Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

* * * * * 6 votes

Sophos Antivirus For Linux


  • Please log in to reply
61 replies to this topic

#31 pcpunk

pcpunk

  • Members
  • 4,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:27 AM

Posted 27 June 2015 - 01:59 AM

How do I Blacklist Timeshift?


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


m

#32 paul88ks

paul88ks

  • Members
  • 1,268 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas,Texas
  • Local time:10:27 AM

Posted 27 June 2015 - 02:00 AM

Uh-oh! What Happened PC?



#33 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2015 - 01:51 PM

@pcpunk

 


How do I Blacklist Timeshift?

 

 

If you're talking about a manual scan you would use the "-exclude" option at the end of your command. For example:

sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details /directory -exclude /directory/directory2

If you're talking about on-access scanning you can exclude a directory using either the web-gui or the commandline.

Using Web-GUI:
Add an exclusion:
NCSeQiF.png
Remove an exclusion:
ayh6jtc.png
Using the commandline:
Add an exclusion:

sudo /opt/sophos-av/bin/savconfig add ExcludeFilePaths /directory

Remove an exclusion:


sudo /opt/sophos-av/bin/savconfig remove ExcludeFilePaths /directory

I don't use TimeShift, but my understanding is that it saves to "/timeshift", so I take it that's the directory you'll be making an exclusion for. The command line method of adding or removing excludes only appears to work if on-access scanning is currently enabled.


Edited by hollowface, 27 June 2015 - 01:52 PM.


#34 pcpunk

pcpunk

  • Members
  • 4,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida

Posted 27 June 2015 - 08:07 PM

Yes manual scan, sorry.  I can't get the GUI to work, I tried re-installing because I though I did something wrong but still can't make it work.

 

I just tried this but it did not work.  Will try more later when have time.

sudo /opt/sophos-av/bin/savconfig add /timeshift /directory

 

@paul88: Nothing happened, just was scanning Timeshift which is a no no, at least in my experience with ClamAV.  And it was taking forever.


Edited by pcpunk, 27 June 2015 - 08:20 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#35 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2015 - 08:34 PM

Yes manual scan, sorry.  I can't get the GUI to work, I tried re-installing because I though I did something wrong but still can't make it work.

 

I just tried this but it did not work.  Will try more later when have time.

sudo /opt/sophos-av/bin/savconfig add /timeshift /directory


You formatted it wrong. It would be "sudo /opt/sophos-av/bin/savconfig add ExcludeFilePaths /timeshift", but that's the command for on-access scans, not for manual scans. The manual-scan exclude is the one I listed at the top, where you use "-exclude /thedirectoryyouareexcluding" at the end of the manual scan command, for example: "sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details /directory -exclude /timeshift"

#36 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:27 AM

Posted 27 June 2015 - 11:29 PM

Yes manual scan, sorry.  I can't get the GUI to work, I tried re-installing because I though I did something wrong but still can't make it work.

 

I just tried this but it did not work.  Will try more later when have time.

sudo /opt/sophos-av/bin/savconfig add /timeshift /directory

 

@paul88: Nothing happened, just was scanning Timeshift which is a no no, at least in my experience with ClamAV.  And it was taking forever.

 

While the scans with both ESET & ClamTK does take longer with Timeshift installed & using it, I've never otherwise had an issue with scanning that folder. 

 

I suppose in large part because I scan before creating the backup, so the directory is clean. There were a couple of times after a ClamTK update that items (browser objects) was flagged in Timeshift, I just didn't quarantine these. And if ESET were to find something, I'd likely want to clean it anyway & create another backup, as it would be more severe of a threat than what ClamTK finds. I can do a backup inside of 10 minutes, so no big deal. Once the backup is going, can do what we need to for a few minutes, it doesn't need babysitting. 

 

Everyone has their own preferences & all, yet these virus/malware apps are constantly updating, what may be clean today, may not be next week, month or year. I prefer the peace of mind of knowing my backup directory is also clean, and don't like to take anything for granted. With as much attention as Linux OS's are getting these days, not necessarily all of it is good, and we don't want to get caught with our guard down. 

 

Security should be treated equally with any OS, though the good thing about a Linux OS is that not as many second & especially third opinions are needed, so there's no need to scan with one product, then another, then another & the cycle picks right back up the next day. 

 

Fortunately, most of the Linux virus/malware scanners are all-in-one anti-threat ones, by nature these has to catch infections that may spread & infect Windows computers, and possibly Mac/Android as well. So in essence, these are valuable tools to have. Yes some are tricky to setup & run, yet in the long run, it pays off by catching threats that would otherwise be spread. 

 

Cat


ASUS Z97-PRO Gamer PC. EVGA GTX 1070 FTW + ACX 3.0 8GB GDDR5 GPU! 4K!  http://speccy.piriform.com/results/w3mBsNE6cJXW7on5sbNTFDc  (Updated 10/07/2017)

ASRock Z97 Extreme6, EVGA GTX 1060 FTW + ACX 3.0 6GB GDDR5 GPU! http://speccy.piriform.com/results/tbdS4YKHBvWROeKETAMBRKk  (Updated 04/12/2017))                                                                       

Dell XPS 8700, Revived from the Dead, EVGA GTX 1060 SSC + ACX 3.0 6GB GDDR5 GPU! http://speccy.piriform.com/results/KrNXc5IZ6HmJvrrLVSZbGzi  (Updated 05/17/2017)

ASUS 970 PRO Gaming AURA, with a cool running AMD Phenom x4 965 CPU! http://speccy.piriform.com/results/c0aVnEnmxFmqX5Pf1nOhCKf   (Updated 10/10/2017)

Dell Dimension 2400 Rebuild, Done the Right Way! http://speccy.piriform.com/results/MLv5xbYuI2vsLqvtS4PaDGB  (Updated 10/20/2017)


#37 The Uprightman

The Uprightman

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Oz (aka Australia)

Posted 27 June 2015 - 11:42 PM

Hi all

Off topic here but I am stuck with something that I think is important.

Could anyone please help me with this post that I made : Linux Mint 17.1, Disable Remote Administration

Thanks for any help that can be provided.
 

 

#38 paul88ks

paul88ks

  • Members
  • 1,268 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas,Texas
  • Local time:11:27 AM

Posted 27 June 2015 - 11:42 PM

Fortunately, most of the Linux virus/malware scanners are all-in-one anti-threat ones, by nature these has to catch infections that may spread & infect Windows computers, and possibly Mac/Android as well. So in essence, these are valuable tools to have. Yes some are tricky to setup & run, yet in the long run, it pays off by catching threats that would otherwise be spread. ​

 

Cat - what do you mean by spread to other Windows machines- a virus can't "hop" over a partition can it? o r do you mean by flash drive etc.



#39 pcpunk

pcpunk

  • Members
  • 4,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 AM

Posted 28 June 2015 - 12:19 AM

@paul88, I think what cat means is by passing on files and via. emails etc. and no, as far as I know they can't go across partitions unless done by the user.

 

@cat, I've had some issue with ClamAV stalling on a Timeshift backup, perhaps it was infected etc. I don't know.  I now backup when I think things are clean so I feel there is no reason re-scan that Directory again, especially when there are like five backups there.

 

@hollowface, here is my oucome, don't understand what has gone wrong here.
 
chris@chris-Aspire-3000 ~ $ sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details /directory -exclude /timeshift
[sudo] password for chris: 
SAVScan virus detection utility
Version 5.12.0 [Linux/Intel]
Virus data version 5.15, May 2015
Includes detection for 9239070 viruses, Trojans and worms
Copyright © 1989-2015 Sophos Limited. All rights reserved.
 
System time 01:07:44 AM, System date 28 June 2015
Command line qualifiers are: -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details -exclude
 
Quick Scanning
 
Could not open /directory
      
0 files scanned in 15 seconds.
1 error was encountered.
No viruses were discovered.
No PUAs were discovered.
End of Scan.

Edited by pcpunk, 28 June 2015 - 12:20 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#40 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 28 June 2015 - 01:00 AM


@hollowface, here is my oucome, don't understand what has gone wrong here.

 

Could not open /directory
      
0 files scanned in 15 seconds.
1 error was encountered.
No viruses were discovered.
No PUAs were discovered.
End of Scan.


Nothing went wrong. You scanned "/directory", and excluded "/timeshift" from the scan. Of course I'm guessing you don't have a folder called directory, and even if you did I suspect your timeshift folder isn't in it. You only need to exclude /timeshift from a manual-scan if you scanning a location that /timeshift is in. Remember when performing a manual scan you'll need to change "/directory" to what you trying to scan.

Edited by hollowface, 28 June 2015 - 01:03 AM.


#41 pcpunk

pcpunk

  • Members
  • 4,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:27 AM

Posted 28 June 2015 - 01:30 AM

So change  "/directory" to "/home/chris"


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#42 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:27 AM

Posted 28 June 2015 - 01:32 AM

Fortunately, most of the Linux virus/malware scanners are all-in-one anti-threat ones, by nature these has to catch infections that may spread & infect Windows computers, and possibly Mac/Android as well. So in essence, these are valuable tools to have. Yes some are tricky to setup & run, yet in the long run, it pays off by catching threats that would otherwise be spread. ​

 

Cat - what do you mean by spread to other Windows machines- a virus can't "hop" over a partition can it? o r do you mean by flash drive etc.

 

No not across partitions, unless you were to deposit an infected file into a Windows one, remember in Linux you can access Windows partitions but not the other way around, unless a software is installed on Windows for this. Yes, by those devices you mention & even over the network, say if you were running Linux & I came into your home with a Windows notebook, logged into your router, if you have infections in your network (which are instantly cleared by a reboot of the router & modem), these certainly could be passed along to Windows computers & even travel outside of your home, down the very same Internet lines that we all share. Think of the Internet (your ISP) as a highway. 

 

After all, that's how infections spreads, is through the infrastructure. While these may not & likely won't infect your Linux computer, you can still pass an infection onto thousands of others unknowingly. The Internet is a two way pipe, data tends to come in faster than it goes out, but still, it does go out. 

 

This is precisely why businesses whom uses Linux for say, payment processing, has to have installed security just as Windows servers does. The OS may be free, yet the maintenance isn't, though the advantage is clear, businesses saves huge with Linux because they doesn't have to purchase a fleet of computers every 5 years. More is spent on security, which is part of IT costs, yet less is spent on hardware. 

 

It's also a good reason why to have an antivirus such as Sophos installed, to scan & catch these infections before they're spread to other users in your immediate area. 

 

There is also another common myth among some Linux users, that they can do as they please & not pay the consequences. Some is using it for torrent filesharing of illegal materials, much of which is loaded with malware, and again, we're speaking of being on the same highway as everyone else. Just as we must drive in a safe & responsible manner for the safety of everyone, we also must do the same when using the Internet, using safe browsing habits & using an anti-virus scanner when available, which is the purpose of this Topic. 

 

Linux users of today has a lot more choices than back in 2009 when I began to run the OS & this includes security also. 

 

Cat


ASUS Z97-PRO Gamer PC. EVGA GTX 1070 FTW + ACX 3.0 8GB GDDR5 GPU! 4K!  http://speccy.piriform.com/results/w3mBsNE6cJXW7on5sbNTFDc  (Updated 10/07/2017)

ASRock Z97 Extreme6, EVGA GTX 1060 FTW + ACX 3.0 6GB GDDR5 GPU! http://speccy.piriform.com/results/tbdS4YKHBvWROeKETAMBRKk  (Updated 04/12/2017))                                                                       

Dell XPS 8700, Revived from the Dead, EVGA GTX 1060 SSC + ACX 3.0 6GB GDDR5 GPU! http://speccy.piriform.com/results/KrNXc5IZ6HmJvrrLVSZbGzi  (Updated 05/17/2017)

ASUS 970 PRO Gaming AURA, with a cool running AMD Phenom x4 965 CPU! http://speccy.piriform.com/results/c0aVnEnmxFmqX5Pf1nOhCKf   (Updated 10/10/2017)

Dell Dimension 2400 Rebuild, Done the Right Way! http://speccy.piriform.com/results/MLv5xbYuI2vsLqvtS4PaDGB  (Updated 10/20/2017)


#43 pcpunk

pcpunk

  • Members
  • 4,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida

Posted 28 June 2015 - 01:45 AM

Sucess! here is my output for those interested.  Very happy that it was successful, and, that I was clean as expected as I ran a clamscan last night.  Only took seven seconds as opposed to much longer with clamscan.

 

chris@chris-Aspire-3000 ~ $ sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details /home/chris -exclude /timeshift
[sudo] password for chris: 
SAVScan virus detection utility
Version 5.12.0 [Linux/Intel]
Virus data version 5.15, May 2015
Includes detection for 9239070 viruses, Trojans and worms
Copyright © 1989-2015 Sophos Limited. All rights reserved.
 
System time 02:32:35 AM, System date 28 June 2015
Command line qualifiers are: -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details -exclude
 
Quick Scanning
 
                                                                                 
7873 files scanned in 6 minutes and 0 seconds.
No viruses were discovered.
No PUAs were discovered.
End of Scan.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#44 The Uprightman

The Uprightman

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Oz (aka Australia)
  • Local time:11:27 AM

Posted 28 June 2015 - 05:44 AM

Nice post Cat1092

 

 if you have infections in your network (which are instantly cleared by a reboot of the router & modem),

 

Can I assume that what you are saying here is that resetting your router to factory default settings can or will help clear your network of any electronic witchcraft that may be taking place on it?

Could you give an example of a type of infection that it would clear?

Is this specific to Linux or does this approach work with any OS?

 


Edited by The Uprightman, 28 June 2015 - 05:44 AM.


#45 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 28 June 2015 - 01:41 PM

@pcpunk

 

 

Sucess! here is my output for those interested.  Very happy that it was successful, and, that I was clean as expected as I ran a clamscan last night.  Only took seven seconds as opposed to much longer with clamscan.

 

chris@chris-Aspire-3000 ~ $ sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details /home/chris -exclude /timeshift
[sudo] password for chris: 
SAVScan virus detection utility
Version 5.12.0 [Linux/Intel]
Virus data version 5.15, May 2015
Includes detection for 9239070 viruses, Trojans and worms
Copyright © 1989-2015 Sophos Limited. All rights reserved.
 
System time 02:32:35 AM, System date 28 June 2015
Command line qualifiers are: -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details -exclude
 
Quick Scanning
 
                                                                                 
7873 files scanned in 6 minutes and 0 seconds.
No viruses were discovered.
No PUAs were discovered.
End of Scan.

 

 

Unless you have a folder called "timeshift" located at "/home/chris/timeshift" you don't need to exclude "timeshift", because it's not located within your scan radius. Even then you'd need to formatt it "/home/chris/timeshift" not "/timeshift". Here are some of my terminal outputs to demonstrate what I mean:

example1@example:~$ ls -l -R ~/test
/home/example1/test:
total 4
drwxrwxr-x 2 example1 example1 4096 Jun 28 11:24 exclude

/home/example1/test/exclude:
total 0
-rw-rw-r-- 1 example1 example1 0 Jun 28 11:24 exclude1
-rw-rw-r-- 1 example1 example1 0 Jun 28 11:24 exclude2
example1@example:~$

This isn't a scan. I just wanted to show you what I'm going to be scanning. The above shows that I have a directory called "test" located in my user folder. Within the folder test there are no files, but there is another directory called "exclude" which contains 2 files, named "exclude1" and "exclude2".

example1@example:~$ sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details ~/test -exclude ~/test/exclude
[sudo] password for example1:

SAVScan virus detection utility
Version 5.12.0 [Linux/AMD64]
Virus data version 5.13, March 2015
Includes detection for 8899461 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 11:25:44 AM, System date 28 June 2015
Command line qualifiers are: -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details -exclude

Quick Scanning

      
0 files scanned in 56 seconds.
No viruses were discovered.
No PUAs were discovered.
End of Scan.
example1@example:~$

In the above terminal output I scanned the "test" folder located in my user folder, but I excluded the folder that is inside of it named "exclude". As you can see nothing was scanned, because there are no files in "test" only in "exclude".

example1@example:~$ sudo savscan -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details ~/test
[sudo] password for example1:
SAVScan virus detection utility
Version 5.12.0 [Linux/AMD64]
Virus data version 5.13, March 2015
Includes detection for 8899461 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 11:26:10 AM, System date 28 June 2015
Command line qualifiers are: -sc -rec -dn -c -archive -pua -suspicious --stay-on-filesystem --stay-on-machine --backtrack-protection --preserve-backtrack --examine-x-bit --show-file-details

Quick Scanning

              
2 files scanned in 11 seconds.
No viruses were discovered.
No PUAs were discovered.
End of Scan.

In the above terminal output I scanned the "test" folder again, but this time I didn't exclude the folder named "exclude" that is located in the "test" folder. As you can see 2 files were scanned, and as discussed "test" contains no files, but "exclude" contains 2 files, those are the 2 files that were scanned.

 

Hope that helps :)


Edited by hollowface, 28 June 2015 - 01:45 PM.





4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users