Free virus scanners software for linux

The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine, immediately rejecting infected content.

It is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.


You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :

mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old

Now, lets compile and install Qscan :

./configure --help

./configure [your beloved flags]

make install-strip

The last step is to replace the original qmail-queue program with our filter :

rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue

Depending on your local configuration, it may be needed or not, but start with doing it :

chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan

After testing, if everythings ok for you, remove the setuid bit :

chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan

POP3 Virus Scanner Proxy is a full-transparent proxy daemon which scans all mails for viruses using third party scanners (built-in support for AVPD and Trophie).

You have to set up a port redirection in the linux-netfilter (iptables) so that all connections from e.g. inside your office to any POP3 server outside in the world will not leave your router, but come a local port, on which POP3VScan listens. POP3VScan receives from the linux kernel the original destinations of packets (the POP3 server outside in the world) and will connect to them.

All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the neccessary parts of the POP3 protocol and when an email is sent from the server, we store it into a file, invoke a virusscanner and send it if it is good, or we just replace it with a virus notification. It should be possible to use all scanners using the scannertype=basic. Also POP3VScan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).

Neither the client nor the server has to be configured, none of them will take notice that theres a mailscanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).

ScannerDaemon is the virus scanner of the OpenAntivirus project. You can send a filename to it via simple TCP and it will scan the file for viruses and tell you if the file is infected or not.
The ScannerDaemon listens on localhosts port 8127 for absolute filenames and absolute directorynames. It scans the files/all files in the directory and reports OK if no virus has been found or FOUND: if a virus has been detected.
You can start the ScannerDaemon simply by typing:
java -jar ScannerDaemon.jar
If you did not forget the Credo-files, it should come up and listen on port 8127. You can also give the name of the directory as a command-line parameter, like
java -jar ScannerDaemon.jar -credo.directory
Enhancements:
- Adaptions to new listener and filter scheme
- Bugfix: allow more than one signature file in one credo file
- Bugfix: close files used by UPXFilter
- Bugfix: wrong failure transitions
- Improvement: less memory consumption for nodes
- Improvement: UPXFilter scans uncompressed and compressed file

Your computer has been invaded! Dozens of little viruses are pouring in via security holes in Microsoft Internet Explorer, Microsoft Outlook, Microsoft MSN Messenger and Microsoft Recycle Bin!!
Using your trusty mouse you must shoot the buggers before they can destroy your files! Some will steal them from their home directories and take them back to their security hole.
Others will just eat them right there on the spot! See how long you and your computer can survive the onslaught!
Main features:
- 3 different virus types.
- Builds directories and files to protect based on your computer!
- Increasing difficulty level
- Highscore table
- 3 difficulty settings

TCP port scanner is a network scanner for Linux.

Installation:

1. Install - become root and gunzip/tar tcpscan-X-Y-Z.tar.gz.
2. Type ./confugure , make
3. Type install
4. Enjoy and try type tcpscan localhost
5. To get help - run tcpscan without parametres.

Usage:

tcpscan [-f] [hostname || IP_address]
tcpscan [-f] [first_IP_address] [last_IP_address]

Just Another Port Scanner (JAPS) is an easy to use, bare-bones TCP port scanner. JAPS requires the GTK+ library to run. I created JAPS because I felt it would be a fun project and I wanted to learn GTK+ programming basics.

To compile an install JAPS just type make.

Todo
Add subnet scanning
Add progress bar
Display service name next to port number in results box
If you have any suggestions please contact me. 1

Nmap::Scanner is a Perl module to perform and manipulate nmap scans using perl.

SYNOPSIS

Perl extension for performing nmap (www.insecure.org/nmap) scans.

use Nmap::Scanner;

# Batch scan method

my $scanner = new Nmap::Scanner;
$scanner->tcp_syn_scan();
$scanner->add_scan_port(1-1024);
$scanner->add_scan_port(8080);
$scanner->guess_os();
$scanner->max_rtt_timeout(200);
$scanner->add_target(some.host.out.there.com.org);

# $results is an instance of Nmap::Scanner::Backend::Results
my $results = $scanner->scan();

# Print the results out as an well-formatted XML document
print $results->as_xml();

# Event scan method using *new* easier way to set scan options.

my $scanner = new Nmap::Scanner;
$scanner->register_scan_started_event(&scan_started);
$scanner->register_port_found_event(&port_found);
$scanner->scan(-sS -p 1-1024 -O --max-rtt-timeout 200 somehost.org.net.it);

sub scan_started {
my $self = shift;
my $host = shift;

my $hostname = $host->name();
my $addresses = join(,, map {$_->address()} $host->addresses());
my $status = $host->status();

print "$hostname ($addresses) is $statusn";
}

sub port_found {
my $self = shift;
my $host = shift;
my $port = shift;

my $name = $host->name();
my $addresses = join(,, map {$_->addr()} $host->addresses());

print "On host $name ($addresses), found ",
$port->state()," port ",
join(/,$port->protocol(),$port->portid()),"n";

}

This set of modules provides perl class wrappers for the network mapper (nmap) scanning tool (see http://www.insecure.org/nmap/). Using these modules, a developer, network administrator, or other techie can create perl routines or classes which can be used to automate and integrate nmap scans elegantly into new and existing perl scripts.

If you dont have nmap installed, you will need to download it BEFORE you can use these modules. Get it from http://www.insecure.org/nmap/. You will need nmap 3.10+ installed to use all the features of this module.