Project 15A: Checking Your System for Viruses (Optional)

While we are still dealing with the serious side of things, we might as well make brief mention of viruses. It is true that most of the viruses that make the news are aimed at Windows systems and make use of Windows versions of Outlook and Outlook Express email clients to spread themselves far and wide. This does not mean, however, that Linux is immune to viruses. Because many Linux users think that viruses only happen to Windows, Linux systems are often unprotected and are an attractive potential target, especially as the number of Linux users continues to grow. There is also always the possibility that your system may be used a way station of sorts, passing a virus from someone else to one of your associates (and guess who’ll get the blame). So, while you really don’t have too much to worry about yet, it is always better to be safe than sorry.

As Windows is the number one target of viruses, the number of virus- scanning applications for Windows is far greater than the number for Linux. Of these Linux applications, many are somewhat cumbersome for the beginner to use, and most require you to pay for the right to use them. One program, called F-Prot Antivirus, by an Icelandic company called Frisk Software International (www.f-prot.com), however, is available for free for “personal users on personal workstations.” If you are part of the readership I had in mind, then this means that F-Prot Antivirus is free for you. F-Prot Antivirus comes as an RPM file and is thus very easy to install. It is also very easy to use, even though it is run from the Linux Command Terminal and, thus, has no graphical interface.

Getting and Installing F-Prot Antivirus

To get F-Prot Antivirus, click the RPM Package link on the F-Prot download page at www.f-prot.com/download/download_fplinux_personal.html. You will then be presented with a form in which you will have to supply your name, email address, location, and country. When you are finished filling in the form, click the Submit and start download button at the bottom of the page. When the download process is done, the fp-linux-ws.rpm file will appear in your Home folder. Just double-click the file to install it.

15A-1: Using F-Prot Antivirus

Before using F-Prot Antivirus, it is probably best that you update its virus database so that you can catch the newest of the viral meanies. To do this, you use an update script that is installed along with F-Prot Antivirus. Open a Terminal window, become root with the su command, type /usr/local/f-prot/tools/check-updates.pl, and press ENTER. The script will then contact the F-Prot server, check for updated virus information, download whatever there is available, and then install it — while, of course, telling you everything it is doing along the way.

Once you have updated the virus database, you are ready to use F-Prot Antivirus. As I already mentioned, F-Prot Antivirus is command driven, but the commands themselves are quite simple. The basic command structure consists of the main command, f-prot, plus the directory or files you want to scan. For example, if you want to scan your entire hard disk to see if you have any viruses there, you first become root, and then type f-prot / and press ENTER. F-Prot then scans your entire hard disk to check for known viruses. This will probably take, depending on the speed of your system and the number of files on it, around 30 minutes, so you had better do it while having lunch. When the scanning is complete, F-Prot Antivirus will show you its results, as in Figure 15-13.

Figure 15-13: The results of an F-Prot Antivirus scan

As you can see, F-Prot Antivirus tells you how many files it scanned, how long it took to do so, how many of those files were suspicious (meaning files that seemed odd to F-Prot, but did not match up with any known virus in the database), and how many were actually infected.

One of the problems with the simple command string used in the previous example is that F-Prot Antivirus will give you no feedback while it is doing its business — you will see nothing in the Terminal until F-Prot is finished, it displays its results, and your user prompt reappears. I find this a bit disconcerting, so I prefer to add the -list flag to the f-prot command, which makes F-Prot show you every file it is scanning while it is doing so. This reassures you that F-Prot is doing what it is supposed to be doing (and gives you some indication of its progress).

If this sounds better to you, open a Terminal window, become root, type this command, and press ENTER:

f-prot -list / 

If you only want to scan your Home folder, then type this version of the command and press ENTER:

f-prot -list /home/username/

You can also scan just a single file, if you like, by using this version of the command:

f-prot /home/username/mysuspiciousfile.xxx

Of course, in this last version I left the -list flag out, as there is only one file being scanned. No need to show a list of F-Prot’s progress when you already know the file it is scanning.

That is all easy enough. However, all you have done is scan your disk to look for viruses. If you want F-Prot Antivirus to disinfect any infected files it finds, you need to add yet another flag to the command string, -disinf. To use the -disinf flag along with your command, you just need to type the following and press ENTER:

f-prot -disinf -list /

When F-Prot finds a file in need of disinfection, it will first seek your okay before doing so.

You now know just about all that you need to know to use F-Prot Antivirus, but if you would like to read the documentation itself and find out about a few more options available to you, you can do so at www.f-prot.com/support/helpfiles/unix/linux_ws/index.html .