<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML> <HEAD> <META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <META http-equiv="Content-Style-Type" content="text/css"> <META NAME="Language" content='en'> <META name="author" lang="en" content="Michiel Broek"> <META name="copyright" lang="en" content="Copyright Michiel Broek"> <META name="description" lang="en" content="MBSE BBS Manual - Virus scanners"> <META name="keywords" lang="en" content="MBSE BBS, MBSE, BBS, manual, fido, fidonet, gateway, tosser, mail, tic, mailer"> <TITLE>MBSE BBS Setup - Virus scanners.</TITLE> <LINK rel=stylesheet HREF="../manual.css"> </HEAD> <BODY> <BLOCKQUOTE> <!-- MBSEADVERT --> <div align='right'><h5>Last update 17-Feb-2008</h5></div> <div align='center'><H1>MBSE BBS Setup - virus scanners</H1></div> Once upon a time there was no DOS and no computer virusses. But since DOS was invented as a small OS which was easily extensible, virus writers saw their chance to easy spread their hacks. Although running a GNU/Linux system is relative safe, most of the files that you have available on your bbs are DOS/Windows based programs. And before you put them available for download, they should be checked for virusses. Macro virusses are a relative new danger, this can also hurt Unix/Linux users.<P> There are several scanners for GNU/Linux available. Default only four of them are setup. You may consult <A HREF="http://www.openantivirus.org/" rel="nofollow"> http://www.openantivirus.org</A> for more scanners mentioned in a mini-FAQ maintained by Rainer Link. <p> When you configured the sources and build mbse, the configure script searched for excisting scanners. When mbsetup was run the first time, when mbtask was started, the scanners found on your system are already configured with the right paths and enabled. <P> The following scanners are default installed in the setup: <p> <UL> <LI><b>NAI Virus Scan</b> (uvscan) for Unix (GNU/Linux) made by <A HREF="http://www.nai.com" rel="nofollow"> Network Associates, USA.</A> Not free for personal use. Uses the same DAT files as for Windows and DOS. <LI><strong>AntiVir/Linux</strong> made by <A HREF="http://www.hbedv.com" rel="nofollow"> H+BEDV Datentechnik GmbH.</A> Can also be installed in sendmail or Postfix to scan incoming and outgoing email. This may be a good idea if you run a email gateway. This version can be registered for personal use. <LI><strong>Clam AntiVirus</strong> is a GNU licensed virus scanner for Unix. It is available from <A HREF="http://www.clamav.net" rel="nofollow">www.clamav.net</A>. It has one slight disadvantage over other scanners (or just the opposite), when it tests a file with the Eicar testvirus signature it will report that and triggers the virus detection. This happens with NAI DAT files. </UL> <P> As soon as you have made one scanner available in the setup and you receive files in tic areas where the scan flag is set, then these files will be checked. As soon as one of the scanners detects a virus the received file will not be imported. Uploads from users will be checked with the installed virus scanners as well. <p> <p> <H3>Stream scanners</H3> <P> A new feature is stream scanning. In this setup you need a virus scanner loaded as a daemon and it must listen to a TCP/IP port to receive commands and data to scan. Currently this is only implemented for ClamAV, but F-Prot may follow. First you need a machine where <b>clamd</b> is running, this can be a remote machine but of course also the bbs machine itself. ClamAV needs to be configured so that it listens to a TCP/IP port, and depending on other things on the local socket too. Recent versions of ClamAV can do both together. Change your <code>/etc/clamav/clamd.conf</code> to contain the following lines: <pre> # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /var/run/clamav/clamd # Remove stale socket after unclean shutdown. # Default: no #FixStaleSocket yes # TCP port address. # Default: no TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: no #TCPAddr 127.0.0.1 </pre> I left the comment for the TCPaddr, but it's up to you to protect the clamd server. After you restart <b>clamd</b> test the connection with <code>telnet host.where.clamd.runs 3310</code>, type VERSION followed by a return and you should see the ClamAV version. If that works, you can enable the ClamAV stream scanner in mbsetup and disable the old commandline scanner.<BR> So why would you use this. It's about 10 times faster then the commandline scanner. <P> <A HREF="./"><IMG SRC="../images/larrow.png" ALT="Back" Border="0">Back to index</A> <A HREF="../"><IMG SRC="../images/b_arrow.png" ALT="Home" Border="0">Back to main index</A> </BLOCKQUOTE> </BODY> </HTML>