -- tool for reading/managing AVG event log
   avgsetup   -- helper tool for basic integration with mail/file server

 

AVG ANTIVIRUS FREE - FOR LINUX更新命令

avgupdate 可以更新反病毒数据库和应用程序。

avgupdate -h 查看更新帮助信息

clip_image003

[root@localhost ~]#avgupdate

clip_image004

clip_image005

在测试环境有一次碰到下面错误,重启相关服务后,问题解决。

[root@localhost ~]# avgupdate

AVG command line update

Copyright (c) 2013 AVG Technologies CZ

Running update.

Operation failed. The exit code could not be got because the thread or process is still alive.

[root@localhost ~]#

 

AVG ANTIVIRUS FREE - FOR LINUX扫描杀毒

查看相关帮助信息

[root@localhost ~]# avgscan -h
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
 
Anti-Virus scanner usage:
avgscan [options] [path-list]
Options:
        -h, --help               Display this help.
        -v, --version            Display version.
        -d, --debug              Verbose mode. Multiple -d options increase the
                                 verbosity. The maximum is 3.
        -T, --tui                Use a terminal user interface.
        -x, --exclude=<path>     Exclude path from scan. Multiple --exclude can
                                 be specified.
        -e, --ext=<extension>    Scan files with specified extension. Multiple
                                 --ext can be specified. Can't be used with 
                                 --noext option.
        -n, --noext=<extension>  Exclude files with specified extension.
                                 Multiple --noext options can be specified.
                                 Can't be used with --ext option.
        -l, --heal               Automatically heal infected object.
        -t, --delete             Automatically delete infected object.
        -u, --vv-move            Automatically move infected object into vault.
        -U, --vv-backup          Backup infected object if healed by deletion.
            --ignerrors          Do not report object scan errors.
        -H, --heur               Use heuristics for scanning. By default on.
            --no-heur            Disable heuristics for scanning.
        -p, --pup                Scan for Potentially Unwanted Programs.
                                 By default on.
            --no-pup             Disable scanning for PUPs.
        -P, --pup2               Scan for enhanced set of Potentially Unwanted
                                 Programs.
        -c, --coo                Scan cookies.
        -i, --hidext             Recognize hidden extensions.
        -m, --macrow             Report documents with macros.
        -o, --repok              Report also clean files.
        -w, --pwdw               Report password protected files.
        -b, --arcbombsw          Report archive bombs. By default on.
            --no-arcbombsw       Do not report archive bombs.
        -M, --media              Do not scan through media files.
        -j, --paranoid           Enable paranoid mode. Scan for less dangerous
                                 malware and more time consuming algoritms.
        -r, --report=<filename>  Save scan report to specified file.
        -a, --arc                Scan through archives.
        -L, --arc-reclevel=N     Maximum recursion level while scanning archives.
                                 Default value is 40.
        -S, --arc-maxfilesize=N  Maximum file size extracted from archives.
                                 Default value is 268435456 B.
        -N, --arc-maxfilenum=N   Maximum number of files scanned in archives.
                                 Default value is 50000.
        -B, --boot-sector        Scan boot sector.
        -s, --specfs             Scan special filesystems.
        -R, --reclevel=N         Descend at most N (a non-negative integer)
                                 levels of directories. Default value is 16384.
        -W, --winsysdir          Specifies a comma separated list of windows
                                 system directories. Any infected files found
                                 in this directory are marked as whitelisted
                                 in order to protect these files from being
                                 removed/moved to vault.
        -F, --filelist=<filename> Scan file paths specified in given file, all
                                  other paths on command line will be ignored.
        -k, --registryscan       Scan Windows registry.
[root@localhost ~]# avgscan /
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
 
Virus database version: 4311/10513
Virus database release date: Wed, 26 Aug 2015 07:03:00 -1600
 
/lib/modules/2.6.32-504.16.2.el6.x86_64/build  Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.16.2.el6.x86_64/source  Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.el6.x86_64/build  Object scan failed; Specified file was not found.
/lib/modules/2.6.32-504.el6.x86_64/source  Object scan failed; Specified file was not found.
 
Files scanned     :  13975(13975)
Infections found  :  0(0)
PUPs found        :  0
Files healed      :  0
Warnings reported :  0
Errors reported   :  4

clip_image006

 

AVG ANTIVIRUS FREE - FOR LINUX查看记录

avgevtlog 命令查看查杀、更新记录

clip_image007

 

AVG ANTIVIRUS FREE - FOR LINUX查看设置参数

avgcfgctl — can get and set configurations values 设置、获取配置参数值

[root@localhost ~]# avgcfgctl
AVG command line avgcfgctl
Copyright (c) 2013 AVG Technologies CZ
 
Default.aspam.spamassassin.address=127.0.0.1
Default.aspam.spamassassin.enabled=true
Default.aspam.spamassassin.port=783
Default.aspam.spamfilter=
Default.oad.avflt.paths.exclude=
Default.oad.avflt.paths.include=
Default.oad.avflt.timeout=0
Default.oad.darwin.cache.hashtable_size=4096
Default.oad.darwin.cache.max_items_number=65536
Default.oad.darwin.paths.exclude=|/dev|/proc|/sys|
Default.oad.darwin.paths.include=
Default.oad.dazuko.cache.hashtable_size=4096
Default.oad.dazuko.cache.max_items_number=65536
Default.oad.dazuko.events.close=false
Default.oad.dazuko.events.close_modified=true
Default.oad.dazuko.events.exec=true
Default.oad.dazuko.events.open=true
Default.oad.dazuko.paths.exclude=|/dev|/proc|/sys|
Default.oad.dazuko.paths.include=
Default.oad.deny_on_error=false
Default.oad.fanotify.cache.hashtable_size=4096
Default.oad.fanotify.cache.max_items_number=65536
Default.oad.fanotify.paths.exclude=
Default.oad.fanotify.paths.include=
Default.oad.timeout=0
Default.oad.use=fanotify
Default.scan.Options.PupExceptions=
Default.setup.daemonize=true
Default.setup.features.antispam=false
Default.setup.features.oad=true
Default.setup.features.scheduler=true
Default.setup.features.tcpd=true
Default.tcpd.avg.address=127.0.0.1
Default.tcpd.avg.enabled=true
Default.tcpd.avg.limiter_start=220
Default.tcpd.avg.limiter_stop=250
Default.tcpd.avg.ports=|54322|
Default.tcpd.avg.queue_max=20
Default.tcpd.avg.read_timeout=0
Default.tcpd.avg.request_timeout=0
Default.tcpd.avg.samba_plugin_socket=
Default.tcpd.avg.samba_plugin_support_enabled=false
Default.tcpd.avg.socket=
Default.tcpd.avg.use_socket=false
Default.tcpd.milter.enabled=false
Default.tcpd.milter.socket=
Default.tcpd.milter.verbosity=0
Default.tcpd.parsing.mime_certification_enabled=false
Default.tcpd.rules.spam.action=0
Default.tcpd.rules.spam.bounce_addr=
Default.tcpd.rules.virus.action=0
Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.scan.header.enabled=true
Default.tcpd.scan.max_restarts=3
Default.tcpd.scan.subj_prefix=[VIRUS]
Default.tcpd.scan.time_window=90
Default.tcpd.smtp.address=127.0.0.1
Default.tcpd.smtp.client_address=127.0.0.1
Default.tcpd.smtp.client_port=10025
Default.tcpd.smtp.drop_after_crash=false
Default.tcpd.smtp.enabled=true
Default.tcpd.smtp.envelope_memory_limit=0
Default.tcpd.smtp.limiter_start=220
Default.tcpd.smtp.limiter_stop=250
Default.tcpd.smtp.ports=|54321|
Default.tcpd.smtp.queue_max=20
Default.tcpd.smtp.read_buffer=102400
Default.tcpd.smtp.read_timeout=0
Default.tcpd.smtp.request_timeout=0
Default.tcpd.spam.enabled=true
Default.tcpd.spam.header.enabled=true
Default.tcpd.spam.subj_prefix=[SPAM]
Default.tcpd.threads.max=20
Default.tcpd.threshold.spam=1000
Default.tcpd.threshold.virus=1000
Default.update.Inet.UpdateServerName=|free update server|backup free update server|
Default.update.Inet.UpdateServerURL=|+http://guru.avg.com/softw/13free/update/|+http://bguru.avg.cz/softw/13free/update/|
Default.update.Inet.disconnect_speed_limit=500
Default.update.Inet.disconnect_time_limit=300
Default.update.Options.Proxy.AuthenticationType=0
Default.update.Options.Proxy.Login=
Default.update.Options.Proxy.Mode=0
Default.update.Options.Proxy.Password=
Default.update.Options.Proxy.Port=3128
Default.update.Options.Proxy.Server=
Default.update.Options.Proxy.UseLogin=false
Default.vv.system_location=vault
Default.vv.user_location=.avg/vault
Oad.scan.AutomaticActions.BackupInVault=false
Oad.scan.AutomaticActions.Enabled=false
Oad.scan.AutomaticActions.PreferedAction=1
Oad.scan.Options.ParanoidMode=false
Oad.scand.maxscanproc=0
Tcpd.scan.DirOptions.Extensions=
Tcpd.scan.DirOptions.MaxRecursionDepth=16384
Tcpd.scan.DirOptions.ScanAllFiles=true
Tcpd.scan.DirOptions.ScanFilesWithoutExtensions=true
Tcpd.scan.Options.ArchiveLevel=256
Tcpd.scan.Options.DetectCookies=false
Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true
Tcpd.scan.Options.MaxFileSize=268435456
Tcpd.scan.Options.MaxNumberOfFiles=50000
Tcpd.scan.Options.MaxRecursionDepth=40
Tcpd.scan.Options.ParanoidMode=false
Tcpd.scan.Options.ReportArchiveBombs=true
Tcpd.scan.Options.ReportHiddenExtensions=false
Tcpd.scan.Options.ReportMacros=false
Tcpd.scan.Options.ReportPwdProtectedArchs=false
Tcpd.scan.Options.ReportPwdProtectedDocs=false
Tcpd.scan.Options.ScanMediaFiles=true
Tcpd.scan.Options.UseHeuristics=true
Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=
Tcpd.scand.maxscanproc=0
UpdateProgram.sched.Repeat.BaseTime=INVALIDTIME
UpdateProgram.sched.Repeat.Interval=12
UpdateProgram.sched.Repeat.Type=1
UpdateProgram.sched.Task.Disabled=true
UpdateProgram.sched.Task.MissedStartAction=1
UpdateProgram.sched.Task.StartType=2
UpdateProgram.sched.Times.DayOfMonth=1
UpdateProgram.sched.Times.DayOfWeek=0
UpdateProgram.sched.Times.GracePeriod=300
UpdateProgram.sched.Times.SelectedDays=127
UpdateProgram.sched.Times.StartTime=2007-06-22/08-00-00
UpdateProgram.sched.Update.Path=
UpdateProgram.sched.Update.Source=inet
UpdateVir.sched.Repeat.BaseTime=INVALIDTIME
UpdateVir.sched.Repeat.Interval=4
UpdateVir.sched.Repeat.Type=1
UpdateVir.sched.Task.Disabled=false
UpdateVir.sched.Task.MissedStartAction=1
UpdateVir.sched.Task.StartType=2
UpdateVir.sched.Times.DayOfMonth=1
UpdateVir.sched.Times.DayOfWeek=0
UpdateVir.sched.Times.GracePeriod=180
UpdateVir.sched.Times.SelectedDays=127
UpdateVir.sched.Times.StartTime=2007-06-22/17-00-00
UpdateVir.sched.Update.Path=
UpdateVir.sched.Update.Source=inet

clip_image008

AVG ANTIVIRUS FREE - FOR LINUX 的扫描速率非常之快,消耗的资源也比较少。至于查杀能力如何呢,暂时还没有看到权威的评测的资料。暂时不能做过多评论。

在上篇文章“记一次Linux服务器上查杀木马经历”里 面,我介绍了使用ClamAV清理了木马程序,当时以为清理干净了,但是过了一天后,使用NetHogs又发现可疑进程。使用ClamAV查杀清理又发现 感染了Linux.BackDoor.Gates,查杀完成后,重启系统后到目前为止没有发现任何异常情况。后来我在这台Linux服务器安装了AVG Anti-Virus,扫描倒是非常快,比ClamAV的速度要快出几个等级,但是查杀能力无法验证。倒是扫出了很多 Linux.BackDoor.Gates创建的一些链接。ClamAV倒是没有扫出这些。 

clip_image009

[root@LNX17 ~]# ls -lrt /etc/rc.d/rc5.d/S97DbSecurityMdt 
lrwxrwxrwx. 1 root root 25 Jul 17 08:28 /etc/rc.d/rc5.d/S97DbSecurityMdt -> /etc/init.d/DbSecurityMdt
[root@LNX17 ~]# ls -lrt /etc/init.d/DbSecurityMdt
ls: cannot access /etc/init.d/DbSecurityMdt: No such file or directory
[root@LNX17 ~]#

清理这些链接后,已经过了几天,再也没有发现异常情况,从网络发包、收包情况看,已经没有任何异常情况。

rm -f /etc/rc.d/rc5.d/S97DbSecurityMdt 
rm -f /etc/rc.d/rc5.d/S99selinux
rm -f /etc/rc.d/rc4.d/S97DbSecuritySpt 
rm -f /etc/rc.d/rc4.d/S97DbSecurityMdt 
rm -f /etc/rc.d/rc4.d/S99selinux 
rm -f /etc/rc.d/rc1.d/S97DbSecuritySpt  
rm -f /etc/rc.d/rc1.d/S97DbSecurityMdt  
rm -f /etc/rc.d/rc1.d/S99selinux  
rm -f /etc/rc.d/rc3.d/S97DbSecuritySpt  
rm -f /etc/rc.d/rc3.d/S97DbSecurityMdt 
rm -f /etc/rc.d/rc3.d/S99selinux  
rm -f /etc/rc.d/rc2.d/S97DbSecuritySpt  
rm -f /etc/rc.d/rc2.d/S97DbSecurityMdt 
rm -f /etc/rc.d/rc2.d/S99selinux 

关于这台服务器是如何挂马的呢? 我也在思考,奈何能力有限,无法确认一些猜测(个人猜测是利用Tomcat漏洞挂马)。关于Linux安全管理方面,个人觉得杀毒软件只是根治病毒木马的 一种手段。我们需要从很多方面(安全补丁更新、正确配置、防火墙配置……)去预防、监控才能真正的确保系统的安全。

Logo

更多推荐