Free prot software for linux

Xfprot project is a graphical frontend to the F-Prot Antivirus for Linux Small Business Edition 3.12b/c/d, 3.13, 4.1.0, 4.2.0, 4.3.0 and 4.3.1 by Frisk Software International (www.frisk.is) which is free of charge for personal use.

Xfprot up to and including version 0.19beta was based upon the XSTEP-3.5.1 library 1996-2001 by Marcelo Samsoniuk and collaborators and released under the LGPL license.

Starting from version 0.20beta XFPROT is based upon Gtk+ 1.2 libraries. From version 1.0-rc2 it is also possible to use the Gtk+ 2.2 libraries.

Xfprot is tested only on Linux (Mandrake 9.0 ,9.1, 9.2, 10.0) but probably should compile and work also on other distributions, on some *BSDs and on other Unixes.

QtFprot is a frontend for FPROT 4.x, a free (for personal use) Linux virus-scanner. Its similar to XFprot, but written in Qt. It allows you to set all FPROT paramters with a comfortable GUI.

These are the steps you have to do to use the program:

1. get f-prot @ http://www.f-prot.com/download/download_fplinux_personal.html
2. unpack qtfprot-0.2.1b.tar.bz2 - well you apparently already have...
3. compile, make and install (binary will be installed to /usr/local/kde/bin/)
./configure
make
make install
4. start the binary:
qtfprot

Antivirus Scan with F-Prot is a simple servicemenu for konqueror that allows to scan single or multiple files and folders using the F-Prot Antivirus. Antivirus Scan with F-Prot shows the result of the scanning in a textbox using kdialog. It can also show the progress of the scanning in a terminal.
I hope you may find it useful.
Comments or/and translations are welcome.
TO INSTALL: extract the content of the tarball and copy the file f-prot_virus_scan.desktop into ~/.kde/share/apps/konqueror/servicemenus (just for your user) or in /usr/share/apps/konqueror/servicemenus, /opt/kde/share/apps/konqueror/servicemenus... etc, depending on your distro, to make it system-wide.
This is only the service-menu, you need to have F-Prot antivirus installed on your system.
Enhancements:
- Added Danish translation by Kefeus

Mikrop is a small, easy to install program for mail servers to scan incoming email. Its currently integrated only with postfix MTA.
MAXSIZE = maximum size of incoming messages including the attachment files. this parameter is important and you should set it to a high value if you are not sure.
TMPMAILDIR = temporary directory for files being scanned.
VIRCMD = your antivirus program (you can add parameters here)
VIRNFOUND = The string that is going to be looked for in the antivirus programs output. Ex: Fprot outputs "No viruses or suspicious files/boot sectors were found."
and i took the No viruses part in my default mikrop configuration file.
v1.2 - > if youre using another virus scanner that doesnt give any output like uvscan than delete/comment this line on config.h
INFDIR = directory for infected mailboxes.
PROCMAIL = if you use procmail as mail filtering utility you should define it here. e-mails will be passed to this program if theyre clean.
SENDMAIL = Currently this parameter is used for sending a warning message to
the person who sent infected file.
USERMBOXES = if you dont use procmail define your spool directory. clean e-mails will be appended to the file in this directory/USERLOGIN.
MSG = the message alert that warns the target user
VIRADMIN = the contact user, the string which is going to be appended at each warning message.
Main features:
- Can be used with or without procmail.
- Can use different virus scanners.
- Easy to install and configure.
Enhancements:
- Shell script added for automatic update of f-prot viruslist.
- Undefining VIRNFOUND feature added to config.h for use of
- virus scanners that give no output.

flow-tools is a set of programs for processing and managing NetFlow exports from Cisco and Juniper routers. The tools included are: flow-capture, flow-cat, flow-dscan, flow-expire, flow-export, flow-fanout, flow-filter, flow-gen, flow-header, flow-import, flow-mask, flow-merge, flow-nfilter, flow-print, flow-receive, flow-report, flow-send, flow-split, flow-stat, flow-tag, and flow-xlate.

Flow data is collected and stored by default in host byte ordera nd the files are portable across every endian architectures.

Commands that utilize the network use a localip/remoteip/port designation for communication. "localip" is the IP address the host will use as a source for sending or bind to when receiving NetFlow PDUs (ie the destination address of the exporter. Configuring the "localip" to 0 will force the kernel to decide what IP address to use for sending and listen on all IP addresses for receiving. "remoteip" is the destination IP address used for sending or the expected address of the source when receiving. If the "remoteip" is 0 then the application will accept flows from any source address. The "port" is the UDP port number used for sending or receiving. When using multicast addresses the localip/remoteip/port is used to represent the source, group, and port respectively.

Flows are exported from a router in a number of different configurable versions. A flow is a collection of key fields and additional data. The flow key is {srcaddr, dstaddr, input, output, srcport, dstport, prot, ToS}. Flow-tools supports one export version per file.

Export versions 1, 5, 6, and 7 all maintain {nexthop, dPkts, dOctets, First, Last, flags}, ie the next-hop IP address, number of packets, number of octets (bytes), start time, end time, and flags such as the TCP header bits. Version 5 adds the additional fields {src_as, dst_as, src_mask, dst_mask}, ie source AS, destination AS, source network mask, and destination network mask. Version 7 which is specific to the Catalyst switches adds in addition to the version 5 fields {router_sc}, which is the Router IP address which populates the flow cache shortcut in the Supervisor. Version 6 which is not officially supported by Cisco adds in addition to the version 5 fields {in_encaps, out_encaps, peer_nexthop}, ie the input and output interface encapsulation size, and the IP address of the next hop within the peer. Version 1 exports do not contain a sequence number and therefore should be avoided, although it is safe to store the data as version 1 if the additional fields are not used.

Version 8 IOS NetFlow is a second level flow cache that reduces the data exported from the router. There are currently 11 formats, all of which provide {dFlows, dOctets, dPkts, First, Last} for the key fields.

8.1 - Source and Destination AS, Input and Output interface
8.2 - Protocol and Port
8.3 - Source Prefix and Input interface
8.4 - Destination Prefix and Output interface
8.5 - Source/Destination Prefix and Input/Output interface
8.9 - 8.1 + ToS
8.10 - 8.2 + ToS
8.11 - 8.3 + ToS
8.12 - 8.5 + ToS
8.13 - 8.2 + ToS
8.14 - 8.3 + ports + ToS

Version 8 CatIOS NetFlow appears to be a less fine grained first level flow cache.

8.6 - Destination IP, ToS, Marked ToS,
8.7 - Source/Destination IP, Input/Output interface, ToS, Marked ToS,
8.8 - Source/Destination IP, Source/Destination Port,
Input/Output interface, ToS, Marked ToS,

The following programs are included in the flow-tools distribution.

flow-capture - Collect, compress, store, and manage disk space for exported flows from a router.
flow-cat - Concatenate flow files. Typically flow files will contain a small window of 5 or 15 minutes of exports. Flow-cat can be used to append files for generating reports that span longer time periods.
flow-fanout - Replicate NetFlow datagrams to unicast or multicast destinations. Flow-fanout is used to facilitate multiple collectors attached to a single router.
flow-report - Generate reports for NetFlow data sets. Reports include source/destination IP pairs, source/destination AS, and top talkers. Over 50 reports are currently supported.
flow-tag - Tag flows based on IP address or AS #. Flow-tag is used to group flows by customer network. The tags can later be used with flow-fanout or flow-report to generate customer based traffic reports.
flow-filter - Filter flows based on any of the export fields. Flow-filter is used in-line with other programs to generate reports based on flows matching filter expressions.
flow-import - Import data from ASCII or cflowd format.
flow-export - Export data to ASCII or cflowd format.
flow-send - Send data over the network using the NetFlow protocol.
flow-receive - Receive exports using the NetFlow protocol without storing to disk like flow-capture.
flow-gen - Generate test data.
flow-dscan - Simple tool for detecting some types of network scanning and Denial of Service attacks.
flow-merge - Merge flow files in chronoligical order.
flow-xlate - Perform translations on some flow fields.
flow-expire - Expire flows using the same policy of flow-capture.
flow-header - Display meta information in flow file.
flow-split - Split flow files into smaller files based on size, time, or tags.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins.
Main features:
Forensics workstation/Data Recovery
- Instantly deploy a forensics workstation with tct, tctutils, mac-robber, and autopsy also provides perl 5.6.1 compiled with Large File Support.
Live System Incident Response
- Binaries are available for Incident Response on a live machine.
Virus Scanning
- Utilizing F-Prot 3.11beta http://www.f-prot.com you can scan for virii, worms, trojans, and all around harmful code.
- Just mount the filesystems that you want to scan and execute f-prot .
- Any filesystem you can mount, you can scan. mount and scan fat/ntfs/ext2/ext3/reiserfs partitions
- Scan your windows machines offline for virii that may not be detected with an "after the fact" anti-virus
- software installation.
Pen-Testing Platform
- I should NOT have to explain this portion: If the tools you would like to use are not in the distribution please make a request!

RoFreeSBIE Live DVD is the first Live DVD based on FreeBSD 6.1 operating system.
Main features:
NEW FREEBSD PORTBROWSER
Includes Portbrowser, an efficient package manager with a simple way to install applications (more than 14500 FreeBSD applications from ports or binary packages).
SCRIPTS
Find under the RofreeSbie Tools a wide-range of powerful scripts. From Internet and antivirus configurations to all partitions detection, this is a must-have tool for average BSD users.
TEST YOUR HARDWARE
Testing your hardware compatibility with FreeBSD 6.1 before installing couldnt be easier with a Live CD/DVD like RoFreeSBIE.
SECURITY
High level of security thanks to UNIX solid as a rock, Clamav antivirus, F-Prot antivirus and a firewall. Feel safe with RoFreeSBIE.
Let others commercial operating systems lose your root password in 20 minutes or a kid at home install a trojan in your computer.
INTELLIGENT UPDATES
Because RoFreeSBIE is FreeBSD based, it uses intelligent ways of updating: cvsup and recompiling the base system or binary patches.
If you use cvsup, you can track daily changes on the FreeBSD base system and easily obtain a new FreeBSD release when it appears.
LINUX SUPPORT
RoFreeSBIE runs Linux applications with high performance and speed. Why should you have to choose between BSD and Linux, when you can get the best of both?
CLONE PARTITIONS
With clone.sh youll be able to make a compressed image of a chosen partition from your HDD and store it on another writable partition.
ROFREESBIE MEANS...
Romanian Free System Burned In Economy, its main version being English. KDE support is available in:
Romanian, Spanish, Portuguese, Italian, French, Russian and German. More languages will be included soon due to your help. Thanks.
Enhancements:
- Minor bugs corrected