Free antivirus scan with f prot software for linux

Antivirus Scan with F-Prot is a simple servicemenu for konqueror that allows to scan single or multiple files and folders using the F-Prot Antivirus. Antivirus Scan with F-Prot shows the result of the scanning in a textbox using kdialog. It can also show the progress of the scanning in a terminal.
I hope you may find it useful.
Comments or/and translations are welcome.
TO INSTALL: extract the content of the tarball and copy the file f-prot_virus_scan.desktop into ~/.kde/share/apps/konqueror/servicemenus (just for your user) or in /usr/share/apps/konqueror/servicemenus, /opt/kde/share/apps/konqueror/servicemenus... etc, depending on your distro, to make it system-wide.
This is only the service-menu, you need to have F-Prot antivirus installed on your system.
Enhancements:
- Added Danish translation by Kefeus

The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine, immediately rejecting infected content.

It is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.


You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :

mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old

Now, lets compile and install Qscan :

./configure --help

./configure [your beloved flags]

make install-strip

The last step is to replace the original qmail-queue program with our filter :

rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue

Depending on your local configuration, it may be needed or not, but start with doing it :

chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan

After testing, if everythings ok for you, remove the setuid bit :

chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan

HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. HTTP Anti Virus Proxy aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.
Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.

F-Prot Antivirus security software package has various components that help keep your system secure from viruses, backdoors, trojans and other malicious programs. The project includes the RealTime Protector, a memory-resident monitoring utility that observes all files accessed on your system, a Scheduler where you can set the Scanner to make automatic scans or updates on your system at any time and an Updater to manage all signature updates.
For home users using the Linux open-source operating system, we offer F-Prot Antivirus for Linux Workstations. F-Prot Antivirus for Linux Workstations utilizes the renowned F-Prot Antivirus scanning engine for primary scan but has in addition to that a system of internal heuristics devised to search for unknown viruses
F-Prot Antivirus for Linux was especially developed to effectively eradicate viruses threatening workstations running Linux. It provides full protection against macro viruses and other forms of malicious software - including Trojans.
Main features:
- Scans for over 191534 known viruses and their variants
- Ability to perform scheduled scans when used with the cron utility
- Scans hard drives, CD-ROMS, diskettes, network drives, directories and specific files
- Scans for images of boot sector viruses, macro viruses and Trojan Horses
F-Prot Antivirus for Linux Workstations is FREE for use by personal users on personal workstations

Login Scan fusion provides an adaptation theme from kdm fusion.

This is a adaptation of the theme for kde "fusion for GDM.

AVScan is an AntiVirus scanner front end for ClamAV.

A front end for the Clam AntiVirus scanner using Endeavour Mark II. Features a scan list for frequently scanned locations, freshclam update support, and command line calling from Endeavour.

Yet Another antiVirus Recipe is a procmail that helps to filter out a lot of the most common e-mail worms.
For some of the above (plain iframe, clsid, xml, macro) e-mail is delivered normally but gets a WARNING in subject plus its old subject ($SUB).
Some of the warnings are:
WARNING-XML-CODEBASE-OBJECT-$SUB
WARNING-CLSID-EXTENSION-$SUB
WARNING-IFRAME-$SUB
WARNING-MACRO-$SUB
WARNING-NSCAM-SCORE:$NKNGS-$SUB
Main features:
- :: base64 signatures ::
- Most of these worms are MS-Windows executables and arrive at our e-mail encoded through base64 routines. YAVR uses especially selected signatures to locate these attachments. After that it places them in a directory (/virus/) sorted by name.
-
- :: iframe html exploit ::
- Through IFrame tag a html encoded e-mail can download and execute a file from a remote http site without informing the user.
-
- :: CLSID hidden extensions exploit ::
- Attachments which end with a Class ID (CLSID) file extension do not show the actual file extension saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are actually innocent files, such as JPG or WAV files.
-
- :: xml codebase exploit ::
- Usage of some xml objects allow local files to be automatically executed, regardless of the security settings on the target machine.
-
- :: generic executable trap for bat, pif, vbs, vba, scr, lnk, com, exe ::
- The rest of MS-executable files that are not caught from base64 signatures end up in a virus-could-be file.
-
- :: generic macro detection for doc,dot,xls,xla files ::
- MS-Word and MS-Excel files that contain macro commands are marked with a warning.
-
- :: generic detection for most of nigeria scam e-mails (most of them) ::
- Nigeria scam e-mail is not a virus but a big spam problem... There are many good filters that use great algorithms for spam. This is just an add-on.
Enhancements:
- new switches for quarantine or not certain e-mailsbased on some ideas by Dan Smart
- YAVRQUARANTEXE if set to ON it sends unknown executables to /virus/virus-could-be as usual if set to OFF it delivers at inbox with a warning (and the X- header ;)
- YAVRQUARANTNIG same for nigeria scam
- YAVRQUARANTPRN same for porn e-mail read instuctions inside nkvir-rc
- X- marks in headers to help your own procmail scripts
- X-YAVR: MS-EXEC (any MS executable that wasnt identified by signatures)
- X-YAVR: NIGERIA (nigeria scam)
- X-YAVR: PORN (porn related)
- X-YAVR: MACRO (containing macro code)
- X-YAVR: XML-CODEBASE
- X-YAVR: IFRAME
- X-YAVR: CLSID-EXTENSION
- X-YAVR: SENDMAIL-EXPLOIT
- some more Worm.Moodown.b aka Netsky.b signatures
- another Mimail.Q

mdns-scan is a tool for scanning for mDNS/DNS-SD published services on the local network. mdns-scan issues a mDNS PTR query to the special RR _services._dns-sd._udp.local for retrieving a list of all currently registered services on the local link.
mdns-scan is not a good mDNS citizen since it queries continuously for services and doesnt implement features like Duplicate Suppression. It is intended for usage as a debugging tool only.
mdns-scan is incomplete since it doesnt resolve mDNS services for you - it just dumps their PTR RRs. To understand these records you need minimal knowledge of DNS-SD and how it works.
mdns-scan does not terminate on its own behalf. It scans for services continuously until the user kills it by pressing C-c.
mdns-scan does not rely on a local mDNS responder daemon. It has no dependencies besides the GNU libc. It has been tested on Linux only.
mdns-scan does NOT scan for local mDNS enabled hosts or A/AAAA RRs, it scans for DNS-SD registered services, nothing else.
Enhancements:
- Add man pages
- Improvements to the Debianization