Your SlideShare is downloading. ×
Command AntiVirus
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Command AntiVirus

1,340

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,340
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Command AntiVirus™ for Unix® User’s Guide
  • 2. NOTICE Command Software Systems, Inc. (CSSI) reserves the right to improve the product described in the companion manual at any time and without prior notice. This material contains the valuable properties and trade secrets of CSSI, a Florida corporation, embodying substantial creative efforts and confidential information, ideas and expressions, no part of which may be reproduced or transmitted in any form or by any means, electronic, mechanical, or otherwise, including photocopying, and recording, or in connection with any information storage or retrieval system, without prior written permission from CSSI. LICENSE AGREEMENT The Software is protected by United States copyright laws, international copyright treaties as well as other intellectual property laws and international treaties. License Grants. Licensor (CSSI) hereby grants Licensee the non-transferable right to use, as set forth below, the number of copies of each version number and language of Software set forth on Licensee’s valid proof of purchase. For each License acquired, Licensee may use one copy of the Software on a “one user per license” basis, or in its place, any prior version for the same operating system, on a single computer. Licensee may also store or install a copy of the Software on a storage device, such as a network server, used only to install or run the Software on Licensee’s other computers over an internal network; however, Licensee must acquire and dedicate a License for each separate computer on which the Software is installed or run from the storage device. A license for the Software may not be shared or used concurrently on different computers. A server License requires user access licenses on a “one user per access license” basis, or as defined with each server product. Licensee must retain this License Agreement as evidence of the license rights granted by Licensor. By executing the rights granted to Licensee in this License Agreement or by executing same or similar electronically as part of the installation process, Licensee agrees to be bound by its terms and conditions. If Licensee does not agree to the terms of this License Agreement, Licensee should promptly return it together with all accompanying materials and documents for a refund. WARRANTY CSSI warrants the physical media and the physical documentation to be free of defects with respect to materials and workmanship for a period of thirty (30) days from the date of purchase. During the warranty period, CSSI will replace the defective media or documentation. This warranty is limited to replacement and does not encompass any other damages. CSSI MAKES NO OTHER EXPRESS OR IMPLIED WARRANTIES INCLUDING THE WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE AND THE WARRANTY OF MERCHANTABILITY. Command AntiVirus © Copyright 2003 by Command Software Systems, Inc. Portions © Copyright 1993, 2003 FRISK Software International. Published in the U.S.A. by Command Software Systems, Inc. All rights reserved. Document No. CU-490-1003 Part No. 07-1000-00 Command AntiVirus for Unix
  • 3. TABLE OF CONTENTS INTRODUCTION ...................................................................... 1-1 Main Features .................................................................................................................... 1-2 Chapter Overview .............................................................................................................. 1-2 Chapter 1 - Introduction ............................................................................................ 1-2 Chapter 2 - CSAV for Solaris .................................................................................... 1-2 Chapter 3 - CSAV for Linux ....................................................................................... 1-3 Chapter 4 - CSAV for FreeBSD ................................................................................ 1-3 Glossary .................................................................................................................... 1-3 Conventions Used ............................................................................................................. 1-3 Additional Information ........................................................................................................ 1-4 Web Site .................................................................................................................. 1-4 Mailing List Server ..................................................................................................... 1-5 README.TXT ........................................................................................................... 1-5 CSAV FOR SOLARIS .............................................................. 2-1 Pre-installation Requirements ........................................................................................... 2-1 SPARC Platform ....................................................................................................... 2-1 Intel Platform ............................................................................................................. 2-1 Installation ......................................................................................................................... 2-2 Installing Using the Pkgadd Command ..................................................................... 2-3 Installing Using Admintool ......................................................................................... 2-6 Location of Installed Files .......................................................................................... 2-18 Testing Command AntiVirus ..................................................................................... 2-21 Updating the Definition Files .............................................................................................. 2-21 Performing a Virus Scan .................................................................................................... 2-22 Command-line Options ............................................................................................. 2-23 Removing Command AntiVirus ......................................................................................... 2-28 From the Command Prompt ...................................................................................... 2-28 Using Admintool ........................................................................................................ 2-29 CSAV FOR LINUX .................................................................... 3-1 DOS Pre-installation Requirements ........................................................................................... 3-1 Installation ......................................................................................................................... 3-2 Installing .................................................................................................................... 3-3 Verifying the Installation ............................................................................................ 3-5 Location of Installed Files .......................................................................................... 3-6 Testing Command AntiVirus ..................................................................................... 3-8 Updating Command AntiVirus for Linux ............................................................................ 3-8
  • 4. Updating the Definition Files .............................................................................................. 3-9 Scheduling Updates .................................................................................................. 3-10 Performing a Virus Scan .................................................................................................... 3-11 Command-line Options ............................................................................................. 3-11 Removing Command AntiVirus ......................................................................................... 3-16 CSAV FOR FREEBSD ............................................................. 4-1 Pre-installation Requirements ........................................................................................... 4-1 Installation ......................................................................................................................... 4-1 Installing .................................................................................................................... 4-2 Verifying the Installation ............................................................................................ 4-4 Location of Installed Files .......................................................................................... 4-5 Testing Command AntiVirus ..................................................................................... 4-7 Updating Command AntiVirus for FreeBSD ...................................................................... 4-7 Updating the Definition Files .............................................................................................. 4-8 Scheduling Updates .................................................................................................. 4-9 Performing a Virus Scan .................................................................................................... 4-10 Command-line Options ............................................................................................. 4-10 Removing Command AntiVirus ......................................................................................... 4-15 GLOSSARY .............................................................................. 5-1 INDEX ....................................................................................... I-1 Command AntiVirus for Unix
  • 5. INTRODUCTION Command AntiVirus (CSAV) for Unix® is a command-line scanner. Command Software Systems provides different packages for the Linux®, the Solaris™, and the FreeBSD operating systems. Command AntiVirus provides state-of-the-art antivirus protection through HoloCheck™ scanning technology. The most important benefits of this technology are: • Simplified antivirus updates. You can now update the sign.def, sign2.def, and macro.def files (which contain the latest virus signatures) without reinstalling all of CSAV’s components. This updating method adds speed and efficiency to Command AntiVirus. • Superior polymorphic virus detection. Command AntiVirus now offers unparalleled protection and elimination of polymorphic viruses including the dreaded Morphine, Anxiety, Spanska, Magistr and MTX. • Scanning of embedded (OLE) documents. Not only do we scan documents, but if an infected document is embedded in an Excel spreadsheet or a PowerPoint document, Command AntiVirus will detect it and prevent your data from becoming infected.
  • 6. 1-2 INTRODUCTION MAIN FEATURES Command AntiVirus is a comprehensive virus protection program that: • Uses state-of-the-art technology to scan for tens of thousands of known viruses and their variants. • Removes viruses without damaging the original file. • Scans for images of boot sector viruses, macro viruses, and Trojan Horses. • Scans hard drives, diskettes, CD-ROMs, network drives, directories, and specific files. • Scans archived files, compressed files, and compressed executables. • CSAV for Linux and FreeBSD can be configured to perform scheduled scans when used with the Unix cron utility. CHAPTER OVERVIEW The Command AntiVirus for Unix User’s Guide consists of the following chapters. CHAPTER 1 - INTRODUCTION This chapter provides an overview of Command AntiVirus including a list of features and conventions. CHAPTER 2 - CSAV FOR SOLARIS Chapter 2, CSAV For Solaris, provides pre-installation requirements and instructions on installing and removing Command AntiVirus for Solaris™ on both the SPARC® and Intel® platforms. This chapter also includes information on performing virus scans, using the product’s command-line switches, and using the Command AntiVirus for Solaris e-mail notification feature. Command AntiVirus for Unix
  • 7. INTRODUCTION 1-3 CHAPTER 3 - CSAV FOR LINUX Chapter 3, CSAV for Linux, provides pre-installation requirements and instructions on installing and removing Command AntiVirus for Linux. This chapter also includes information on performing virus scans, using the product’s command line switches, and using the Command AntiVirus for Linux e-mail notification feature. INTRODUCTION CHAPTER 4 - CSAV FOR FREEBSD Chapter 4, CSAV for FreeBSD, provides pre-installation requirements and instructions on installing and removing Command AntiVirus for FreeBSD. This chapter also includes information on performing virus scans, using the product’s command-line switches, and using the Command AntiVirus for FreeBSD e-mail notification feature. GLOSSARY Chapter 5, Glossary, Glossary provides definitions of virus terminology. CONVENTIONS USED Indicates an area that requires special attention. Indicates a helpful tip. COURIER Examples and messages appear in COURIER. For example: CSAV -HARD -DISINF
  • 8. 1-4 INTRODUCTION CSAV The acronym used for Command AntiVirus. Italics A reference to the manual is in italics. Italics A reference to another chapter in the manual is in bold and italics. Bold A reference to a section within the chapter is in bold. ADDITIONAL INFORMATION WEB SITE You will find a wealth of fascinating information on the Command Software Systems web site. Do you have questions about viruses? Do you want to know more about security? Would you like to know the answers to our customers’ most frequently asked questions? We provide comprehensive information on viruses, products, events, employment opportunities and much more. Plus, for your convenience, all of our readme files, quick start guides, and manuals are available for online viewing. Be sure to visit this exciting extension of Command Software Systems’ services at: • Command Software U.S. – http://www.authentium.com • Command Software U.K. – http://www.authentium.co.uk • Command Software Australia – http://www.commandcom.com.au Command AntiVirus for Unix
  • 9. INTRODUCTION 1-5 MAILING LIST SERVER Registered users of Command AntiVirus can subscribe to Command Software Systems’ mailing list server. As long as you have an Internet e-mail address, you can obtain electronic notification of product updates and announcements. You can also receive our newsletter, and a variety of other services. For more information, visit our web site. INTRODUCTION README.TXT The latest information on product enhancements, fixes and special instructions is in the README.TXT file that is included with the Command AntiVirus program files. You can also review this file on the Command Software Systems web site before you download the Command AntiVirus files.
  • 10. 1-6 INTRODUCTION Command AntiVirus for Unix
  • 11. CSAV FOR SOLARIS This chapter provides pre-installation requirements and instructions on installing and removing Command AntiVirus for Solaris™ on both the SPARC® and Intel® platforms. Also included is information on performing virus scans, using the product’s command-line switches, and using the Command AntiVirus for Solaris e-mail notification feature. PRE-INSTALLATION REQUIREMENTS SPARC PLATFORM The system requirements for Command AntiVirus for Solaris on the SPARC platform are: • Solaris 8 or higher • At least 6.0 MB of available hard disk space INTEL PLATFORM The system requirements for Command AntiVirus for Solaris on the Intel platform are: • Solaris 7 or higher • At least 6.0 MB of available hard disk space
  • 12. 2-2 CSAV FOR SOLARIS INSTALLATION Installing Command AntiVirus for Solaris is easy to do. The installation places all of the required Command AntiVirus files in the necessary directories. Before beginning, please read the installation instructions thoroughly. This will help you to anticipate any choices that you may need to make during the installation process. Before beginning, please read the installation instructions thoroughly. This will help you to anticipate any choices that you may need to make during the installation process. Command AntiVirus for Solaris consists of three packages: the Command AntiVirus scan engine, the virus definition files, also referred to as deffiles, and the documentation. NOTE: You can install Command AntiVirus for Solaris through the pkgsdd command or by using Admintool. The documentation package installs the translated versions of the following: • readme.txt – contains important last-minute information about the functioning of the product. • guide.txt – the short form of the Command AntiVirus for Unix User’s Guide in text format. • distrib.txt – contains contact information about all of the Command Software distributors. • legal.txt – contains legal information on product copyright, licensing, usage, etc. • email.cfg – a sample e-mail notification file. This file can be used when -notify=user@domain is provided. NOTE: Administrators can use a text editor to change the content of email.cfg to fit their needs. • cssunix.pdf – the Command AntiVirus for Unix User’s Guide. Command AntiVirus for Unix
  • 13. CSAV FOR SOLARIS 2-3 NOTE: The English versions of the first five files are installed when you install the Command AntiVirus package. The cssunix.pdf file is not installed unless you install the documentation package. INSTALLING USING THE PKGADD COMMAND To install Command AntiVirus for Solaris using the pkgadd command, follow these steps: 1. At the Solaris command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. SOLARIS 2. Type your root password and press Enter. 3. If you download the installation package, go to Step 5. Otherwise continue to the next step. 4. Insert the CD-ROM containing Command AntiVirus for Solaris into your CD-ROM drive. If vold is running – the system displays a file manager window, and the CD is mounted. If vold is not running – mount the CD manually. NOTE: Vold mounts the CDs on /cdrom/VOLNAME, where VOLNAME is the CD Volume Name. 5. To install the Command AntiVirus scan engine package, at the command prompt, #, type the following, and press Enter: • SPARC Platform pkgadd -d /cdrom/CSAV/solaris/sparc/CSSIcsav-x.xx.x-sparc.pkg
  • 14. 2-4 CSAV FOR SOLARIS • Intel Platform pkgadd -d /cdrom/CSAV/solaris/i386/CSSIcsav-x.xx.x-i386.pkg The x.xx.x represent the Command AntiVirus version number, for example 4.70.0. NOTE: The actual location may vary. It depends on where the CD is mounted and the volume label of the CD. The system asks if you want to process the package. 6. Press Enter, or at the command prompt, #, type all and press Enter. The system asks if you will allow scripts to be executed with super-user privileges. These scripts update links onto your file system and make Command AntiVirus available for all users. 7. At the command prompt, type y and press Enter. 8. To install the deffiles package, at the command prompt, #, type the following, and press Enter: pkgadd -d /cdrom/CSAV/solaris/sparc/CSSIdeffl-yyyymmdd-noarch.pkg The yyyy represents the year the deffiles were released. The mm represents the month, and the dd represents the day, for example, 20010912. NOTE: The actual location may vary. It depends on where the CD is mounted and the volume label of the CD. The system asks if you want to process the package. 9. Press Enter, or at the command prompt, #, type all and press Enter. 10. To install the documentation package, at the command prompt, #, type the following, and press Enter: pkg_add -d /cdrom/CSAV/solaris/sparc/CSSIdocs-x.xx.x-language.pkg Command AntiVirus for Unix
  • 15. CSAV FOR SOLARIS 2-5 The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. The language represents the language used, for example, english. The system asks if you want to process the package. 11. Press Enter, or at the command prompt, #, type all and press Enter. NOTE: The actual location may vary. It depends on where the CD is mounted and the volume label of the CD. 12. To complete the installation of Command AntiVirus for Solaris, at the command prompt, #, type the following, and press Enter: exit The system returns to the Solaris command prompt, $. SOLARIS Verifying the Pkgadd Installation To verify that the Command AntiVirus scan engine package is installed properly, at the command prompt, $, type the following and press Enter: pkginfo CSSIcsav The system displays the following message: system CSSIcsav Command AntiVirus for Solaris To verify that the definition files package is installed properly, at the command prompt, $, type the following and press Enter: pkginfo CSSIdeffl The system displays the following message: system CSSIdeffl Definition Files for Solaris To verify that the documentation package is installed properly, at the command prompt, $, type the following and press Enter: pkginfo CSSIdocs
  • 16. 2-6 CSAV FOR SOLARIS The system displays the following message: system CSSIdocs Command Software AntiVirus for Solaris supporting documentation For more information, refer to the pkginfo manual page. INSTALLING USING ADMINTOOL NOTE: Before you begin the installation, make sure that you have root permissions. To install Command AntiVirus for Solaris using Admintool, follow these steps: 1. At the command prompt, #, start Admintool by typing admintool& and pressing Enter. The system displays the Admintool: Users dialog box: Command AntiVirus for Unix
  • 17. CSAV FOR SOLARIS 2-7 SOLARIS Admintool: Users Dialog Box 2. On the menu bar, click Browse and then Software. The system displays the Admintool: Software dialog box:
  • 18. 2-8 CSAV FOR SOLARIS Admintool: Software Dialog Box Command AntiVirus for Unix
  • 19. CSAV FOR SOLARIS 2-9 3. On the menu bar, click Edit and then Add. The system displays the Admintool: Set Source Media dialog box: SOLARIS Admintool: Set Source Media Dialog Box 4. In the Software Location list, select one of the following: • CD with volume management - if installing from the CD-ROM (vold running). • CD without volume management - if installing from the CD-ROM (vold is not running. Make sure the CD is mounted). • Hard Disk - if installing from the directory onto the hard disk. 5. In the Directory text box, type the path where the software resides. 6. Click OK. The system displays the Admintool: Add Software dialog box:
  • 20. 2-10 CSAV FOR SOLARIS Admintool: Add Software Dialog Box 7. Select the Command Software AntiVirus for Solaris and Definition files for Command AntiVirus check boxes. If you want to install the documentation, select Command Software AntiVirus for Solaris supporting documentation check box. Installing documentation is optional. To ensure that Command AntiVirus functions properly, both the Command Software AntiVirus for Solaris and Definition files for Command AntiVirus check boxes must be selected. 8. Click Add. The installation begins. During the installation the system asks if you will allow scripts to be executed with super-user privileges. These scripts update links onto your file system and make Command AntiVirus available for all users. Command AntiVirus for Unix
  • 21. CSAV FOR SOLARIS 2-11 9. At the command prompt, #, type y and press Enter. The system notifies you that the installation was successful. 10. Press Enter. The system returns to the Admintool: Add Software dialog box. 11. To exit Admintool, select the File menu and click Exit. Verifying the Admintool Installation To verify that Command AntiVirus is installed properly follow these steps. 1. At the command prompt, #, start Admintool by typing admintool& and pressing Enter. The system displays the Admintool: Users dialog box: SOLARIS Admintool: Users Dialog Box
  • 22. 2-12 CSAV FOR SOLARIS 2. On the menu bar, click Browse and then Software. The system displays the Admintool: Software dialog box: Admintool: Software Dialog Box 3. Click the All Software button, and select System Software. 4. Scroll through the list to locate and select Command Software AntiVirus for Solaris. NOTE: If Command Software AntiVirus for Solaris is not listed, the installation was not successful. 5. Click Show Details. The system displays the Admintool: Software Details dialog box: Command AntiVirus for Unix
  • 23. CSAV FOR SOLARIS 2-13 SOLARIS Admintool: Software Details Dialog Box 6. Click Cancel. The system returns to the Admintool: Software dialog box:
  • 24. 2-14 CSAV FOR SOLARIS Admintool: Software Dialog Box 7. Click the All Software button, and select System Software. 8. Scroll through the list to locate and select Definition files for Command AntiVirus. NOTE: If Definition files for Command AntiVirus is not listed, the installation was not successful. 9. Click Show Details. The system displays the Admintool: Software Details dialog box: Command AntiVirus for Unix
  • 25. CSAV FOR SOLARIS 2-15 SOLARIS Admintool: Software Details Dialog Box 10. Click Cancel. The system returns to the Admintool: Software dialog box:
  • 26. 2-16 CSAV FOR SOLARIS Admintool: Software Dialog Box 11. Click the All Software button, and select System Software. 12. Scroll through the list to locate, and select Command Software AntiVirus for Solaris supporting documentation. NOTE: If Command Software AntiVirus for Solaris supporting documentation is not listed, the installation was not successful. 13. Click Show Details. The system displays the Admintool: Software Details dialog box: Command AntiVirus for Unix
  • 27. CSAV FOR SOLARIS 2-17 SOLARIS Admintool: Software Details Dialog Box 14. Click Cancel. The system returns to the Admintool: Software dialog box. 15. To exit Admintool, select the File menu, and click Exit.
  • 28. 2-18 CSAV FOR SOLARIS LOCATION OF INSTALLED FILES For updating or troubleshooting purposes, you may need to know the location of the Command AntiVirus files (CSSIcsav package), the virus definition files (CSSIdeffl package), and the documentation (CSSIdocs package) that are installed on your system. For example, when you update the macro.def, sign2.def, and sign.def files (CSSIdeffl package), you may need to know their locations. CSAV for Solaris installs under the /opt/CSSIcsav directory. Several symbolic links that enable Command AntiVirus to function properly are created in some system directories. Table 1, Table 2, and Table 3 provide the locations of all the files and the symbolic links that are installed through the three packages. Table 1: Installed Locations of CSAV for Solaris Files – CSSIcsav Package Path Description /usr/bin/csav The Command AntiVirus command-line Link to: /opt/CSSIcsav/bin/csav scanner. /usr/lib/libcsscan.so A symbolic link to the most recently Link to: /opt/CSSIcsav/lib/libcssan.so.x.xx installed core scan engine shared library. /opt/CSSIcsav/lib/libcsscan.so.x.xx The core scan engine shared library used by CSAV. The x.xx represents the version number of the product, for example, 4.70. Note: The /usr/lib/libcsscan.so path mentioned above links to this specific file. /etc/csav The file placeholder and definition file Link to: /opt/CSSIcsav/etc placeholder. /opt/CSSIcsav/etc/english.tx1 The file containing language-specific text. Command AntiVirus for Unix
  • 29. CSAV FOR SOLARIS 2-19 Table 1: Installed Locations of CSAV for Solaris Files – CSSIcsav Package Path Description /opt/CSSIcsav/etc/email.cfg A sample e-mail notification file. This file can be used when -notify=user@domain is provided. Note: Administrators can use a text editor to change the content of email.cfg to fit their needs. /opt/CSSIcsav/Docs/distrib.txt This file provides contact information about all of the Command AntiVirus distributors. /opt/CSSIcsav/Docs/readme.txt The readme file for Command AntiVirus for Solaris. This file contains important last-minute information about the SOLARIS functioning of the product. /opt/CSSIcsav/Docs/legal.txt This file contains legal information on product copyright, licensing, usage, etc. /opt/CSSIcsav/Docs/guide.txt The Command AntiVirus for Unix User’s Guide short form in text format. Table 2: Installed Locations of CSAV for Solaris Definition Files – CSSIdeffl Package Path Description /opt/CSSIcsav/etc/macro.def The virus signature definition file for macro viruses. /opt/CSSIcsav/etc/sign.def The virus signature definition file for non-macro viruses. /opt/CSSIcsav/etc/sign2.def The virus signature extended definition file.
  • 30. 2-20 CSAV FOR SOLARIS Table 3: Installed Locations of CSAV for Solaris Documentation Files – CSSIdocs Package Path Description /opt/CSSIcsav/etc/email.cfg A sample e-mail notification file. This file can be used when -notify=user@domain is provided. Note: Administrators can use a text editor to change the content of email.cfg to fit their needs. /opt/CSSIcsav/Docs/distrib.txt This file provides contact information about all of the Command AntiVirus distributors. /opt/CSSIcsav/Docs/readme.txt The readme file for Command AntiVirus for Solaris. This file contains important last-minute information about the functioning of the product. /opt/CSSIcsav/Docs/legal.txt This file contains legal information on product copyright, licensing, usage, etc. /opt/CSSIcsav/Docs/cssunix.pdf The Command AntiVirus for Unix User’s Guide. /opt/CSSIcsav/Docs/guide.txt The Command AntiVirus for Unix User’s Guide short form in text format. Command AntiVirus for Unix
  • 31. CSAV FOR SOLARIS 2-21 TESTING COMMAND ANTIVIRUS For testing purposes, there is a self-extracting file called SE_EICAR.EXE. You can download SE_EICAR.EXE from our web site at http://www.authentium.com/threats/eicar.cfm. If you run this file, you will find a test file called eicar.com (from the European Institute for Computer Anti-Virus Research). This file helps you verify that you installed your antivirus protection properly. eicar.com also provides a way to demonstrate how Command AntiVirus responds when it finds a virus. To test Command AntiVirus, just scan eicar.com. A message containing the following phrase should appear on-screen: Infection: EICAR_Test_File This message assures you that Command AntiVirus is functioning properly. If SOLARIS you do not receive this message, then Command AntiVirus is not functioning properly, and you will need to troubleshoot the cause of the problem. UPDATING THE DEFINITION FILES The following section contains information on updating the virus definition files (deffiles). NOTE: Before you begin the update, make sure that you have root permissions. To update the Command AntiVirus for Solaris deffiles, follow these steps: 1. At the command prompt, #, type the following, and press Enter: pkgadd -d <deffile_loc/>CSSIdeffl.pkg NOTE: Replace the <deffile_loc/> with the location of the deffiles. The system asks if you want to process the package.
  • 32. 2-22 CSAV FOR SOLARIS 2. Press Enter, or at the command prompt, #, type all and press Enter. 3. To complete the deffiles package update, at the command prompt, #, type the following and press Enter: exit The system returns to the Solaris command prompt, $. Verifying the Pkgadd Update Installation To verify that the definition files (deffiles) update package is installed properly, at the command prompt, $, type the following and press Enter: pkginfo CSSIdeffl The system displays the following message: system CSSIdeffl Definition Files for Solaris For more information, refer to the pkginfo manual page. PERFORMING A VIRUS SCAN To perform a scan for viruses, at the command line, type the following, and press Enter: csav -disinf /usr/bin /usr/doc Command AntiVirus begins scanning your /usr/bin and /user/doc directories. Entering the path name immediately after csav allows you to scan specific directories. Subdirectories are scanned by default. You can scan more than one directory at a time. In the command stated above, the /usr/bin and /usr/doc paths are scanned because their path names, which must be separated by a space, have been added to the command line immediately after csav. If an infected file is detected, the -disinf switch instructs Command AntiVirus to disinfect the file automatically. Command AntiVirus for Unix
  • 33. CSAV FOR SOLARIS 2-23 COMMAND-LINE OPTIONS There are many command-line options (switches) that you can use with Command AntiVirus for Solaris. For more information, refer to the on-line manual page (man csav). Using these switches requires the following syntax: csav {command-line options} {path}+ In the above syntax: csav is the Command AntiVirus executable {command-line options} can be any of the switches listed in Table 4. {path}+ is one or more paths SOLARIS For example, to scan all files in a directory called doc, you can use the following command: csav -disinf /usr/doc/ Some examples of csav using command-line options are: csav /bin/ csav -list /bin csav -packed /usr/doc csav -paranoid /doc -type csav -report=myrep.txt /doc If you do not provide at least one command-line option, csav exits.
  • 34. 2-24 CSAV FOR SOLARIS Table 4: CSAV for Solaris Command-line Switches Switch Description -all Scans all files. -append Adds to the existing report file. This switch allows you to receive an extended report of what was scanned. If you use the -list switch, this report can become very large so you will need to clear it frequently. The -append switch must be used with the -report=<file name> switch. -archive Scans inside .zip, .cab, .tar, .gz, .rar, .lzh and .arj files. -collect Scans a virus collection. -delete Deletes infected files. -disinf Disinfects when possible. Deletes first-generation samples and files destroyed by overwriting viruses. It never deletes a file that can be disinfected. -dumb Scans all files. This switch is to be used with the -collect switch. -follow Follows symbolic links. -help Displays this list of switches. -list Lists all files being scanned. -nobreak Does not abort the scan if the Ctrl-C key combination is pressed. -noheur Disables heuristic scanning abilities. -nosub Does not scan subdirectories. -notify=user@domain.com When a virus is detected, sends an e-mail to the designated address (replace user@domain.com with a legitimate e-mail address). -packed Unpacks compressed executables. Command AntiVirus for Unix
  • 35. CSAV FOR SOLARIS 2-25 Table 4: CSAV for Solaris Command-line Switches Switch Description -quarantine=<directory name> Quarantines the infected files to the directory specified at the command line. Important: Only users with root permissions can use this command-line option. -rename Renames infected com/exe files to vom/vxe. -report=<file name> Sends the output to a specified file. -removeall Removes all macros from all documents. -removenew Removes new variants of macro viruses by removing all macros from infected documents. SOLARIS -saferemove Removes all macros from all documents if a known virus is detected. -silent Does not generate any screen output. -syslog Logs all detected infections into the system log. Important: Only root is allowed to use this switch as it generates additional output to the system files. -virlist If specified, displays the virus list on the screen. If used, this switch must be the only option. Use redirection to save the virus list as a file. For example: csav -virlist > virlist.lis To view the virus list one screen at a time, you can use the more command: csav -virlist | more -virno Counts the known viruses. The following switches are non-functional in Command AntiVirus for Solaris: -hard, -inter, -noboot, -nofile, -nofloppy, -nomem, -page, and -wrap.
  • 36. 2-26 CSAV FOR SOLARIS E-mail Notification Command AntiVirus for Solaris can be configured to send a virus notification e-mail message to a specific address. For example, when a virus is detected, an e-mail notification containing important information about the infection can be sent to a company’s MIS department. To enable e-mail notification, you must use the -notify=user@domain.com command-line switch (see Table 4). The default notification message is located in the email.cfg file. The default message is: Dear Sir/Madam, On %DATE% Command AntiVirus version %VER% found the virus %VIRUS% in the file %FILE% (owned by %OWNER%) residing on the machine %MACHINE%. Regards, The Administrator NOTE: You can use any standard text editor to reword the notification message to fit your needs. When the notification message is generated, variables in email.cfg are replaced automatically with specific information about those variables. For example, if the %VIRUS% variable is used in email.cfg, the notification message will contain the name of the virus. A notification generated from the default email.cfg will look similar to the following: Command AntiVirus for Unix
  • 37. CSAV FOR SOLARIS 2-27 Dear Sir/Madam, On Tue Aug 10 16:03:28 1999 Command AntiVirus version 4.60.0 found the virus W97M/Test Macro in the file 1/ macro97.doc (owned by DBanner) residing on the machine hulk017.zigysoft.com. Regards, The Administrator The variables that are available for use in the Command Antivirus virus notification e-mail message are described in Table 5: Table 5: Notification Message Variables SOLARIS Variable Description %DATE% Will be replaced with the current date. This variable reports the current day of the week, the calendar date, and the time of day. %FILE% Will be replaced with the name of the infected file. %MACHINE% Will be replaced with the machine name as found through DNS. %OWNER% Will be replaced by the user name of the owner of the infected file. Important: The owner is the account that currently “owns” the file. It is not guaranteed that this account created the file. %VER% Will be replaced with the version number of the currently running Command AntiVirus. %VIRUS% Will be replaced with the name of the virus infecting the file.
  • 38. 2-28 CSAV FOR SOLARIS REMOVING COMMAND ANTIVIRUS Command AntiVirus for Solaris can be uninstalled from the Solaris command prompt or by using Admintool. FROM THE COMMAND PROMPT To remove Command AntiVirus for Solaris from the command prompt, follow these steps. 1. At the Solaris command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. 2. Type your root password, and press Enter. 3. To remove the definition files package, at the command prompt, #, type the following and press Enter: pkgrm CSSIdeffl The system asks if you want to remove the package. 4. Press Enter, or at the command prompt, #, type y and press Enter. 5. To remove the Command AntiVirus package, at the command prompt, #, type the following, and press Enter: pkgrm CSSIcsav The system asks if you want to remove the package. 6. Press Enter, or at the command prompt, #, type y and press Enter. The system asks if you will allow scripts to be executed with super-user privileges. These scripts remove links from your file system and completely uninstall Command AntiVirus. Command AntiVirus for Unix
  • 39. CSAV FOR SOLARIS 2-29 7. At the command prompt, #, type y and press Enter. 8. To remove the documentation package, at the command prompt, #, type the following and press Enter: pkgrm CSSIdocs The system asks if you want to remove the package. 9. Press Enter, or at the command prompt, #, type y and press Enter. 10. To complete the uninstall of Command AntiVirus for Solaris, at the command prompt, #, type the following, and press Enter: exit SOLARIS The system returns to the Solaris command prompt, $. USING ADMINTOOL NOTE: Before you begin the uninstall, make sure that you have root permissions. NOTE: To properly uninstall Command AntiVirus for Solaris, you must perform the steps to remove Command AntiVirus for Solaris in sequence. Definition files for Command AntiVirus (CSSIdeffl) depend on the Command Software AntiVirus for Solaris (CSSIcsav) package. You may not be able to uninstall CSSIcsav until you first uninstall CSSIdeffl. Documentation for Command AntiVirus (CSSIdocs) can be uninstalled at anytime. To remove Command AntiVirus for Solaris using Admintool, follow these steps: 1. At the command prompt, #, start Admintool by typing admintool& and pressing Enter. The system displays the Admintool: Users dialog box:
  • 40. 2-30 CSAV FOR SOLARIS Admintool: Users Dialog Box 2. On the menu bar, click Browse and then Software. The system displays the Admintool: Software dialog box: Command AntiVirus for Unix
  • 41. CSAV FOR SOLARIS 2-31 SOLARIS Admintool: Software Dialog Box 3. Scroll through the list to locate and select Definition files for Command AntiVirus. 4. On the menu bar, click Edit and then Delete. The system displays the Admintool: Warning dialog box:
  • 42. 2-32 CSAV FOR SOLARIS Admintool: Warning Dialog Box 5. Click Delete. The system displays the Admintool: Delete Software dialog box: Admintool: Delete Software Dialog Box You are asked to confirm that you want to remove the package. 6. Type y, and press Enter. The system returns to the Admintool: Software dialog box: Command AntiVirus for Unix
  • 43. CSAV FOR SOLARIS 2-33 SOLARIS Admintool: Software Dialog Box NOTE: Although the file is deleted, Definition files for Command AntiVirus remains in the list until you restart Admintool. 7. Scroll through the list to locate and select Command Software AntiVirus for Solaris. 8. On the menu bar, click Edit and then Delete. The system displays the Admintool: Warning dialog box:
  • 44. 2-34 CSAV FOR SOLARIS Admintool: Warning Dialog Box 9. Click Delete. The system displays the Admintool: Delete Software dialog box: Admintool: Delete Software Dialog Box You are asked to confirm that you want to remove the package. 10. Type y and press Enter. The system returns to the Admintool: Software dialog box: Command AntiVirus for Unix
  • 45. CSAV FOR SOLARIS 2-35 SOLARIS Admintool: Software Dialog Box NOTE: During the deletion of Command Software AntiVirus for Solaris, the system may prompt you one or more times to confirm the deletion of other packages. Type y to these prompts. NOTE: Although the file is deleted, Command Software AntiVirus for Solaris remains in the list until you restart Admintool. The removal of Command AntiVirus for Solaris is complete. If you want to uninstall the documentation, proceed to Step 12, otherwise continue with Step 11. 11. Exit the Admintool: Software dialog box.
  • 46. 2-36 CSAV FOR SOLARIS 12. Scroll through the list to locate and select Command Software AntiVirus for Solaris supporting documentation. 13. On the menu bar, click Edit and then Delete. The system displays the Admintool: Warning dialog box: Admintool: Warning Dialog Box 14. Click Delete. The system displays the Admintool: Delete Software dialog box: Admintool: Delete Software Dialog Box Command AntiVirus for Unix
  • 47. CSAV FOR SOLARIS 2-37 You are asked to confirm that you want to remove the package. 15. Type y and press Enter. The system returns to the Admintool: Software dialog box: SOLARIS Admintool: Software Dialog Box NOTE: Although the file is deleted, Command Software AntiVirus for Solaris supporting documentation remains in the list until you restart Admintool. The removal of Command Software AntiVirus for Solaris supporting documentation is complete. 16. Exit the Admintool: Software dialog box.
  • 48. 2-38 CSAV FOR SOLARIS Command AntiVirus for Unix
  • 49. CSAV FOR LINUX This chapter provides pre-installation requirements and instructions on installing and removing Command AntiVirus for Linux®. Also included is information on performing virus scans, using the product’s command-line switches, and using the Command AntiVirus for Linux e-mail notification feature. PRE-INSTALLATION REQUIREMENTS The system requirements for Command AntiVirus for Linux® are: • An IBM®-compatible computer with a 386 or higher CPU • Red Hat® Linux Version 6.0 or higher, or SuSE® Linux 6.2 or higher • At least 4.0 MB of available hard disk space • GLIBC_2.0 or GLIBC_2.1 “C” runtime library NOTE: Command AntiVirus for Linux may work on any Linux that uses GLIBC 2.0 or higher and kernel 2.0 or higher.
  • 50. 3-2 CSAV FOR LINUX INSTALLATION Installing Command AntiVirus for Linux is easy to do. The installation places all of the required CSAV files in the necessary directories. Before beginning, please read the installation instructions thoroughly. This will help you to anticipate any choices that you may need to make during the installation process. Before beginning, please read the installation instructions thoroughly. This will help you to anticipate any choices that you may need to make during the installation process. Command AntiVirus for Linux consists of three packages: Command AntiVirus scan engine, the virus definition files, also referred to as deffiles, and the documentation. The documentation package installs the translated versions of the following: • readme.txt – contains important last-minute information about the functioning of the product. • guide.txt – the short form of the Command AntiVirus for Unix User’s Guide in text format. • distrib.txt – contains contact information about all of the Command Software distributors. • legal.txt – contains legal information on product copyright, licensing, usage, etc. • email.cfg – a sample e-mail notification file. This file can be used when -notify=user@domain is provided. NOTE: Administrators can use a text editor to change the content of email.cfg to fit their needs. • cssunix.pdf – the Command AntiVirus for Unix User’s Guide. NOTE: The English versions of the first five files are installed when you install the Command AntiVirus package. The cssunix.pdf file is not installed unless you install the documentation package. Command AntiVirus for Unix
  • 51. CSAV FOR LINUX 3-3 INSTALLING To install Command AntiVirus for Linux, follow these steps: 1. At the Linux command prompt, $, type the following and press Enter to determine whether your system is using glibc2: ldd /bin/ls | grep libc | awk ‘{print $1; }’ If the output from this command is the following, you are using GLIBC as the primary library and should continue with Step 2: libc.so.6 If you are not using GLIBC you must install it before continuing with the installation. 2. At the Linux command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. 3. Type your root password and press Enter. LINUX 4. If you download the installation package, go to Step 7. Otherwise continue to the next step. 5. Insert the CD-ROM containing Command AntiVirus for Linux into your CD-ROM drive. Otherwise continue to the next step. 6. At the command prompt, #, type the following, and press Enter: mount /mnt/cdrom 7. To install the Command AntiVirus scan engine package, at the command prompt, #, type the following, and press Enter: rpm -i /mnt/cdrom/CSAV/linux/csav-x.xx.x-shared.i386.rpm The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0.
  • 52. 3-4 CSAV FOR LINUX 8. To install the deffiles package, at the command prompt, #, type the following, and press Enter: rpm -i /mnt/cdrom/CSAV/linux/deffiles-yyyymmdd-shared.noarch.rpm The yyyy represents the year the deffiles were released. The mm represents the month, and the dd represents the day, for example, 20010912. As a result, the deffiles package name changes when an updated package is released. 9. To install the documentation package, at the command prompt, #, type the following, and press Enter: rpm -i /mnt /cdrom/CSAV/linux/csav-docs-x.xx.x-language.noarch.rpm The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. The language represents the language used, for example, english. 10. To complete the installation of Command AntiVirus for Linux, at the command prompt, #, type the following, and press Enter: exit The system returns to the Linux command prompt, $. Command AntiVirus for Unix
  • 53. CSAV FOR LINUX 3-5 VERIFYING THE INSTALLATION To verify that the Command AntiVirus scan engine package is installed properly, at the command prompt, $, type the following and press Enter: rpm -q csav The system displays the following message: csav-x.xx.x-shared The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. This version number confirms the installation. To verify that the deffiles package is installed properly, at the command prompt, $, type the following and press Enter: rpm -q deffiles The system displays the following message: deffiles-yyyymmdd-shared The yyyy represents the year the deffiles were released. The mm represents LINUX the month, and the dd represents the day, for example, 20010912. To verify that the documentation package is installed properly, at the command prompt, $, type the following and press Enter: rpm -q csav-docs The system displays the following message: csav-docs-x.xx.x-language The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. The language represents the language used, for example, english.
  • 54. 3-6 CSAV FOR LINUX LOCATION OF INSTALLED FILES For updating or troubleshooting purposes, you may need to know the location of the Command AntiVirus files (CSAV package), the virus definition files (Deffiles package), and the documentation (CSAV-docs package) that are installed on your system. For example, when you update the macro.def, sign2.def, and sign.def files, you may need to know their locations. Table 1, Table 2, and Table 3 provide the locations for the shared package files. Table 1: Installed Locations of CSAV for Linux Files – CSAV Package Path Description /usr/bin/csav The Command AntiVirus command-line scanner. /usr/lib/libcsscan.so A symbolic link to the most recently installed shared library. /usr/lib/libcsscan.so.x.xx The shared library for CSAV. The x.xx represents the version number of the product, for example, 4.70. Note: The /usr/lib/libcsscan.so path mentioned above links to this specific file. /etc/csav/english.tx1 The file containing language-specific text. /etc/csav/email.cfg A sample e-mail notification file. This file can be used when -notify=user@domain is provided. Note: Administrators can use a text editor to change the content of email.cfg to fit their needs. /usr/doc/csav/distrib.txt This file provides contact information about all of the Command AntiVirus distributors. /usr/doc/csav/readme.txt The readme file for Command AntiVirus for Linux. This file contains important last-minute information about the functioning of the product. /usr/doc/csav/legal.txt This file contains legal information on product copyright, licensing, usage, etc. /usr/doc/csav/guide.txt The Command AntiVirus for Unix User’s Guide short form in text format. /usr/man/man1/csav.1.gz The online manual page. Command AntiVirus for Unix
  • 55. CSAV FOR LINUX 3-7 Table 2: Installed Locations of CSAV for Linux Definition Files – Deffiles Package Path Description /etc/csav/macro.def The virus signature definition file for macro viruses. /etc/csav/sign.def The virus signature definition file for non-macro viruses. /etc/csav/sign2.def The virus signature extended definition file. Table 3: Installed Locations of CSAV for Linux Documentation Files – CSAV-docs Package Path Description /etc/csav/email.cfg A sample e-mail notification file. This file can be used when -notify=user@domain is provided. Note: Administrators can use a text editor to change the content of email.cfg to fit their needs. /usr/doc/csav/distrib.txt This file provides contact information about all of the Com- LINUX mand AntiVirus distributors. /usr/doc/csav/readme.txt The readme file for Command AntiVirus for Linux. This file contains important last-minute information about the functioning of the product. /usr/doc/csav/legal.txt This file contains legal information on product copyright, licensing, usage, etc. /usr/doc/csav/cssunix.pdf The Command AntiVirus for Unix User’s Guide. /usr/doc/csav/guide.txt The Command AntiVirus for Unix User’s Guide short form in text format.
  • 56. 3-8 CSAV FOR LINUX TESTING COMMAND ANTIVIRUS For testing purposes, there is a self-extracting file called SE_EICAR.EXE. You can download SE_EICAR.EXE from our web site at http://www.authentium.com/threats/eicar.cfm. If you run this file, you will find a test file called eicar.com (from the European Institute for Computer Anti-Virus Research). This file helps you verify that you installed your antivirus protection properly. eicar.com also provides a way to demonstrate how Command AntiVirus responds when it finds a virus. To test Command AntiVirus, just scan eicar.com. A message containing the following phrase should appear on-screen: Infection: EICAR_Test_File This message assures you that Command AntiVirus is functioning properly. If you do not receive this message, then Command AntiVirus is not functioning properly and you will need to troubleshoot the cause of the problem. UPDATING COMMAND ANTIVIRUS FOR LINUX The following section contains information on installing an updated version of Command AntiVirus for Linux. NOTE: If you are updating from a version prior to 4.62.0, we recommend that you first uninstall the older version. For more information refer to Removing Command AntiVirus located on page 3-16. Once you have removed the older version, use the installation instructions for a first-time installation. For more information refer to Installation located on page 3-2. To update an existing version of Command AntiVirus for Linux, follow these steps: 1. At the Linux command prompt, $, type the following, and press Enter: su Command AntiVirus for Unix
  • 57. CSAV FOR LINUX 3-9 The system displays the Password: prompt. 2. Type your root password and press Enter. 3. To install the Command AntiVirus scan engine package, at the command prompt, #, type the following, and press Enter: rpm -U csav-x.xx.x-shared.i386.rpm The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. NOTE: We highly recommend that you update the virus definition files (deffiles) at this time. Go to Step 3 of Updating the Definition Files to update the deffiles and to complete the updating of Command AntiVirus for Linux. If you do not want to update the deffiles at this time, go to Step 4 to complete the installation of the updated version. 4. To complete the updating, at the command prompt, #, type the following, and press Enter: exit LINUX The system returns to the Linux command prompt, $. UPDATING THE DEFINITION FILES The following section contains information on updating the virus definition files (deffiles). For information on scheduling deffile updates, refer to Scheduling Updates located on page 3-10. To update the Command AntiVirus for Linux deffiles, follow these steps: 1. At the Linux command prompt, $, type the following, and press Enter: su
  • 58. 3-10 CSAV FOR LINUX The system displays the Password: prompt. 2. Type your root password and press Enter. 3. To install the deffiles package, at the command prompt, #, type the following, and press Enter: rpm -U <deffile_loc/>deflinux.rpm NOTE: Replace the <deffile_loc/> with the location of the deffiles. 4. To complete the updating, at the command prompt, #, type the following, and press Enter: exit The system returns to the Linux command prompt, $. SCHEDULING UPDATES If you are a registered user of Command AntiVirus and you have a user name and password, you can schedule deffile updates through cron. Use the following command line: 5 0 * * * /bin/rpm -U ftp://<user:password>@ftp.commandcom.com/products/commercial/def/deflinux.rpm NOTE: Replace the <user:password> with your user name:password. Command AntiVirus for Unix
  • 59. CSAV FOR LINUX 3-11 PERFORMING A VIRUS SCAN To perform a scan for viruses, at the command line, type the following, and press Enter: csav -disinf /usr/bin /usr/doc Command AntiVirus begins scanning your /usr/bin and /user/doc directories. Entering the path name immediately after csav allows you to scan specific directories. Subdirectories are scanned by default. You can scan more than one directory at a time. In the command stated above, the /usr/bin and /usr/doc paths are scanned because their path names, which must be separated by a space, have been added to the command line immediately after csav. If an infected file is detected, the -disinf switch instructs Command AntiVirus to disinfect the file automatically. COMMAND-LINE OPTIONS There are many command-line options (switches) that you can use with Command AntiVirus for Linux. For more information, refer to the on-line manual page (man csav). Using these switches requires the following syntax: LINUX csav {command-line options} {path}+ In the above syntax: csav is the Command AntiVirus executable {command-line options} can be any of the switches listed in Table 4. {path} + is one or more paths For example, to scan all files in a directory called doc, you can use the following command: csav -disinf /usr/doc/
  • 60. 3-12 CSAV FOR LINUX Some examples of csav using command-line options are: csav /bin/ csav -list /bin csav -packed /usr/doc csav -paranoid /doc -type csav -report=myrep.txt /doc If you do not provide at least one command-line option, csav exits. Table 4: CSAV for Linux Command-line Switches Switch Description -all Scans all files. -append Adds to the existing report file. This switch allows you to receive an extended report of what was scanned. If you use the -list switch, this report can become very large so you will need to clear it frequently. The -append switch must be used with the -report=<file name> switch. -archive Scans inside .zip, .cab, .tar, .gz, .rar, .lzh and .arj files. -collect Scans a virus collection. -delete Deletes infected files. -disinf Disinfects when possible. Deletes first-generation samples and files destroyed by overwriting viruses. It will never delete a file that can be disinfected. -dumb Scans all files. This switch is to be used with the -collect switch. -follow Follows symbolic links. Command AntiVirus for Unix
  • 61. CSAV FOR LINUX 3-13 Table 4: CSAV for Linux Command-line Switches Switch Description -help Displays this list of switches. -list Lists all files being scanned. -nobreak Does not abort the scan if the Ctrl-C key combination is pressed. -noheur Disables heuristic scanning abilities. -nosub Does not scan subdirectories. -notify=user@domain.com When a virus is detected, sends an e-mail to the designated address (replace user@domain.com with a legitimate e-mail address). -packed Unpacks compressed executables. -quarantine=<directory name> Quarantines the infected files to the directory specified at the command line. Important: Only users with root permissions can use this command-line option. -rename Renames infected com/exe files to vom/vxe. LINUX -report=<file name> Sends the output to a specified file. -removeall Removes all macros from all documents. -removenew Removes new variants of macro viruses by removing all macros from infected documents. -saferemove Removes all macros from all documents if a known virus is detected. -silent Does not generate any screen output. -syslog Logs all detected infections into the system log (usually /var/log/messages). Important: Only the root is allowed to use this switch as it generates additional output to the system files.
  • 62. 3-14 CSAV FOR LINUX Table 4: CSAV for Linux Command-line Switches Switch Description -virlist If specified, displays the virus list on the screen. If used, this switch must be the only option. Use redirection to save the virus list as a file. For example: csav -virlist > virlist.lis To view the virus list one screen at a time, you can use the more command: csav -virlist | more -virno Counts the known viruses. The following switches are non-functional in Command AntiVirus for Linux: -hard, -inter, -noboot, -nofile, -nofloppy, -nomem, -page, and -wrap. E-mail Notification Command AntiVirus for Linux can be configured to send a virus notification e-mail message to a specific address. For example, when a virus is detected, an e-mail notification containing important information about the infection can be sent to a company’s MIS department. To enable e-mail notification, you must use the -notify=user@domain.com command-line switch (see Table 4). The default notification message is located in the email.cfg file. The default message is: Dear Sir/Madam, On %DATE% Command AntiVirus version %VER% found the virus %VIRUS% in the file %FILE% (owned by %OWNER%) residing on the machine %MACHINE%. Regards, The Administrator Command AntiVirus for Unix
  • 63. CSAV FOR LINUX 3-15 NOTE: You can use any standard text editor to reword the notification message to fit your needs. When the notification message is generated, variables in email.cfg are replaced automatically with specific information about those variables. For example, if the %VIRUS% variable is used in email.cfg, the notification message will contain the name of the virus. A notification generated from the default email.cfg will look similar to the following: Dear Sir/Madam, On Tue Aug 10 16:03:28 1999 CommandAntiVirus version 4.60.0 found the virus W97M/Test Macro in the file 1/macro97.doc (owned by DBanner) residing on the machine hulk017.zigysoft.com. Regards, The Administrator The variables that are available for use in the Command AntiVirus virus notification e-mail message are described in Table 5: LINUX Table 5: Notification Message Variables Variable Description %DATE% Will be replaced with the current date. This variable reports the current day of the week, the calendar date, and the time of day. %FILE% Will be replaced with the name of the infected file. %MACHINE% Will be replaced with the machine name as found through DNS.
  • 64. 3-16 CSAV FOR LINUX Table 5: Notification Message Variables Variable Description %OWNER% Will be replaced by the user name of the owner of the infected file. Important: The owner is the account that currently “owns” the file. It is not guaranteed that this account created the file. %VER% Will be replaced with the version number of the currently running Command AntiVirus. %VIRUS% Will be replaced with the name of the virus infecting the file. REMOVING COMMAND ANTIVIRUS To remove Command AntiVirus for Linux, follow these steps: 1. At the Linux command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. 2. Type your root password and press Enter. 3. To remove the deffiles package, at the command prompt, #, type the following and press Enter: rpm -e deffiles Command AntiVirus for Unix
  • 65. CSAV FOR LINUX 3-17 4. To remove the Command AntiVirus scan engine package, at the command prompt, #, type the following and press Enter: rpm -e csav 5. To remove the documentation package, at the command prompt, #, type the following and press Enter: rpm -e csav-docs 6. To complete the removal of Command AntiVirus for Linux, at the command prompt, #, type the following and press Enter: exit The system returns to the Linux command prompt, $. LINUX
  • 66. 3-18 CSAV FOR LINUX Command AntiVirus for Unix
  • 67. CSAV FOR FREEBSD This chapter provides pre-installation requirements and instructions on installing and removing Command AntiVirus for FreeBSD. Also included is information on performing virus scans, using the product’s command-line switches, and using the Command AntiVirus for FreeBSD e-mail notification feature. PRE-INSTALLATION REQUIREMENTS The system requirements for Command AntiVirus for FreeBSD are: • An IBM®-compatible computer with a 386 or higher CPU • FreeBSD 3.5.1 or higher • At least 4.0 MB of available hard disk space INSTALLATION Installing Command AntiVirus for FreeBSD is easy to do. The installation places all of the required CSAV files in the necessary directories. Before beginning, please read the installation instructions thoroughly. This will help you to anticipate any choices that you may need to make during the installation process. Before beginning, please read the installation instructions thoroughly. This will help you to anticipate any choices that you may need to make during the installation process. Command AntiVirus for FreeBSD consists of three packages: the Command AntiVirus scan engine, the virus definition files, also referred to as deffiles, and the documentation.
  • 68. 4-2 CSAV FOR FREEBSD The documentation package installs the translated versions of the following: • readme.txt – contains important last-minute information about the functioning of the product. • guide.txt – the short form of the Command AntiVirus for Unix User’s Guide in text format. • distrib.txt – contains contact information about all of the Command Software distributors. • legal.txt – contains legal information on product copyright, licensing, usage, etc. • email.cfg – a sample e-mail notification file. This file can be used when -notify=user@domain is provided. NOTE: Administrators can use a text editor to change the content of email.cfg to fit their needs. • cssunix.pdf – the Command AntiVirus for Unix User’s Guide. NOTE: The English versions of the first five files are installed when you install the Command AntiVirus package. The cssunix.pdf file is not installed unless you install the documentation package. INSTALLING To install Command AntiVirus for FreeBSD, follow these steps: 1. At the FreeBSD command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. Command AntiVirus for Unix
  • 69. CSAV FOR FREEBSD 4-3 2. Type your root password and press Enter. 3. If you download the installation package, go to Step 6. Otherwise continue to the next step. 4. Insert the CD-ROM containing Command AntiVirus for FreeBSD into your CD-ROM drive 5. At the command prompt, #, type the following, and press Enter: mount /cdrom 6. To install the Command AntiVirus package, at the command prompt, #, type the following, and press Enter: pkg_add /cdrom/CSAV/freebsd/csav-x.xx.x-shared.tgz The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. 7. To install the deffiles package, at the command prompt, #, type the following, and press Enter: pkg_add /cdrom/CSAV/freebsd/deffiles-yyyymmdd.tgz The yyyy represents the year the deffiles were released. The mm represents the month, and the dd represents the day, for example, 20010912. 8. To install the documentation package, at the command prompt, #, type the following, and press Enter: pkg_add /cdrom/CSAV/freebsd/csav-docs-x.xx.x-language.tgz FREEBSD The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. The language represents the language used, for example, english. 9. To complete the installation of Command AntiVirus for FreeBSD, at the command prompt, #, type the following, and press Enter: exit The system returns to the FreeBSD command prompt, $.
  • 70. 4-4 CSAV FOR FREEBSD VERIFYING THE INSTALLATION To verify that the Command AntiVirus package is installed properly, at the command prompt, $, type the following and press Enter: pkg_info |grep csav The system displays the following message: csav Command AntiVirus(tm) for FreeBSD To verify that the deffiles package is installed properly, at the command prompt, $, type the following and press Enter: pkg_info |grep deffiles The system displays the following message: deffiles Command AntiVirus(tm) for FreeBSD definition files (deffiles) To verify that the documentation package is installed properly, at the command prompt, $, type the following and press Enter: pkg_info |grep csav-docs The system displays the following message: csav-docs Command AntiVirus(tm) for FreeBSD supporting documentation Command AntiVirus for Unix
  • 71. CSAV FOR FREEBSD 4-5 LOCATION OF INSTALLED FILES For updating or troubleshooting purposes, you may need to know the location of the Command AntiVirus files (CSAV package), the virus definition files (Deffiles package), and the documentation (CSAV-docs package) that are installed on your system. For example, when you update the macro.def, sign2.def, and sign.def files, you may need to know their locations. Table 1, Table 2, and Table 3 provide the locations for the shared package files. Table 1: Installed Locations of CSAV for FreeBSD Files – CSAV Package Path Description /usr/bin/csav The Command AntiVirus command-line scanner. /usr/lib/libcsscan.so A symbolic link to the most recently installed shared library. /usr/lib/libcsscan.so.x.xx The shared library for CSAV. The x.xx represents the version number of the product, for example, 4.70. Note: The /usr/lib/libcsscan.so path mentioned above links to this specific file. /etc/csav/english.tx1 The file containing language-specific text. /etc/csav/email.cfg A sample e-mail notification file. This file can be used when -notify=user@domain is provided. Note: Administrators can use a text editor to change the content of email.cfg to fit their needs. /usr/share/doc/csav/distrib.txt This file provides contact information about all of the Command AntiVirus distributors. /usr/share/doc/csav/readme.txt The readme file for Command AntiVirus for FreeBSD. This file contains important last-minute information about FREEBSD the functioning of the product. /usr/share/doc/csav/legal.txt This file contains legal information on product copyright, licensing, usage, etc. /usr/share/doc/csav/guide.txt The Command AntiVirus for Unix User’s Guide short form in text format. /usr/share/man/man1/csav.1.gz The online manual page.
  • 72. 4-6 CSAV FOR FREEBSD Table 2: Installed Locations of CSAV for FreeBSD Definition Files – Deffiles Package Path Description /etc/csav/macro.def The virus signature definition file for macro viruses. /etc/csav/sign.def The virus signature definition file for non-macro viruses. /etc/csav/sign2.def The virus signature extended definition file. Table 3: Installed Locations of CSAV for FreeBSD Documentation Files – CSAV-docs Path Description /etc/csav/email.cfg A sample e-mail notification file. This file can be used when -notify=user@domain is provided. Note: Administrators can use a text editor to change the content of email.cfg to fit their needs. /usr/share/doc/csav/ This file provides contact information about all of the distrib.txt Command AntiVirus distributors. /usr/share/doc/csav/ The readme file for Command AntiVirus for FreeBSD. This file readme.txt contains important last-minute information about the functioning of the product. /usr/share/doc/csav/ This file contains legal information on product copyright, legal.txt licensing, usage, etc. /usr/share/doc/csav/ The Command AntiVirus for Unix User’s Guide. cssunix.pdf /usr/share/doc/csav/ The Command AntiVirus for Unix User’s Guide short form in guide.txt text format. Command AntiVirus for Unix
  • 73. CSAV FOR FREEBSD 4-7 TESTING COMMAND ANTIVIRUS For testing purposes, there is a self-extracting file called SE_EICAR.EXE. You can download SE_EICAR.EXE from our web site at http://www.authentium.com/threats/eicar.cfm. If you run this file, you will find a test file called eicar.com (from the European Institute for Computer Anti-Virus Research). This file helps you verify that you installed your antivirus protection properly. eicar.com also provides a way to demonstrate how Command AntiVirus responds when it finds a virus. To test Command AntiVirus, just scan eicar.com. A message containing the following phrase should appear on-screen: Infection: EICAR_Test_File This message assures you that Command AntiVirus is functioning properly. If you do not receive this message, then Command AntiVirus is not functioning properly and you will need to troubleshoot the cause of the problem. UPDATING COMMAND ANTIVIRUS FOR FREEBSD The following section contains information on installing an updated version of Command AntiVirus for FreeBSD. To update an existing version of Command AntiVirus for FreeBSD, follow these steps: 1. At the FreeBSD command prompt, $, type the following, and press Enter: su FREEBSD The system displays the Password: prompt. 2. Type your root password and press Enter.
  • 74. 4-8 CSAV FOR FREEBSD 3. To install the Command AntiVirus package, at the command prompt, #, type the following, and press Enter: pkg_update csav-x.xx.x-shared.tgz The x.xx.x represents the Command AntiVirus version number, for example, 4.70.0. NOTE: We highly recommend that you update the virus definition files (deffiles) at this time. Go to Step 3 of Updating the Definition Files to update the deffiles and to complete the updating of Command AntiVirus for FreeBSD. If you do not want to update the deffiles at this time, go to Step 4 to complete the installation of the updated version. 4. To complete the updating, at the command prompt, #, type the following, and press Enter: exit The system returns to the FreeBSD command prompt, $. UPDATING THE DEFINITION FILES The following section contains information on updating the virus definition files (deffiles). For information on scheduling deffile updates, refer to Scheduling Updates located on page 4-9. To update the Command AntiVirus for FreeBSD deffiles, follow these steps: 1. At the FreeBSD command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. 2. Type your root password and press Enter. Command AntiVirus for Unix
  • 75. CSAV FOR FREEBSD 4-9 3. To install the deffiles package, at the command prompt, #, type the following, and press Enter: pkg_update deffiles.tgz 4. To complete the updating, at the command prompt, #, type the following, and press Enter: exit The system returns to the FreeBSD command prompt, $. SCHEDULING UPDATES If you are a registered user of Command AntiVirus and you have a user name and password, you can schedule deffile updates through cron. Use the following command line: 5 0 * * * /usr/sbin/pkg_update ftp://<user:password>@ftp.commandcom.com/products/commercial/def/deffiles.tgz NOTE: Replace the <user:password> with your user name:password. FREEBSD
  • 76. 4-10 CSAV FOR FREEBSD PERFORMING A VIRUS SCAN To perform a scan for viruses, at the command line, type the following, and press Enter: csav -disinf /usr/bin /usr/doc Command AntiVirus begins scanning your /usr/bin and /user/doc directories. Entering the path name immediately after csav allows you to scan specific directories. Subdirectories are scanned by default. You can scan more than one directory at a time. In the command stated above, the /usr/bin and /usr/doc paths are scanned because their path names, which must be separated by a space, have been added to the command line immediately after csav. If an infected file is detected, the -disinf switch instructs Command AntiVirus to disinfect the file automatically. COMMAND-LINE OPTIONS There are many command-line options (switches) that you can use with Command AntiVirus for FreeBSD. Using these switches requires the following syntax: csav {command-line options} {path}+ In the above syntax: csav is the Command AntiVirus executable {command-line options} can be any of the switches listed in Table 4. {path} + is one or more paths For example, to scan all files in a directory called doc, you can use the following command: csav -disinf /usr/doc/ Some examples of csav using command-line options are: Command AntiVirus for Unix
  • 77. CSAV FOR FREEBSD 4-11 csav /bin/ csav -list /bin csav -packed /usr/doc csav -paranoid /doc -type csav -report=myrep.txt /doc If you do not provide at least one command-line option, csav exits. Table 4: CSAV for FreeBSD Command-line Switches Switch Description -all Scans all files. -append Adds to the existing report file. This switch allows you to receive an extended report of what was scanned. If you use the -list switch, this report can become very large so you will need to clear it frequently. The -append switch must be used with the -report=<file name> switch. -archive Scans inside .zip, .cab, .tar, .gz, .rar, .lzh and .arj files. -collect Scans a virus collection. -delete Deletes infected files. -disinf Disinfects when possible. Deletes first-generation samples and files destroyed by overwriting viruses. It will never delete a file that can be disinfected. FREEBSD -dumb Scans all files. This switch is to be used with the -collect switch. -follow Follows symbolic links. -help Displays this list of switches. -list Lists all files being scanned.
  • 78. 4-12 CSAV FOR FREEBSD Table 4: CSAV for FreeBSD Command-line Switches Switch Description -nobreak Does not abort the scan if the Ctrl-C key combination is pressed. -noheur Disables heuristic scanning abilities. -nosub Does not scan subdirectories. -notify=user@domain.com When a virus is detected, sends an e-mail to the designated address (replace user@domain.com with a legitimate e-mail address). -packed Unpacks compressed executables. -quarantine=<directory name> Quarantines the infected files to the directory specified at the command line. Important: Only users with root permissions can use this command-line option. -rename Renames infected com/exe files to vom/vxe. -report=<file name> Sends the output to a specified file. -removeall Removes all macros from all documents. -removenew Removes new variants of macro viruses by removing all macros from infected documents. -saferemove Removes all macros from all documents if a known virus is detected. -silent Does not generate any screen output. -syslog Logs all detected infections into the system log (usually /var/log/messages). Important: Only the root is allowed to use this switch as it generates additional output to the system files. Command AntiVirus for Unix
  • 79. CSAV FOR FREEBSD 4-13 Table 4: CSAV for FreeBSD Command-line Switches Switch Description -virlist If specified, displays the virus list on the screen. If used, this switch must be the only option. Use redirection to save the virus list as a file. For example: csav -virlist > virlist.lis To view the virus list one screen at a time, you can use the more command: csav -virlist | more -virno Counts the known viruses. The following switches are non-functional in Command AntiVirus for FreeBSD: -hard, -inter, -noboot, -nofile, -nofloppy, -nomem, -page, and -wrap. E-mail Notification Command AntiVirus for FreeBSD can be configured to send a virus notification e-mail message to a specific address. For example, when a virus is detected, an e-mail notification containing important information about the infection can be sent to a company’s MIS department. To enable e-mail notification, you must use the -notify=user@domain.com command-line switch (see Table 4). The default notification message is located in the email.cfg file. The default message is: Dear Sir/Madam, FREEBSD On %DATE% Command AntiVirus version %VER% found the virus %VIRUS% in the file %FILE% (owned by %OWNER%) residing on the machine %MACHINE%. Regards, The Administrator
  • 80. 4-14 CSAV FOR FREEBSD NOTE: You can use any standard text editor to reword the notification message to fit your needs. When the notification message is generated, variables in email.cfg are replaced automatically with specific information about those variables. For example, if the %VIRUS% variable is used in email.cfg, the notification message will contain the name of the virus. A notification generated from the default email.cfg will look similar to the following: Dear Sir/Madam, On Tue Aug 10 16:03:28 1999 Command AntiVirus version 4.60.0 found the virus W97M/Test Macro in the file 1/macro97.doc (owned by DBanner) residing on the machine hulk017.zigysoft.com. Regards, The Administrator The variables that are available for use in the Command Antivirus virus notification e-mail message are described in Table 5: Table 5: Notification Message Variables Variable Description %DATE% Will be replaced with the current date. This variable reports the current day of the week, the calendar date, and the time of day. %FILE% Will be replaced with the name of the infected file. %MACHINE% Will be replaced with the machine name as found through DNS. Command AntiVirus for Unix
  • 81. CSAV FOR FREEBSD 4-15 Table 5: Notification Message Variables Variable Description %OWNER% Will be replaced by the user name of the owner of the infected file. Important: The owner is the account that currently “owns” the file. It is not guaranteed that this account created the file. %VER% Will be replaced with the version number of the currently running Command AntiVirus. %VIRUS% Will be replaced with the name of the virus infecting the file. REMOVING COMMAND ANTIVIRUS To remove Command AntiVirus for FreeBSD, follow these steps: 1. At the FreeBSD command prompt, $, type the following, and press Enter: su The system displays the Password: prompt. 2. Type your root password and press Enter. 3. To remove the deffiles package, at the command prompt, #, type the following FREEBSD and press Enter: pkg_delete deffiles
  • 82. 4-16 CSAV FOR FREEBSD 4. To remove the Command AntiVirus package, at the command prompt, #, type the following and press Enter: pkg_delete csav 5. To remove the documentation package, at the command prompt, #, type the following and press Enter: pkg_delete csav-docs 6. To complete the removal of Command AntiVirus for FreeBSD, at the command prompt, #, type the following and press Enter: exit The system returns to the FreeBSD command prompt, $. Command AntiVirus for Unix
  • 83. GLOSSARY BOOT SECTOR Stores critical drive information. Floppy disks and local hard disks have boot sectors. BOOT SECTOR VIRUS A virus that infects the boot sector of a hard disk or a floppy disk. Note that any formatted disk (even one that is blank or contains only text data) can contain a boot sector virus. Booting with an infected disk activates this type of virus. CIRCULAR INFECTION A type of infection that occurs when two viruses infect the boot sector of a disk, rendering the disk unbootable. Removing one virus usually causes a re-infection with the other virus. CMOS Complimentary Metal Oxide Semi-Conductor. CMOS memory in the computer stores critical configuration information. Some viruses try to alter this data. COMPANION VIRUS A virus that infects executable files by creating a companion file with the same name but with a .COM extension. As DOS executes .COM files before .EXE files and .BAT files, the virus loads before the executable file.
  • 84. 5-2 GLOSSARY CROSS-LINKED FILES Cross-linking, a common situation rarely associated with viruses, occurs when two files seem to share the same clusters on the disk. DROPPER A program compressed with PKLite, Diet, LZExe, etc... that contains a virus. Microsoft Word documents can also function as droppers. A dropper deposits the virus onto a hard disk, a floppy disk, a file or into memory. The children of this process are not droppers. EICAR TEST FILE EICAR (European Institute for Antivirus Research) test file provides an industry standard solution to test antivirus products. The EICAR test file is the result of a cooperative effort between various antivirus researchers. You can use this file in a variety of ways. For example, you can safely verify that real-time protection is active and demonstrate what happens when it finds a virus. ENCRYPTION A process of making data unreadable. Some viruses use encryption techniques in order to hide their presence from antivirus scanners. EXECUTABLE CODE Instructions that a computer uses to accomplish various tasks. This includes COM, EXE, DLL and similar files. In a broader sense, executable code includes the code found in disk boot sectors, batch files and even macros used by some applications. FALSE POSITIVE A false positive occurs when a scanner identifies a file as infected when, in fact, the file is virus-free. Command AntiVirus for Unix
  • 85. GLOSSARY 5-3 FILE STEALTH A virus characteristic that hides the increase in length of infected files. For example, if the original size of a file is 240 KB, the file would appear to remain the same size although the file now contains a virus. FULL STEALTH GLOSSARY A virus that tries to hide its presence on an infected system. When operational, a full stealth virus can evade attempts to search for it in files or memory. HEURISTICS A rule-based method of identifying new viruses. This method of scanning does not rely on specific virus signatures. The advantage of the heuristics scan is that new variants of existing viruses cannot fool it. However, heuristics scans occasionally report suspicious code in normal programs. For example, the scanning of a program may generate the following message: C:DOSMSHERC.COM has been modified by adding some code at the end. This does not appear to be a virus, but might be a self-checking routine or some "wrapper" program. Command AntiVirus issues a stronger warning based on the likelihood of a program actually containing a virus. INTEGRITY CHECKER A program that checks for changes to files. Integrity checkers, when used correctly, can provide an excellent second line of defense against new viruses or variants. JOKE PROGRAMS A program that makes the computer behave oddly. Command AntiVirus detects the presence of several well-known joke programs. While joke programs are generally harmless, their side effects are often mistaken for those of a virus.
  • 86. 5-4 GLOSSARY LOGIC BOMB A program that runs a pre-programmed routine (frequently destructive) when a designated condition is met. Logic bombs do not make copies of themselves. MALWARE A generic name for software that intentionally performs actions that can damage data or disrupt systems. MACRO VIRUS A virus written in one of the many macro languages. The macro viruses spread via infected files such as documents, spreadsheets, databases, or any computer program that uses a macro languages. MASTER BOOT RECORD (MBR) The first physical sector on all PC hard disks reserved for a short bootstrap program. The MBR also contains the partition table. MEMORY-RESIDENT Residing in computer memory as opposed to on the disk. MULTIPARTITE A virus that is able to infect both files and boot sectors. Such viruses are highly infectious. ON-ACCESS SCAN A virus scan that starts when the operating system performs an action on a file. For instance, when a file is created on the hard disk, Command AntiVirus' on-access protection scans it immediately. If a virus is detected, CSAV performs the action you specified in the on-access scan task settings. Command AntiVirus for Unix
  • 87. GLOSSARY 5-5 ON-DEMAND SCAN A virus scan that is started manually. In Command AntiVirus, on-demand scans can also be configured to scan automatically at a specified time (refer to the glossary entry for Scheduled Scan). PARTITION TABLE GLOSSARY A place on a hard disk containing information required to access the partitions (logical blocks) of a PC disk. The partition table also contains a flag indicating which partition should be used to boot the system (the active partition). The partition table is stored in the master boot record (MBR). POLYMORPHISM A virus in which the code appears to be different every time the virus reproduces (though generally each reproduction of the virus is functionally identical). This process is usually achieved by encrypting the body of the virus and adding a decryption routine that is different for each reproduction. SCHEDULED SCAN An on-demand scan that is configured to run automatically each day, once a day on specified days of the week, or once a month on a given date. STEALTH VIRUS A virus that tries to hide itself. Changes made by this virus are not easily detected. For example, if the original size of a file is 240K, the infected file would appear to remain the same size. A stealth virus can operate only when it is resident in memory. TROJAN (OR TROJAN HORSE) A program that carries out an unauthorized function while hidden inside an authorized program. This program is designed to do something other than what it claims to and frequently is destructive in its actions.
  • 88. 5-6 GLOSSARY TUNNELING A characteristic of some viruses that try to access the operating system directly, bypassing any TSRs (including antivirus software) that have been loaded. VIRUS An independent program that reproduces itself. A virus may attach to other programs; it must create copies of itself (refer to the glossary entry for Companion Viruses). It may attach itself to any executable code, including but not limited to boot sectors and/or partition sectors of hard and/or floppy disks. It may damage, corrupt or destroy data, or degrade system performance. VIRUS SIMULATOR A program that creates files that “look like” viruses. Such files are useless for testing purposes because they are not really infected. Command AntiVirus is smart enough not to be fooled by a simulator. VIRUS VARIANT A modification of a previously known virus, a variation. WORM A program that reproduces by copying itself over and over, system to system. Worms are self-contained and generally use networks to spread. Command AntiVirus for Unix
  • 89. INDEX A system requirements 2-1, 3-1, 4-1 Admintool updating definition files dialog box FreeBSD 4-8–4-9 Add Software 2-10 Linux 3-9–3-10 Delete Software 2-32, 2-34, 2-36 Solaris 2-21–2-22 Set Source Media 2-9 updating of Software 2-8, 2-12, 2-14, 2-16, 2-31, FreeBSD 4-7–4-8 2-33, 2-35, 2-37 Linux 3-8–3-9 Software Details 2-13, 2-15, 2-17 Command Software Users 2-7, 2-11, 2-30 mailing list server 1-5 Warning 2-32, 2-34, 2-36 technical support 1-4 web site 1-4 C command-line chapter overviews 1-2 options see switches Command AntiVirus switches 2-23, 3-11, 4-10 features 1-2 CSAV for FreeBSD 4-11 installation CSAV for Linux 3-12 FreeBSD 4-1–4-3 CSAV for Solaris 2-24 Linux 3-2–3-4 conventions used 1-3 Solaris CSAV files Intel platform 2-2–2-17 location of SPARC platform 2-2–2-17 FreeBSD 4-5 using Admintool Linux 3-6 Solaris Solaris 2-18 Intel platform 2-6–2-11 CSAV for FreeBSD SPARC platform 2-6–2-11 command-line switches 4-11 using pkg_add installation 4-1–4-3 Solaris verification of 4-4 Intel platform 2-3–2-5 location of SPARC platform 2-3–2-5 CSAV files 4-5 README.TXT file 1-5 definition files 4-6 removing documentation files 4-6 FreeBSD 4-15 removing 4-15 Linux 3-16 system requirements 4-1 Solaris updating from the command prompt CSAV 4-7–4-8 2-28–2-29 definition files 4-8–4-9 using Admintool 2-29–2-37
  • 90. I-2 INDEX CSAV for Linux updating of command-line switches 3-12 CSAV for FreeBSD 4-8–4-9 installation 3-2–3-4 CSAV for Linux 3-9–3-10 verification of 3-5 CSAV for Solaris 2-21–2-22 location of dialog boxes CSAV files 3-6 Admintool definition files 3-7 Add Software 2-10 documentation files 3-7 Delete Software 2-32, 2-34, 2-36 removing 3-16 Set Source Media 2-9 system requirements 3-1 Software 2-8, 2-12, 2-14, 2-16, updating 2-31, 2-33, 2-35, 2-37 CSAV 3-8–3-9 Software Details 2-13, 2-15, 2-17 definition files 3-9–3-10 Users 2-7, 2-11, 2-30 CSAV for Solaris Warning 2-32, 2-34, 2-36 command-line switches 2-24 documentation files installation location of using Admintool CSAV for FreeBSD 4-6 verification of 2-11 CSAV for Linux 3-7 using pkg_add CSAV for Solaris 2-20 verification of 2-5 E location of e-mail notification CSAV files 2-18 virus 2-26, 3-14, 4-13 definition files 2-19 documentation files 2-20 F removing features 1-2 from the command prompt files 2-28–2-29 CSAV for FreeBSD using Admintool 2-29–2-37 location of system requirements CSAV 4-5 Intel 2-1 definition 4-6 SPARC 2-1 documentation 4-6 updating definition files 2-21–2-22 CSAV for Linux location of D CSAV 3-6 definition files definition 3-7 location of documentation 3-7 CSAV for FreeBSD 4-6 CSAV for Solaris CSAV for Linux 3-7 location of CSAV for Solaris 2-19 CSAV 2-18 definition 2-19 documentation 2-20 Command AntiVirus for Unix
  • 91. INDEX I-3 definition R updating README.TXT file 1-5 CSAV for FreeBSD 4-8–4-9 removing Command AntiVirus CSAV for Linux 3-9–3-10 FreeBSD 4-15 CSAV for Solaris 2-21–2-22 Linux 3-16 README.TXT 1-5 Solaris from the command prompt I 2-28–2-29 installation using Admintool 2-29–2-37 CSAV for FreeBSD 4-1–4-3 CSAV for Linux 3-2–3-4 S CSAV for Solaris scheduling Intel 2-2–2-17 CSAV updates using Admintool 2-6–2-11 FreeBSD 4-9 using pkg_add 2-3–2-5 Linux 3-10 SPARC 2-2–2-17 switches using Admintool 2-6–2-11 command-line 2-23, 3-11, 4-10 using pkg_add 2-3–2-5 INDEX CSAV for FreeBSD 4-11 verification of CSAV for Linux 3-12 CSAV for FreeBSD 4-4 CSAV for Solaris 2-24 CSAV for Linux 3-5 system requirements CSAV for Solaris CSAV for FreeBSD 4-1 using Admintool 2-11 CSAV for Linux 3-1 using pkg_add 2-5 CSAV for Solaris Intel platform 2-1 M SPARC platform 2-1 mailing list server 1-5 message T variables 2-26, 2-27, 3-15, 4-14 technical support 1-4 N U notification updates message variables 2-26, 2-27, 3-15, scheduling 4-14 CSAV for FreeBSD 4-9 virus CSAV for Linux 3-10 e-mail 2-26, 3-14, 4-13 updating CSAV for FreeBSD 4-7–4-8 O CSAV for Linux 3-8–3-9 options definition files command-line see switches CSAV for FreeBSD 4-8–4-9 overview CSAV for Linux 3-9–3-10 chapters 1-2 CSAV for Solaris 2-21–2-22
  • 92. I-4 INDEX V variables notification message 2-26, 2-27, 3-15, 4-14 virus e-mail notification 2-26, 3-14, 4-13 scan performing 2-22, 3-11, 4-10 W web site, Command Software 1-4 Command AntiVirus for Unix

×