Catatan Kehidupan Seorang SysAdmin: Sophos Anti Virus 5.0 on RHEL 4

Pheww, dah lama tak menulis... Semalam dengan jayanya menginstall Sophos Anti Virus (SAV) 5.0 di mesin RHEL 4 nie. Sepatutnya dah lama aku install tapi hanya semalam baru berminat, antara faktor utama aku install:

Kebolehan on-access scanning atau kekadang dikenali sebagai real-time scanning
Web-based GUI untuk configuration

Well, sayang sekali coz RHEL 4 tak disokong untuk melakukan on-access scanning secara default. Ini disebabkan oleh modul Talpa yang mungkin perlu dikompil semula coz aku tak guna OS yang disokong.

Sophos Anti-Virus for Linux, version 5.0: using a custom built or unsupported kernel
http://www.sophos.com/support/knowledgebase/article/3503.html

Web-based GUI pula cuma untuk edit configuration & baca log sahaja, nothing else.

[Tengok Status]
[root@kuli ~]# /etc/rc.d/init.d/sav-protect status
Sophos Anti-Virus daemon is active
[root@kuli ~]# /etc/rc.d/init.d/sav-web status
Sophos Anti-Virus GUI daemon is active
[root@kuli ~]# /sophos-av/bin/savdstatus
Sophos Anti-Virus is active but on-access scanning is not running

[Maklumat Versi]
[root@kuli ~]# savscan -v | head -n 15
SAVScan virus detection utility
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 04:47:18 PM, System date 07 April 2006

Product version : 4.03.0
Engine version : 2.32.14
Virus data version : 4.04
User interface version : 2.07.129
Platform : Linux/Intel
Released : 03 April 2006
Total viruses (with IDEs) : 120543

Information on additional data files:

[Update dari Sophos Repository]
[root@kuli ~]# /sophos-av/bin/savupdate
Downloading http://es-web.sophos.com/update/savlinux/master.upd
268 bytes downloaded in 4.504912 secs (59.490616 B/s)
Downloading http://es-web.sophos.com/update/savlinux/savi/cidsync.upd
3590 bytes downloaded in 6.078632 secs (590.593422 B/s)
Downloading http://es-web.sophos.com/update/savlinux/savi/manifest.dat
4404 bytes downloaded in 2.045518 secs (2.102539 KiB/s)
Downloading http://es-web.sophos.com/update/savlinux/savi/sav/torpi-ap.ide
3277 bytes downloaded in 1.945716 secs (1.644739 KiB/s)
/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/cidsync.upd is up to date
/sophos-av/update/cache/LOCAL/PACKAGE/doc/cidsync.upd is up to date
/sophos-av/update/cache/LOCAL/PACKAGE/root.upd is up to date
/sophos-av/update/cache/LOCAL/PACKAGE/talpa/cidsync.upd is up to date
Downloading http://es-web.sophos.com/update/savlinux/config/index.spec
Failed to download http://es-web.sophos.com/update/savlinux/config/index.spec
Downloading http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec
Failed to download http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec
Verify: /sophos-av/update/cache/LOCAL/PACKAGE/savi/manifest.dat in 0.382833 seconds
Verify: /sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/manifest.dat in 2.576548 seconds
Verify: /sophos-av/update/cache/LOCAL/PACKAGE/doc/manifest.dat in 0.099384 seconds
Verify: /sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0.019430 seconds
Verify: /sophos-av/update/cache/LOCAL/PACKAGE/talpa/manifest.dat in 0.082056 seconds
Verify: /sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0.020237 seconds
Updating Sophos Anti-Virus....
Updating SAVScan on-demand scanner
Updating Virus Engine and Data
Updating Manifest
Update completed.

Successfully updated Sophos Anti-Virus

[Scanning]
[root@kuli ~]# savscan -f -sc -all -archive /mnt/usb-storage1/sampah/
SAVScan virus detection utility
Version 4.03.0 [Linux/Intel]
Virus data version 4.04, April 2006
Includes detection for 120543 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 05:06:25 PM, System date 07 April 2006
Command line qualifiers are: -f -sc -all -archive

IDE directory is: /sophos-av/lib/sav

Using IDE file corpse-a.ide
Using IDE file bagledbp.ide
Using IDE file tileb-ea.ide
Using IDE file rbot-cwu.ide
Using IDE file spybo-is.ide
Using IDE file tileb-ee.ide
Using IDE file bancb-oh.ide
Using IDE file sdbo-bhp.ide
Using IDE file xrove-a.ide
Using IDE file sdbt-alz.ide
Using IDE file flood-gy.ide
Using IDE file rbot-ctj.ide
Using IDE file banco-yk.ide
Using IDE file tileb-dx.ide
Using IDE file tileb-eh.ide
Using IDE file hilder-a.ide
Using IDE file dwnl-akr.ide
Using IDE file dload-nb.ide
Using IDE file drsmar-r.ide
Using IDE file mytob-ha.ide
Using IDE file swizz-aw.ide
Using IDE file dermon-i.ide
Using IDE file rbot-czh.ide
Using IDE file nafbot-a.ide
Using IDE file rontok-a.ide
Using IDE file goldsuna.ide
Using IDE file orse-r.ide
Using IDE file drsmar-x.ide
Using IDE file loosk-by.ide
Using IDE file bankas-p.ide
Using IDE file rkdepo-a.ide
Using IDE file tileb-dw.ide
Using IDE file wlook-a.ide
Using IDE file vb-api.ide
Using IDE file lasher-a.ide
Using IDE file drsmar-s.ide
Using IDE file bront-ae.ide
Using IDE file hearse-a.ide
Using IDE file sality-i.ide
Using IDE file zlob-gh.ide
Using IDE file singu-ak.ide
Using IDE file zapch-at.ide
Using IDE file banlo-vi.ide
Using IDE file uskaf-a.ide
Using IDE file ircbo-gw.ide
Using IDE file agen-atm.ide
Using IDE file multi-fg.ide
Using IDE file bankdlan.ide
Using IDE file bdoor-xd.ide
Using IDE file torpi-ao.ide
Using IDE file bronto-z.ide
Using IDE file ircbo-fp.ide
Using IDE file bankd-ap.ide
Using IDE file clagge-k.ide
Using IDE file feebszip.ide
Using IDE file pur-av.ide
Using IDE file agen-atc.ide
Using IDE file sdbo-bay.ide
Using IDE file rbot-csc.ide
Using IDE file pccli-ij.ide
Using IDE file feebs-n.ide
Using IDE file sdbotbei.ide
Using IDE file dload-sx.ide
Using IDE file servu-ce.ide
Using IDE file ircbo-gx.ide
Using IDE file puper-ey.ide
Using IDE file alcra-f.ide
Using IDE file rbot-czt.ide
Using IDE file bancb-oj.ide
Using IDE file dnsbus-l.ide
Using IDE file ibank-e.ide
Using IDE file zapch-as.ide
Using IDE file clagge-m.ide
Using IDE file jubik-a.ide
Using IDE file loosk-ca.ide
Using IDE file dumar-bz.ide
Using IDE file feebs-p.ide
Using IDE file banco-rs.ide
Using IDE file pws-ki.ide
Using IDE file steam-f.ide
Using IDE file smallbek.ide
Using IDE file haxdo-bh.ide
Using IDE file feebs-q.ide
Using IDE file haxdo-bc.ide
Using IDE file sdbo-bba.ide
Using IDE file cell-b.ide
Using IDE file clagge-l.ide
Using IDE file kassbo-m.ide
Using IDE file rbot-bwt.ide
Using IDE file agobo-ta.ide
Using IDE file sickbt-d.ide
Using IDE file delf-bpc.ide
Using IDE file tileb-ej.ide
Using IDE file torpi-ap.ide

Full Scanning

>>> Virus 'W32/Brontok-Z' found in file /mnt/usb-storage1/sampah/jalak-931917015-bali.com
>>> Virus 'W32/Brontok-Z' found in file /mnt/usb-storage1/sampah/jalak-931917015-bali.zip/jalak-931917015-bali.com
>>> Virus 'W32/Brontok-Z' found in file /mnt/usb-storage1/sampah/jalak-932115015-bali.com
>>> Virus 'W32/Brontok-Z' found in file /mnt/usb-storage1/sampah/jalak-932115015-bali.zip/jalak-932115015-bali.com
>>> Virus 'W32/Brontok-Z' found in file /mnt/usb-storage1/sampah/sampah.zip/jalak-931917015-bali.com
>>> Virus 'W32/Brontok-Z' found in file /mnt/usb-storage1/sampah/sampah.zip/jalak-932115015-bali.com

11 files scanned in 3 seconds.
6 viruses were discovered.
5 files out of 11 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
End of Scan.

Catatan Kehidupan Seorang SysAdmin

Friday, April 07, 2006

Sophos Anti Virus 5.0 on RHEL 4

0 Comments:

Previous Posts

About Me