Share |

2.1 Virusscan

Virusscan is a script that actually wraps 5 different virusscanners into one.
Only one of them is actually included on the TRK cd (Clamav), the others are downloaded from their website upon usage.

When running virusscan, it is highly recommended that your computer has a decent internet connection so you can get the latest virus signatures.

Scan engines

Currently, 5 AV engines and md5 file checksumming are implemented.

-ClamAV

This is the basic engine provided and is already preinstalled on TRK. It is very effective on mailservers but is quite slow and tends to crash when used as a commandline scanner. It also focuses more on mailworms and, from experience, has less effectiveness for local viri. Clamav is the only GPL licensed AV engine implemented. All others have some sort of free-for-non-commercial-use license and are closed source. The pros of Clamav are:
* very quick on new virus outbreaks
* included in TRK
* GPL licensed, so free for everyone
The cons:
* slow and very CPU and memory intensive
* detects the least viri of the 5 scanners in virusscan.

Because it's in fact a mailserver scanner, it will focus more on worms than on filth that comes from malicious websites and such.
* cannot disinfect inside files on its own. What is done in this case is quarantine the infected files into a tar.gz archive in <scandestination>/TRK-INFECTED/. Should a file be accidentally deleted, you can recover it afterwards and rescan it with another antivirustool

-F-Prot

This antivirus tool and all the others are not included in TRK but get downloaded from the Internet as soon as you call upon them. They disappear after a reboot of TRK. If you want them to be available after a reboot, you have to run updatetrk. This will be explained later in this documentation. The pros of F-prot:
* lightweight, not a big download
* pretty fast, low cpu usage
* good disinfection method
The cons:
* does not detect everything
* their website sometimes fails and download of f-prot is aborted

-BitDefender Scanner

It has a good average between filesize, cpu/memory load and virusdetection. It can detect many different types of malware. From what has been experienced so far, it may detect other viri and malware than the other 4. It's recommended to sweep with this after another one has already run.
Pros of BitDefender Scanner:
* detects quite some viri
* pretty fast
* detects alternate malware
Cons:
* sometimes doesn't detect very common viri
* slow update process

-Vexira

This AV engine hasn't been tested so much, but it looks like a good average AV engine.

-Avast

Avast is the latest addition to virusscan (and replaces Grisoft AVG because AVG lacks cleaning support in its new version). Avast is a great AV on Windows, very lightweight, but has not been tested in depth yet on Linux/TRK.
For this particular AV engine you need a registered, free license key which is sent to you by mail.
Get it at http://www.avast.com/registration-free-antivirus.php
If you want to avoid entering the license key each time, it's recommened to run updatetrk

-MD5

This is not an antivirus engine but just reads all of your files and makes md5sums of it. It writes the result to a logfile in the same way like it does for an AV engine. The logfile format is: modification seconds since 1-1-1970 <space> md5sum <space> filepath.

 

To get complete and up to date info, please check out the online version of the manpage for virusscan: http://trinityhome.org/manpages/man8/virusscan.8.html


 

 

Updated: July 27, 2010