Computers 'n Stuff: Installing AVira Antivir for SuseLinux 10.2 64 Bit

I here share the resolutions for my Linux problems so they might safe somebody some time.

Sunday, May 06, 2007 parmanent link to this post

Installing AVira Antivir for SuseLinux 10.2 64 Bit

If you need to install an antivirus scanner for linux to protect windows mashines via a linux box Antivir might be the right choice for you. It provides very good virus signatures, on-access scanning and is absolutly free. Keep in mind that the free version can't do on-access scanning of archieves. Archieves will only be scanned by the command line scanner. Here I describe how I installed the AVira Scanner.

Prerquisites:
  • You need a working dazuko module if you like to use AVguard.

    If you need to install the Dazuko module then you might find my Dazuko instllation HOWTO helpful

  • You will need a working java funtime (JRE) environment installed on your machine to run the GUI included in the Avira workstation packages. (avguard-gui)

  1. Downlaod the free Antivir workstation for linux file from Avira at free-av.de. You can not use the packet of the Suse Distro since this is an evaluation version for enterprises. It will not allow you to update the virus signature database and will expire.
  2. Extratct the archieve. You have to apply a workaroud of a bug in the installation routine of the 64 Bit GUI of AVira as outlined in the Avira Linux Forum.
    # cd


    # cp gui/gui_workstation_linux_glibc22.tgz
    gui/gui_workstation_linux_glibc22_x86_64.tgz
    this is probably because the forgot to include the 64Bit version (gui_workstation_linux_glibc22_x86_64.tgz) of the GUI in the installation archieve which is appearently the same as the 32Bit version at the moment.

  3. Now you are ready to install. In the Folder of the extracted archieve type
    #./install
    and follow the instructions on the screen.
    If you are asked how the avguard should be installed choose option [m] meaning that dazuko is loaded as a kernel.
    find the location of your dazuko.ko module in another shell with:
    # find /lib/modules -mane dazuko.ko
    and copy paste the path to your dazuko.ko module in the installation consle.
    follow the on-screen istruktions.
  4. to enable the GUI support for AV guard youll have to make sure that in the /etc/avguard.conf the following lines are uncommented:
    # Enable and configure GUI support
    GuiSupport yes
    GuiCAFile /usr/lib/AntiVir/gui/cert/cacert.pem
    GuiCertFile /usr/lib/AntiVir/gui/cert/server.pem
    GuiCertPass antivir_default
    Otherwise AVGuard can not connect to the avguard-gui since both communicate using a SSL connection and the *.perm files contain the keys.
    If you don't do this you will find the antivir-gui to report the avguard to be stopped although it is running and it can't be started/stopped from the gui

    Using the Yast utility make sure that all users who should be able to start avguard are added to the group antivir
  5. Configure /etc/avguard.conf to suit your needs. The config file is well commented.
  6. Now you can start the antivir-gui by
    1. hit Alt+F2 and enter
      antivir-gui
      now press return and the GUI should open.
    2. open a command shell and enter
      > antivir-gui
  7. To add an Avira Icon to your KDE menu first download the Avira umbrella icon.
    Then open it with Konquerer and save as as PNG file format (Document/Save File as/ chose png from the format dropdown menu and chosse save). Then move *.png to /usr/share/pixmaps
    # chown root:root avira_logo.png
    # mv avira_logo.png /usr/share/pixmaps
    Then open the KDE Menu-Editor and go to System/Security. Chose File/NewItem. Chose Name eg. AntiVir. Klick on the Icon button select other icons and find the umbrella and select it and klick OK. Enter antivir-gui in the command field and klick the disk icon to save.
Commads and default Files:

antivir-gui will start the antivir gui
antivir -h will list all command line options of antivr command line scanner
antivir -z -s --scan-mode=smart --heur-macro --heur-level=2 --moveto=/home/unwanted [path]
this command will envoce the antivir virus scanning utility such that it will scan all files whis extentios likely to contain viruses of [path] and its subfolders for viruses and malicious macros with heurisitcs level 2. Suspisous files will be renamed and moved to the default quarantine directory of antivir.
antivir --update will update the virus signatures of antivir.
avguard start will start the on-access scanning tool of antivir and will load the dazuko module. Note: the dazuko module will need to be properly installed in order to allow avguard to be operational. if dazuko and avguard were poperly loaded

#dmesg
should read something like:
[...]
dazuko: info: using chroot events for chroot'd processes
dazuko: loaded, version=2.3.3
(-note:-
"dazuko: info: using chroot events for chroot'd processes" means that dazuko modulae was configured using the "--disable-chroot-support" directive at compile time. Needed for SMP kernels that do not export d_path. see: Dazuko in OpenSuse 10.2
-note-)
# tail /var/log/messages should read something like:
[...]
May 6 19:14:21 localhost antivir[20149]: excluding "/home/unwanted/" from scan (quarantine directory)
May 6 19:14:21 localhost antivir[20149]: excluding "/sys/" from scan (special file system)
May 6 19:14:21 localhost antivir[20149]: excluding "/proc" from scan (special file system)
May 6 19:14:21 localhost antivir[20149]: Information: Dazuko kernel module version 2.3.3 detected


avguard status will report the status of avguard
avguard stop will stop the on-acces scanner

avupdater start will start the av updatedemon wich will update the virus signatures
configantivir script to configure the avupdater deamon. follow the on screen instructions.

/etc/avupdater.conf holds the configuration file for the avupdater daemon.
/etc/avguard.conf holds the configuration of avguard

/usr/lib/Antivir
default installation path of antivir avguard and antivir-gui
/home/unwanted The default quarantine directory of avguard

/usr/lib/Antivir/MANUAL.avguard manual on istallation and configuring avguard.


Note:
  • The On-Access Scanner AVguard will not scan compressed files for viruses. I think this is a major drawback since most users want to protect their windwos installation from viruses that come in files they downladed with Linux. Use the scanner as a workaroud to scan compressed files.
  • The GUI will only allow for scanning of files in the home directory. For other files you have to use the command line scanner. However, users who want to protect their windwos installation from viruses the download via Linux may want to scan /media and /windows folder as well if the devices are mounted with write permission. Possible workarounds include adding a link form the home directory to other directories you want to inlcude in your scan. The command line utility can be configured to follow links.


Links:
Avira Forum
Free AntiVire download site

Labels: , , ,