Install AnsavAnti Virus in Ubuntu Server

Playing around with anti virus lead me to ansav, a free anti virus that convince me to give it a chance for our linux server.

Installation process is simple as 123 :

1. Download core engine and update from here.

2. Install ansav.

dpkg -i ansav-linux-i386.deb

3. Move latest update to /etc/ansav

mv dbs.anv /etc/ansav/

4. Checking if it work

# ansav

—————————————————————
ANSAV 2.0.11  beta-3 (Linux.2.6.28-11-server)
updated: 16.05.2009
total: 1329 signatures inside
—————————————————————

for more command use –help

# ansav –help

—————————————————————
ANSAV 2.0.11  beta-3 (Linux.2.6.28-11-server)
updated: 16.05.2009
total: 1329 signatures inside
—————————————————————

USAGE:
ansav [options] [path]

OPTIONS:
-v   verbose mode.
-w   show malware list from database
show also list from external (dbs.anv) if exists.
-f   enable auto fix for every detected threat.
-d   enable auto deletion for every detected threat.
if -f and -d specified auto deletion will be used
for unfixable threat. This rule not affected for suspected object
or you can force delete use `–force-kill` instead.
-r   scan recursively.
-p   format output to pipeline friendly.

EXAMPLE:

ansav -vf /mnt/f

scan and fix every detected threat in directory /mnt/f.

ansav -vfd /mnt/f

scan and fix every detected threat in directory /mnt/f
and delete threat if fix fail.

Need to test it against local virus.

WARNING: Crypto package not found. Some features will fail.

That message show up when I scan conflicker in our lan.

After some google, I know the answer :

In FreeBSD :

# cd /usr/ports/security/py-pycrypto && make install

In Ubuntu :

# apt-get install python-crypto

Done.

NO more error message I guess.

Detect conflicker in our LAN

Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free 🙂

Detect from Windows machine :

Download detector from Florian Roth, click here.

Save and extract to any folder, I choose C.

Make sure to run it from comman line :

C:\scs2-win32>scs2.exe 172.88.1.95  172.88.1.100

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth

[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
Done

Detect from Linux machine ( I use Ubuntu 9.04 server) :

# apt-get install python-impacket

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip

# cd scs2

# ./scs2.py 172.88.1.1 172.88.1.50

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[UNKNOWN]  172.88.1.10: No response from port 445/tcp.
[UNKNOWN]  172.88.1.14: No response from port 445/tcp.
[UNKNOWN]  172.88.1.8: No response from port 445/tcp.
[UNKNOWN]  172.88.1.5: No response from port 445/tcp.
[UNKNOWN]  172.88.1.9: No response from port 445/tcp.
[CLEAN]    172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.50: No response from port 445/tcp.[CLEAN]    172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.

[CLEAN]    172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[CLEAN]    172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.1: No response from port 445/tcp.
[UNKNOWN]  172.88.1.4: No response from port 445/tcp.
[UNKNOWN]  172.88.1.6: No response from port 445/tcp.
[UNKNOWN]  172.88.1.7: No response from port 445/tcp.
[UNKNOWN]  172.88.1.11: No response from port 445/tcp.
[UNKNOWN]  172.88.1.12: No response from port 445/tcp.
[UNKNOWN]  172.88.1.13: No response from port 445/tcp.
[UNKNOWN]  172.88.1.16: No response from port 445/tcp.
[UNKNOWN]  172.88.1.17: No response from port 445/tcp.
[UNKNOWN]  172.88.1.18: No response from port 445/tcp.
[UNKNOWN]  172.88.1.19: No response from port 445/tcp.
[UNKNOWN]  172.88.1.20: No response from port 445/tcp.
[UNKNOWN]  172.88.1.21: No response from port 445/tcp.
[UNKNOWN]  172.88.1.26: No response from port 445/tcp.
[UNKNOWN]  172.88.1.30: No response from port 445/tcp.
[UNKNOWN]  172.88.1.31: No response from port 445/tcp.
[UNKNOWN]  172.88.1.32: No response from port 445/tcp.
[UNKNOWN]  172.88.1.33: No response from port 445/tcp.
[UNKNOWN]  172.88.1.35: No response from port 445/tcp.
[UNKNOWN]  172.88.1.36: No response from port 445/tcp.
[UNKNOWN]  172.88.1.37: No response from port 445/tcp.
[UNKNOWN]  172.88.1.39: No response from port 445/tcp.
[UNKNOWN]  172.88.1.40: No response from port 445/tcp.
[UNKNOWN]  172.88.1.41: No response from port 445/tcp.
[UNKNOWN]  172.88.1.44: No response from port 445/tcp.
[UNKNOWN]  172.88.1.45: No response from port 445/tcp.
[UNKNOWN]  172.88.1.46: No response from port 445/tcp.
[UNKNOWN]  172.88.1.49: No response from port 445/tcp.

Detect using FreeBSD machine :

# cd /usr/ports/net/py-impacket && make install

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip &&  cd scs2

# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[CLEAN]    172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[UNKNOWN]  172.88.1.92: No response from port 445/tcp.
[UNKNOWN]  172.88.1.91: No response from port 445/tcp.
[UNKNOWN]  172.88.1.93: No response from port 445/tcp.
[UNKNOWN]  172.88.1.94: No response from port 445/tcp.
[UNKNOWN]  172.88.1.95: No response from port 445/tcp.
[UNKNOWN]  172.88.1.97: No response from port 445/tcp.
[UNKNOWN]  172.88.1.98: No response from port 445/tcp.
[UNKNOWN]  172.88.1.99: No response from port 445/tcp.
Done
#

Time to patch those infected machine.

Install OpenNMS on FreeBSD

Download

# cd /usr/ports/net-mgmt
# wget -c http://www.geeklan.co.uk/files/opennms/opennms-164-freebsd-port.tgz

–2009-05-15 03:17:40–  http://www.geeklan.co.uk/files/opennms/opennms-164-freebsd-port.tgz
Resolving www.geeklan.co.uk… 93.97.185.103
Connecting to www.geeklan.co.uk|93.97.185.103|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 15093 (15K) [application/x-tar]
Saving to: `opennms-164-freebsd-port.tgz’

100%[=====================================================================================================>] 15,093      5.23K/s   in 2.8s

2009-05-15 03:17:45 (5.23 KB/s) – `opennms-164-freebsd-port.tgz’ saved [15093/15093]

Extract and delete

# tar xvzf opennms-164-freebsd-port.tgz && rm opennms-164-freebsd-port.tgz

x opennms/
x opennms/files/
x opennms/distinfo
x opennms/pkg-descr
x opennms/pkg-message
x opennms/pkg-plist
x opennms/Makefile
x opennms/files/opennms.in
x opennms/files/patch-maven-conf_settings.xml
x opennms/files/patch-pom.xml

read more »

Read chm file in opensuse

zypper camo into rescue when I need to read chm file in opensuse :

# zypper install chmsee

Reading installed packages…

The following NEW packages are going to be installed:
chmsee chmlib

Overall download size: 136.0 K. After the operation, additional 295.0 K will be used.
Continue? [YES/no]: y
Downloading package chmlib-0.39-101.9.i586 (1/2), 30.0 K (65.0 K unpacked)
Downloading: chmlib-0.39-101.9.i586.rpm [done (2.8 K/s)]
Installing: chmlib-0.39-101.9 [done]
Downloading package chmsee-1.0.1-1.13.i586 (2/2), 106.0 K (230.0 K unpacked)
Downloading: chmsee-1.0.1-1.13.i586.rpm [done (2.2 K/s)]
Installing: chmsee-1.0.1-1.13 [done]

chmsee, ready to serve me 🙂