5.4 Virus Scanning from the Terminal

Previous page
Table of content
Next page
 < Day Day Up > 

Believe it or not, Virex comes with a command-line utility that allows you to scan files for viruses from the Terminal application ( /Applications/Utilities) . Virex's utility, vscanx , can be found in /usr/local/vscanx on your system. This program has the same functionality as Virex does, if not more.

5.4.1 Adding vscanx to the Command Path

Before you can use vscanx , there is one important step you need to take: adding vscanx to the Terminal's command path.

To do this, you will need to launch the Terminal application, which is located in /Applications/Utilities , and follow along closely:

  1. With the Terminal window open , enter the following command: 

      $  ls .bash*

    If you see a file named .bash_profile in the output, you can proceed to the next step, but know that you'll be editing an existing .bash_profile file instead of creating a new file. If you don't see this file, proceed to the next step to create one of your very own.

  2. At the command prompt, enter the following and hit the Return key: 

      $  vi .bash_profile

    This command creates the .bash_profile in your Home directory and opens the vi editor in the Terminal. We will use vi here to enter the contents of the .bash_profile file, which is used by the Terminal every time it launches.

  3. Once in the file, hit the "i" key. This puts the vi editor into insert mode.

  4. Type the following line: 

       export PATH=$PATH:/usr/local/vscanx

    This command basically tells the bash shell which paths to search when it tries to invoke a command. In this case, we're telling the shell to use its default paths (as denoted by $PATH ), and to then also search in /usr/local/vscanx for any commands that might reside there. The colon between them is used to tell the shell to use both entries.

  5. Hit the Escape key, which is labeled "Esc", and is located at the upper-left corner of your keyboard. This takes the vi editor out of insert mode and places it in command mode.

  6. Type in the following: 

       :wq

    You will see these characters appear toward the bottom of the Terminal window. Each character of this command has a purpose:

    • The colon (:) lets the vi editor know that you're going to issue a command.

    • The w tells vi to write what you just typed to the file (in this case, to the .bash_profile file).

    • The q tells vi to quit.

    After you type in those three characters, hit the Return key to invoke them in succession. The vi editor will write the changes to the file and quit in one fell swoop, after which you are returned to the command line.

Okay, now you're ready to run vscanx from the command line without any problems. Had you not changed the command path, any time you tried to issue the vscanx command the Terminal would spit an error back at you saying that it couldn't find that command.

5.4.2 Virex's Command-line Cousin: vscanx

When you installed Virex on your Mac, it was placed in the Virex 7 folder in the Applications folder ( /Applications/Virex 7 ). Within the Virex 7 folder, however, you will see a couple extra files in addition to Virex itself. One file of particular interest to you is the Virex 7.2 Product Guide.pdf file. This PDF document contains a detailed overview of how to use vscanx on the command line in the Terminal. You should take the time to read this file or vscanx 's manpage in the Terminal ( man vscanx ) to learn about all of its possible options.

The following is a simple listing of vscanx 's command syntax.

vscanx

Syntax 

 vscanx [   options   ] [   directory     file   ]

Description

Used to scan files and directories for possible viruses.

Options

The following options can be used with the vscanx command:


--analyze , --analyse

Use a set of heuristics to check clean files for possible viruses.


-c , --clean

Attempt to remove any viruses found from an infected file.


--delete

Delete any infected files discovered during the scan.


-h , --help

Display the help file for vscanx .


-m < directory > , --move < directory >

Move any infected files to a specified directory . This option is useful for cordoning off infected files so you can analyze them later.


-r , --recursive , --sub

Recursively scan through any subdirectories in the scan location. Note: if you attempt to recursively scan a directory with a lot of files, you could encounter a Segmentation Fault error. If you see this error message, try scanning the subdirectories individually.


-s , --selected

Scan only executable files, such as .bat , .com , .exe , and more.


--summary

Display a summary of the results, similar to what is shown in Virex's Results window if you uncheck the "Show detailed results information" checkbox in its Preferences.


-v , --verbose

Display detailed information about the performed scan.


--version

Display Virex's version number.

Again, these are only a few of vscanx 's options; please consult its manpage for a complete listing and detailed descriptions.

Examples

The following examples will show you various uses of vscanx :


Display a list of all of the viruses that Virex can detect: 
 $  vscanx --virus-list  Virus names stored in /usr/local/vscanx/extra.dat: Virus names stored in /usr/local/vscanx/ names .dat: Aardvark, ABCD, ABCD.b, Aircop, Aircop.e, Alar.mp, Alcon, Alfa.mp.3072, Alive, Alla.mp, Altex.mp, Amjads, Ancev, Andrew, Andris, Andropinis.mp.518, Anticad.1, Anticad.mp.4096, Anticad.mp, Anticmos, Anticmos.e, Anticmos.f, Antiexe, AntiWin95, Exebug, AP, APE.mp, April, Aragon, Daboys, ...


Scan all of the files located in the Documents folder: 
 $  vscanx -r --summary ~/Documents  Summary report on /Users/chuck/Documents/* File(s) Total files: ........... 5525 Clean: ................. 5525 Not scanned: ........... 0 Possibly Infected: ..... 0

The output shows the location of the file in the filesystem, and gives you a report on the files found in the directory, similar to that found in the graphical Virex application.


Scan the files on my Desktop and place any infected files in a folder named infected: 
 $  vscanx --summary -m ~/infected ~/Desktop  /Users/chuck/Desktop/EICAR.COM Found: EICAR test file NOT a virus. File has been relocated . Summary report on /Users/chuck/Desktop/* File(s) Total files: ........... 15 Clean: ................. 14 Not scanned: ........... 0 Possibly Infected: ..... 1 Moved: ................. 1 MacChuck:~ chuck$  cd infected  MacChuck:~/infected chuck$  ls  Users MacChuck:~/infected chuck$  cd Users  MacChuck:~/infected/Users chuck$  ls  chuck MacChuck:~/infected/Users chuck$  cd chuck  MacChuck:~/infected/Users/chuck chuck$  ls  Desktop MacChuck:~/infected/Users/chuck chuck$  cd Desktop  MacChuck:~/infected/Users/chuck/Desktop chuck$  ls  EICAR.COM

In the case of this example, vscanx discovered the EICAR.COM test file on my Desktop and flagged it as a file that was possibly infected, and then moved the file to the ~/infected directory. You can see that vscanx also recreated the path to the infected file within the ~/infected directory, as noted by all the ls and cd commands issued. Eventually, the EICAR.COM file ended up in ~/infected/Users/chuck/Desktop .

If I had added the - c option to the previous command, the EICAR.COM file would have been renamed as EICAR.vOM and moved into the ~/infected directory.


5.4.3 Running vscanx as a cron Job

By default, Virex runs only when you tell it to, which can be one of three ways:

  • When you first log in and the .VirexLogin process runs, causing Virex to launch

  • When you manually double-click on the Virex application

  • When you run vscanx on the command line

These options don't help much if you want to regularly have your system checked for viruses every day on a system you rarely shut down. However, since vscanx is a command-line process, you can make it run whenever you'd like, with the help of cron . (If you're new to Unix, cron is a program that you can use to have commands run at specified times.)

For example, to schedule vscanx to run every day at 12:15 p.m., follow these steps:

  1. Launch the Terminal application ( /Applications/Utilities ).

  2. At the prompt, enter the following command: 

      $  crontab -e

    This command opens your crontab file in edit mode (thus the -e option).

  3. If you haven't edited your crontab file before, you will see an empty file in the Terminal window. Also, if you haven't changed your default editor, you will be using vi (as described earlier) to edit the crontab file.

  4. Type the letter "i" (without the quotation marks) to place vi in Insert mode (you should see the word INSERT displayed at the bottom of the Terminal window).

  5. Now type in the following line: 

       15 12 * * * /usr/local/vscanx -v -r -m ~/infected --summary > ~/Desktop/
    figs/crarr.gif 
      vscanxreport.txt /Users/   username

    Make sure this is all on one line without any line breaks (meaning, don't hit Return to carry this over to another line). There's a lot going on in that line, so let's break it apart into smaller chunks to help you understand exactly what the command will do:

    • The first part of the entry 15 12 * * * tells cron what time and day to run the command. In this case, we haven't specified a day, only the time (15 minutes after the 12th hour , so 12:15 p.m.).

    • Next, we tell cron to issue the vscanx command by giving cron its entire path: /usr/local/vscanx .

    • Next, some options: -v for verbose output; -r to scan recursively through directories and subdirectories; -m ~/infected to tell vscanx to place any infected files into the ~/infected directory; and, --summary to issue a summary report for the scan.

    • The next part, > ~/Desktop/vscanxreport.txt , uses a redirect (the > symbol) and tells vscanx to take all of its output and summary, and save that to a file named vscanxreport.txt on the Desktop. That way, when vscanx completes its task, you can look for this file on your Desktop and see how the virus scan went.

  6. After you have entered all of that command on one line, hit the Escape key (Esc) to take the vi editor out of Insert mode. (You should see the word INSERT disappear from the bottom of the Terminal window.)

  7. Now save the changes to your crontab file by typing the command :wq and hitting the Return key. As described earlier, the colon (:) is used to place vi into Command mode, the w tells vi to write (or save) the file, and the q tells vi to quit.

  8. After you hit the Return key, the changes are saved to your crontab file.

Now the next time 12:15 p.m. rolls around, cron invokes this entry from your crontab file and runs vscanx in the background, hopefully while you're out eating lunch . When you come back, you should see the vscanxreport.txt file on your Desktop, which you can read through at your leisure.

To learn more about cron and the crontab file, see their respective manpages ( man cron and man crontab ).

 < Day Day Up > 

Previous page
Table of content
Next page
Inside .Mac
Inside .Mac
ISBN: 0596005016
EAN: 2147483647
Year: 2004
Pages: 132
Authors: Chuck Toporek
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Strategies for Information Technology Governance
WebLogic: The Definitive Guide
Developing Tablet PC Applications (Charles River Media Programming)
The Oracle Hackers Handbook: Hacking and Defending Oracle
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy