Shulou(Shulou.com)06/01 Report--

Linux system commonly used antivirus software, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

The Linux system is the most preferred system as a server, so it is very important to ensure the security of the Linux server. Let's share some practical antivirus software in the Linux system.

* 0x01 * * ClamAV antivirus * 1.1 * clamAV introduction *

ClamAV antivirus is the most popular antivirus software on Linux platform. ClamAV is a free and open source product that supports a variety of platforms, such as Linux/Unix, MAC OS X, Windows, OpenVMS. ClamAV is a command-line tool based on virus scanning, but there are also ClamTK tools that support graphical interfaces. ClamAV is mainly used for mail servers to scan messages. It has multiple interfaces to scan mail from the mail server, and supports file formats such as ZIP, RAR, TAR, GZIP, BZIP2, HTML, DOC, PDF, SIS CHM, RTF and so on. ClamAV has an automatic database updater that can also be run from a shared library. The command line interface makes ClamAV run smoothly.

1.2 * installation and use * Home page: http://www.clamav.net/

Help documentation: http://www.clamav.net/documents/installing-clamav

This practice environment is: centos 7.3, and execute the following command:

Yum install-y epel-release # updates the epel repository source

Yum install-y clamav # yum install clamav

* [pay special attention] some students are worried that antivirus software will affect server performance, increase failures, mistakenly kill files, and so on. Therefore, we can * * just use its scanning feature to update the virus database in real time, and * * scan as needed * *. Do not * * enable the * * antivirus service * * (clamd) * *, but only use it as a virus scanning tool. *

1.3 * use practice * use practice: https://github.com/Cisco-Talos/clamav-faq/blob/master/manual/UserManual/Usage.md

Help documentation: https://github.com/Cisco-Talos/clamav-faq

We can execute the following command to scan the server or a directory of the server (web directory)

Clamscan-help

Mkdir / tmp/infected

Clamscan-r-I-l / tmp/clamscan.log-copy=/tmp/infected /

# We scan all files and folders under the entire server and show only infected files, logging to a folder and moving infected files to a directory

* this scan is in good condition *

# We scan all files and folders in the specified directory and show only infected files, logging to a folder and moving infected files to a directory

Clamscan-r-I-l / tmp/clamscan2.log-copy=/tmp/infected / tmp

* 133 files were scanned, 100 viruses were detected and 76 viruses were detected *

1.4 * Update maintenance * Update help documentation: http://www.clamav.net/documents/upgrading-clamav

This practice environment is: centos 7.3, and execute the following command:

Yum list clamav # get the new version

Yum update clamav # get the new version

Freshclam # Update clamav signature Library

* 0x02 McAfee antivirus * * 2.1installation * introduction * * install McAfee on CentOS6.8 and 7.3.The installation process is complicated, mainly by installing agent and downloading the agent:

Upload the installation package to the linux server for decompression and installation

The client for McAfee was successfully installed and the client is operating normally.

Check the details of the client, including the version of the client agent, communication port, log path, installation path, management server address and other basic information.

2.2 user experience 1. Manually detect viruses:

The task of virus detection and killing can only be shown here, but the specific antivirus information will not be displayed. The operation command there is more complex and requires multiple commands to complete a scanning task together. Therefore, it is not recommended to check and kill the virus manually, but it is more convenient to choose the strategy to check and kill the virus under the console.

two。 Automatic detection of virus

* 133 files were scanned, a total of 100 viruses were detected, 52 viruses were detected and 82 infected files were killed *

3 performance consumption:

If you do not perform the task, the memory consumption is about 100m, and the CPU consumption is about 2%.

If you perform a scan task, the memory consumption is as high as 1G, and the CPU consumption is about 2%.

* * 2.3 Uninstall * Software * 1. Uninstall client agent: execute commands directly and sequentially:

Rpm-e MFEcma

Rpm-e MFErt

, 2. Uninstall components * *: * cd / opt/isec/ens/threatprevention/bin

Run. / uninstall-isectp.sh

* * 0x03 sophos antivirus * 3.1 antivirus installation * * installation * introduction * install for the first time using CentOS6.8, and then install with installation package on the basis of other installations, because you need to package the installation package on the basis of other installations. when you have packaged the tar or rpm package, you can use the installation package to install in 7.3.You need to download a series of files from the server. The whole process takes a long time. * this time, it focuses on the user experience and does not describe the installation process in detail.

* after the installation is successful, you can see the successful output information. *

* 3.2 * * user experience * 1. Manual virus detection: we can choose to manually check and kill viruses on the local server. Note that for convenience in this test, prepare relevant virus packages in advance in order to check the virus detection and killing capabilities of sophos. As shown in the following figure:

* 87 files were scanned, a total of 100 viruses were detected, 74 viruses were detected and 69 infected files were killed *

two。 Automatic virus detection after configuring the policy, if you use the desktop version of linux, you will be prompted for virus protection; if you use command line mode, you will directly prompt for virus alarm at the management background. In both cases, sophos does not automatically delete the virus, but simply checks for and blocks virus execution.

For the viruses found, we need to manually confirm and delete them to prevent mistakenly deleted files from the server.

3 performance consumption:

For memory consumption: basically more than 200m, often maintained at about 500m.

For CPU consumption: dynamic change, between 0% and 20%, if you do not scan for viruses, the consumption is lower; if you perform scanning for viruses, the consumption is higher. Whether in interface state or command line mode, the performance metrics consumed are the same.

* * 3.3 Uninstall * Software * * directly execute the command: / opt/sophos-av/uninstall.sh

* * 0x04 summarizes that the effects of open source software and paid software are comparable. If there is no high-strength requirement, open source software is used for one-time scanning, and open source software is deployed (if it cannot be connected to the public network, it can be temporarily connected through a proxy), especially in server emergency response.

The scanning effect of commercial software is also good, can be centralized management, regular security reports, etc., but also to meet the needs of enterprise information security management.

In view of the particularity of viruses such as webshell, it is recommended to adopt a more professional examination method.

Although there are few viruses in Linux servers, the aspect of security can not be ignored.

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.