Senior Network Management teaches you how to combat Linux viruses

Compared with Windows systems, Linux is stable, cost-effective, and secure. If it is not a super user, it is difficult for programs that maliciously infect system files to succeed, and few viruses are found to spread on Linux. But this does not mean that Linux is really impeccable.

Today, more and more servers, workstations, and PCs are using Linux, and computer virus makers are also starting to attack this system. Although the powerful computer virus we are familiar with does not damage the Linux server, it may spread to a computer with a Windows system installed with it. In practice, viruses often reside in linux systems. Although they do not cause any harm to the system, they can act as the windows System Virus command, it is very difficult to scan and kill windows viruses on the network.

1. Virus types in linux:

Currently, viruses on Linux platforms are classified into the following four categories:
(1) Executable File virus refers to a virus that can be infected with objects as the main infected objects in files.
(2) worm (worm) virus: worms on Linux platforms are rampant, such as ramen, lion, and Slapper that exploit system vulnerabilities to spread, these viruses are infected with a large number of Linux systems, causing huge losses.
(3) script viruses are mostly viruses written in shell scripting languages. These viruses are easy to write, but their destructive power is equally amazing. sh script file. A shell script with dozens of lines can infect all the script files on the hard disk in a short time.
(4) backdoor programs, from adding simple backdoors for system superuser accounts, to using system service loading, sharing library file injection, rootkit toolkit, and even loading kernel modules (LKM) the backdoor technology developed on the Linux platform is very mature, concealed, and difficult to clear. It has become a headache for Linux system administrators.

Ii. Anti-Virus Software on linux:

The Anti-virus software in Linux is mainly divided into two parts: open-source Anti-virus software and commercial Anti-virus software. The former includes Germany's SEBASTIAN, H + BEDV AntiVir/X Company's Anti Vir Linux, the latter includes RAV Anti Virus Desktop For Linux v8 of GeCAD Software.

In addition, despite the rapid development of Linux desktop applications, the command line (shell) still has a strong vitality in Linux, because starting the X-Window Manager will consume a large amount of system resources. Therefore, I will focus on how to use Anti Linux to kill viruses in the command line.

TIPS:
Anti Linux is a Linux-targeted Anti-virus software provided by SEBASTIAN, H + BEDV AntiVir/X in Germany. It can detect various worms, boot zone viruses, and StarOffice macro viruses. The latest version is 2.0.9.

Iii. Introduction to the detection and removal environment:

Hardware: the central processor, compatible with Intel X86 processor Pentium200 or above, 32 MB (64 MB recommended) memory, MB hard disk space, and 4 MB Display memory.
Software: kernel version 2.2 or later and Gcc version 2.95 or later.

4. Install the removal software:

The following describes how to install anti-virus software in the LINUX operating system step by step on the command line.

Step 1: Check the glibc file version number on the Linux server to download the corresponding software. You can use the following command:
# Rpm-qalgrep glibc

Step 2: After determining the glibc version, you can download the corresponding version.

Step 3: install the software by using the following command.
# Gunzip avlxsrv.tar.gz
# Tar vxf avlxsrv.tar
# Cd avlxsrv
#./Install
Next, an installation wizard appears, which allows you to install the software conveniently according to the system prompts.

Step 4: Use the software. AntiVir Linux is a command line-based tool that works with some parameters to effectively detect and kill Linux and Windows viruses. The basic operation format is AntiVir [options] [path].

TIPS:
There are many parameters available in AntiVir Linux. If you want to learn more about the parameters, you can use # antivir -- help to view them. In addition, the CRC file is also mentioned here. For Linux systems, for security reasons, the system administrator usually uses the timestamp and system verification program to identify whether a binary file has been changed. Therefore, the sum program in Linux is based on CRC verification.

5. virus removal:

After installing anti-virus software, you need to manually delete the virus.

Step 1: Check all files in the/usr directory and run the following command:
# Antivir-s/usr. Here we will introduce the actual situation-the size of the allocated/usr directory is 2.4 GB, and the file format is ReiserFS.

Step 2: Check the Windows partition loaded by the system. If you want to check the drive C, enter
# Antivir-s/mnt/winc.

Step 3: Upgrade the software. First, connect the computer to the Internet and run the following command:
# Antivir-update: The system periodically scans viruses every day.

In addition, there is a task scheduling function in Windows, which can be scheduled to complete a function according to user requirements, which is very useful for network administrators. Similar functions are also available in Linux, which are executed by Cron. Cron is a daemon that provides the timer function. As long as you have defined the timer settings file, you can complete the scheduled tasks in Linux.

(1) first, check whether the Cron service is enabled:
# Chkconfig-listlgrep crond
(2) If not, run the following command:
# Ntsysv
(3) set the crond service option to "*" (use the space key) and restart the system. Then the system starts the Cron service.
(4) create a timer setting file named mytype ).
# Crontab-e
(5) change the file content to 1509 *** antivir. Then, use vi or another editor to save the disk and exit.
(6) use the crontab command to add it to the task list:
# Crontab-u mytype

In this way, at 09:15 every day, the system will automatically scan for viruses to kill Windows platform computers on the network.

6. Use Samba technology to assist in anti-virus:

We usually use Samba for file sharing. It can work well with computers using Windows operating systems. From a computer installed with Windows, Samba Server is a server displayed in a network neighbor. We can save files in Windows on this server. In addition, we can also mount the sharing of other Windows computers to the Samba directory for virus scanning and removal. The procedure is as follows:

(1) MAP network drives
We know that in Windows, you can map the shared directory to a network drive, so that you can use the shared directory as a local folder. Similar functions are available in Linux, which can be implemented by using the smbmount command.
First, create a directory under the/mnt Directory, which is assumed to be/mnt/smb/A1, and then scan and kill computer viruses like a local file system.
# Smbmount // A1/d/mnt/smb/A1
# Cd/mnt/smb/A1
# Antivir
(2) uninstall the ing directory. You can run the umonut command and then mount another computer to check the virus. The method is the same and will not be detailed here.

VII. Summary:

Virus is a headache for network administrators. Therefore, whether using windows or linux operating systems, we must maintain a good attitude and learn more advanced knowledge on the Internet, through this article, we have learned a variety of methods to use command lines to prevent viruses in linux. In this way, we can drive viruses out of our network and make our work and study and life smoother.