Results 1 to 7 of 7

Thread: Scanvirus Stable V1.00 Release

  1. #1

    Default Scanvirus Stable V1.00 Release

    Hello all. "scanvirus" is a script application that has clamscan as its anti-virus engine. It has minimal functions to learn and it only has two dependencies (udisks2 and clamav). It makes virus scans of multiple drives/devices much easier. It requires no graphical interface, but has some optional gfx functions. It's command line is simple and easy to use with a configuration file. It's a has good configurable logging system.

    It's been throughly tested for bugs and design flaws. However, any bugs or design flaws report them here. Follow the instructions in the script.

    Design Flaw: needs more error checking, only basic checks.

    Upgrading: Overwrite old file. Check CFG for differences

    Code:
    ______________________________scanvirus configuration______________________________
    date +'%Y-%m-%d %I:%M:%S%P'
    TimeStamp= %I:%M:%S%P
    DateStamp= %Y-%m-%d
    ______________________________________________________________________________
    ExcludedScanFolders= dev etc kdeinit5__0 proc tmp srv sys var .snapshots
    ___________________________________________________________________________________
    Bash Suspend Command
    1= 'systemctl suspend' - openSUSE, Ubuntu, Fedora, Arch, Debian, etc
    2= 'pm-suspend' - Void, Gentoo, Devuan etc - pm-utils power management suite
    SuspendCommand= 1
    ___________________________________________________________________________________
    Suspend or power-off lock screen - GNOME KDE
    LockScreenCommand= 0
    ___________________________________________________________________________________
    MSWIN scan - partition file system types
    ScanPartitionFileSystems= ntfs vfat
    ___________________________________________________________________________________
    List users group filter
    UserGroupFilter= users
    ___________________________________________________________________________________
    Scan Log Format
    %o  OS Type             %s  Virus Status
    %f  Scan Folder         %n  Scan Time
    %c  Command Options     %t  Time Stamp
    %d  Date Stamp          %p  Partition Log
    %%  Print %
    ScanLogFormat= %o %s %f %n %c %t %d %p
    ___________________________________________________________________________________
    Software License: https://creativecommons.org/licenses/by-nc-nd/4.0/


    https://paste.opensuse.org/89092388

    Code:
    #sha256sum scanvirus
    c98e5f8ed8719daeead50d84053f0b12471f6a9637397aa4889ea92e21a0856c  scanvirus
    
    #sha512sum scanvirus
    37b848c468227f6da7cb8ed0190862e965ec5ea94ad810640641af3bc961aa3d5d9f24b1c74637febcdc42b96504b50baf93e629f091dde897b9ba48476f03e7  scanvirus
    Current project: A total conversion to C code for more speed. It has only basic functions.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,327

    Default Re: Scanvirus Stable V1.00 Release

    Not a request for technical help. Will be moved to General Chitchat.
    Henk van Velden

  3. #3

    Default Re: Scanvirus Stable V1.00 Release

    Quote Originally Posted by hcvv View Post
    Not a request for technical help. Will be moved to General Chitchat.
    Noted for later releases.


    Code:
    No such file or directory
    WARNING: : Can't access file
    Ignore: clamscan engine issue, unknown


    There is an error sometimes when scanvirus completes, some kind of bash bug unrelated to scanvirus or other system bug.


    Future Fix: There is possible problem with someone altering the config file to remove 'virus' or 'clean'. There is no current way to log changes to that file.

  4. #4

    Default Scanvirus Stable V1.00 Release

    ===== Security Patch =====
    Now checks and corrects for missing virus status '%s'.


    Make changes as noted. If you have done it correctly, the sha256 and sha512 should match. If not, make sure there are no extra lines at the end of the script. Also, spacing could make shasums incorrect.


    Code patch --> build date top -- > build date version bottom


    Code:
         if [[ "$ScanLogFormat" == '' ]];then
              printf "cfg error: ScanLogFormat NULL\n"
              exit 1
         fi
         if [[ "$ScanLogFormat" != *"%s"* ]];then
              printf "cfg error: ScanLogFormat missing virus status\n"
              printf "Adding Virus status to ScanLogFormat\n"
              ScanLogFormat+=" %s"
         fi
         
         Virus_Vault_Folder='/var/log/VirusVault' 
         #exit 1
    Code:
    #: Last Edit   : Mon  Aug 13  20:35 PST 2020
    Code:
    printf "Build #2020.08.13.20.35\n"
    Code:
    sha256sum scanvirus
    9f4c9cc2662363d7f232ddd17b9084e2cf6bbecc2081c39e4b9b69308425e756  scanvirus
    
    sha512sum scanvirusa
    9d28f94ae2e8c627935b02d9f953a1a363051b81b25dbe7b104904ea1277f26bad924b870b84375a31c0bc637dad2f1d1986d7602b9028b98c61ecab7d6706d5  scanvirus

  5. #5

    Default Re: Scanvirus Stable V1.00 Release

    ===== Security Patch =====
    Adds warning to scanlogs about missing virus status.


    Make changes as noted. If you have done it correctly, the sha256 and sha512 should match. If not, make sure there are no extra lines at the end of the script. Also, spacing could make shasums incorrect.


    Code patch --> build date top -- > build date version bottom

    Code:
         if [[ "$ScanLogFormat" == '' ]];then
              printf "cfg error: ScanLogFormat NULL\n"
              exit 1
         fi
         if [[ "$ScanLogFormat" != *"%s"* ]];then
              printf "cfg error: ScanLogFormat missing virus status\n"
              printf "Adding Virus status to ScanLogFormat\n"
              ScanLogFormat+=" %s"
    
              Current_Date=$(date +'%m/%d/%Y')
              printf "%s WARNING: ScanLogFormat missing virus status\n" "$Current_Date" >> /var/log/VirusVault/VirusScanLog.txt
         fi
         
         Virus_Vault_Folder='/var/log/VirusVault'
    Code:
    #: Last Edit   : Mon  Aug 19  22:28 PST 2020
    Code:
             printf "Build #2020.08.19.22.28\n"
    Code:
    #sha256sum scanvirus
    292afc9b9310dc40d85cc2ea57aaa7e584f57953f560f9a96d7f35440c50f1e6  scanvirus
    
    sha512sum scanvirus
    b6f0d7621c200cc0018be1409283f2a549cd89940bb2f5de28979527277e9329ef64502803189825e92e0b43a6dff0b6aa4c9db42358272cb63f39b707b0afd0  scanvirus

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,878
    Blog Entries
    2

    Default Re: Scanvirus Stable V1.00 Release

    Just a general comment of the possible increasing need for Linux Anti-Virus,

    Although the recent reveal of Drovorub won't likely be identified by common AntiVirus,
    https://forums.opensuse.org/showthre...about-Drovorub

    Drovorub may be an early indicator that some hackers are recognizing that even if Linux doesn't exist in large Desktop/Workstation numbers, it can still be a worthwhile target because critical high value systems often run on Linux.

    If we continue to see more exploits like Drovorub that specifically target Linux machines, then anti-malware in general and anti-virus in particular could become essential rather than merely optional.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  7. #7

    Default Re: Scanvirus Stable V1.00 Release

    Quote Originally Posted by tsu2 View Post
    Just a general comment of the possible increasing need for Linux Anti-Virus,

    Although the recent reveal of Drovorub won't likely be identified by common AntiVirus,
    https://forums.opensuse.org/showthre...about-Drovorub

    Drovorub may be an early indicator that some hackers are recognizing that even if Linux doesn't exist in large Desktop/Workstation numbers, it can still be a worthwhile target because critical high value systems often run on Linux.

    If we continue to see more exploits like Drovorub that specifically target Linux machines, then anti-malware in general and anti-virus in particular could become essential rather than merely optional.

    TSU
    I've done my best to get out any security flaws in scanvirus. But, I'm still limited by the engine being out of date.

    Code:
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.100.3 Recommended version: 0.102.4
    I would release scanvirusbin, but it has too many potential flaws. Not to mention memory leaks and filename overflows. On the good side, I have completed 'scanvirusbin -l f bin'. Scanning and saving the log in the virus scan folder.


    Any virus can be detected? Some viruses have a special app to detect them.


    I have secure boot disabled. Can I just do an update install to enable?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •