When running virusscan, it is highly recommended that your computer has a decent internet connection so you can get the latest virus signatures.
Scan engines
-Clamav: Included in TRK is the GPL licensed Clamav, which is a decent scanner with very up-to-date support against the biggest virus threats and worms. I personally use it on the Trinityhome 's mailserver and so far NO virus has passed since it was installed in 2004 (except when it needed to get updated since a long time). I make sure the latest clamav engine version is included in TRK.You can manually update Clamav if you put the latest daily.cvd file on the TRK medium in <trkmedium>/trk3/clamdb
The pros of Clamav are:
* very quick on new virus outbreaks
* included in TRK
* GPL licensed, so free for everyone
The cons:
* slow and very CPU and memory intensive
* detects the least viri of the 4 scanners in TRK. Because it 's in fact a mailserver scanner, it will focus more on worms than on filth that comes from malicious websites and such.
* cannot disinfect inside files on its own. What I did in this case is quarantain the infected files into a tar.gz archive in <scandestination>/TRK-INFECTED/. Should a file be accidentally deleted, you can recover it afterwards and rescan it with another antivirustool
-F-prot
This antivirus tool and all the others are not included in TRK but get downloaded from the Internet as soon as you call upon them. They disappear after a reboot of TRK. If you want them to be available after a reboot, you have to run updatetrk. This will be explained later in this documentation.
The pros of F-prot:
*lightweight, not a big download
*pretty fast, low cpu usage
*good disinfection method
The cons:
*does not detect everything
*their website sometimes fails and download of f-prot is aborted
-Grisoft AVG
My personal favorite. It 's the fastest of the bunch and detects the most viri. It even detects certain malware, adware and spyware, but it doesn 't disinfect them. For that you probably need their spyware util, which unfortunately only exists for Windows. But some get detected and this is written to a logfile. Virusscan is written in such a way that it offers to delete these files after scanning.
Pros of AVG:
*detects most of all 4 antivirus tools
*also detects certain malware
*fast
Cons:
*big download, since the virusscanners are unpacked into the ramdisk, it requires a computer with sufficient ram (at least 256Mb, more is recommended)
*cpu intensive, yet the computer stays very well responsive
*version and website changes often which can result in file being unavailable for download. I 've captured some of that in a way that you first get the right url from the trinityhome site.
-BitDefender Scanner
The latest addition to TRK. It has a good average between filesize, cpu/memory load and virusdetection. It can detect many different types of malware. From what I 've experienced so far, it may detect other viri and malware than the other 3. I recommend to sweep with this after another one has already run.
Pros of BitDefender Scanner:
*detects quite some viri
*pretty fast
*detects alternate malware
Cons:
*sometimes doesn 't detect very common viri
*slow update process
Ok, so far for the differences between the 4 antivirus engines
Usage
Below is the help output when you type 'virusscan -h'. It 's self explanatory, with an exampleUsage: 'virusscan -a {clam,avg,fprot,bde} -c -g -n -d {DESTINATION}' where
-a: What antivirus you want to use. Takes 'clam' for ClamAv, 'fprot' for F-Prot, 'avg'
for Grisoft AVG and 'bde' for BitDefender.
Note that ClamAv is actually meant to plug into mailservers and block infections.
Therefore it can only quarantain infected files not disinfect them.
BitDefender proposes disinfection as a first action and deletion as a second
If the parameter '-a'is omitted, ClamAv will be the default
-c: Use Common extensions: (only with ClamAv, speeds up scan a little)
-g: Get only, just download the AV and updates, no scanning. For use with updatetrk
-d: Destination folder to scan. If no destination is given, virusscan will scan all local
filesystems it can find. You can specify multiple destinations when you separate them
with commas (wihthout spaces behind)
-n: No update. Don 't check for new AV signatures
-h: Displays this helpmessage
Example: virusscan -a avg -d /mnt0,/hda1/WINDOWS,/hda1/Program\ Files
This downloads and updates AVG if not available and scans the locations /mnt0,
/hda1/WINDOWS and /hda1/Program\ Files