While malware and viruses on Linux machines are quite rare, on Windows dual boot machines it can be useful to have a scanner that can evaluate the Windows installations while booted into Linux. In this article, the installation and usage for several workstation product are detailed, using the free-for-personal-use or trial editions on Linux Mint 15 + MATE on a 64 bit Intel machine.

Products:


 

F-Prot

F-Prot offers anti-virus for a wide variety of both 32bit (x86) and 64bit (x64, amd64) Unices, including Linux. The Home User Linux Workstation version comes with a 30 day free trial license.

Installation

Installation is not tied to any packaging management, but instead accomplished via a Perl script (install-f-prot.pl) run as root. In this case, it was installed to /opt/f-prot. The installer script added man pages and /usr/bin symlinks correctly, as well as a cron job to regularly update the virus definitions. No errors were encountered.http://www.mysolutions.it/wp-admin/post.php?post=729&action=edit&message=10

Updating Defintions

The virus definitions were updated as part of the installation process, and the update completed without issue.

Usage

F-prot is a command line tool, and is extremely user friendly. After a quick look at the documentation in /opt/f-prot/doc/html/Helpfiles_v6/index.html, I found a procedure to test installation (passed) and a quick example as to how to perform a scan as well as a complete listing of all command line options.

Scanning Files

A scan of test files worked without errors or other issues, and produced significant results – F-Prot caught 352 infected files that were missed by a Microsoft Security Essentials full scan, and completed the scan in an hour and forty five minutes as opposed to Security Essentials eight and a half hours.

$ fpscan -o /home/test-user/Desktop/fprot.txt --disinfect /mnt/test-data/

Results:

Files: 190436
Skipped files: 772
MBR/boot sectors checked: 0
Objects scanned: 3076737
Infected objects: 352
Infected files: 352
Files with errors: 123
Disinfected: 282

Running time: 105:41

Final Grade & Thoughts

Final Grade: 8 / 10
A front end GUI for the installer and the app would boost this to a 10/10, as there are more GUI only Linux users every day.

 

BitDefender

BitDefender only offers Linux anti-virus for business users – there is no home user edition. There is a free 30 day trial, with the option to register for a free 1 year license key on BitDefender’s website, launched via a button in the GUI. Oddly, when using the scanner with the Business edition trial it reports “This program is licensed for home or personal use only. Usage in an office or production environment represents a violation of the license terms,” suggesting that the programming team and the marketing team need more integration/oversight.

Installation

BitDefender’s installation was originally attempted via the company’s package repository:

$ wget http://download.bitdefender.com/repos/deb/bd.key.asc -O - 2>/dev/null | sudo apt-key add -
$ sudo apt-add-repository 'deb http://download.bitdefender.com/repos/deb/ bitdefender non-free'
$ sudo apt-get update
$ sudo apt-get install bitdefender-scanner-gui bitdefender-common

BitDefender can be launched from the command line using bdgui, but in this case the installer even added a nice BitDefender icon to the Menu’s “System Tools” section:

Start Menu BitDefender

Start Menu BitDefender

BitDefender can also be installed by downloading a packaged installer from their website. The BitDefender download page was remarkably difficult to find, and the link is located below the fold near the bottom of the page.

Updating Definitions

The virus definition update is manually triggered in the GUI using the “Update” button. The update completed without issues.

Usage

GUI

The GUI is quite attractive and easy to use:

BitDefender GUI

BitDefender GUI

Unfortunately, it also crashes instantly with a segfault the instant you click the “Scanner” button. The first error reported was “(bdgui:13139): Gtk-WARNING **: Error loading theme icon ‘edit-find’ for stock: Fatal error reading PNG image file: Invalid IHDR data“, and after that it simply reported “Segmentation fault” every time the “Scanner” button was clicked.

CLI

The command line interface performed well. While it does not install the nice HTML help files that F-Prot includes, it does install man pages and there is an excellent guide available for download.

Unfortunately, it too crashes with a segfault as soon as it reaches the “Loading plugins” phase.

Scanning Files

Scanning is nightmarish.  Even with the scanner action specified a “disinfect” if BitDefender couldn’t disinfect a file it deleted the suspicious file.  This side effect is not listed in the documentation.  Not only that, but a far more reasonable action would be to quarantine the file, not delete it!  A false positive could easily wind up erasing an innocent and important file.

As well, the “no-list” option did not work; this should exclude logging of file names except for suspicious/infected files.  Instead every file was listed, creating a log file several hundred megabytes in size.  This could easily wind up crippling a system with a small amount of space for /var/log!

Scanning was terminated after 240 minutes without having completed, as the log file was getting far too large to handle (366MB).

$ bdscan –recursive-level=16 –action=disinfect –no-list –log-overwrite –log=/home/test-user/Desktop/bdscan.txt /mnt/test-data/

Final Grade & Thoughts

Final Grade: 0 / 10
Such a major fail as a segfault shouldn’t go unnoticed… and in fact, it hasn’t. On BitDefender’s Unices Blog (to which there is no link from the main site that I could find) is an article describing the problem and how to manually correct it. Published 18 months ago, in November 2011!  Also, the fix only works for the command line version – the GUI version still segfaults.Obviously the Linux market is not important to BitDefender, or it would have managed to patch this in the last year and a half since a fix was discovered.  Plus, many of the features simply don’t work as documented and could delete important, innocent files or file up a file system with useless logs.  As such, BitDefender can’t be recommended as a serious anti-virus tool for any Linux user.The fix: (must be run as root user)

# cat /opt/BitDefender-scanner/var/lib/scan/versions.dat.* | \
      awk '/bdcore.so.linux/ {print $3}' | \
      while read bdcore_so; do
          touch /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;
          bdscan --update;
          mv /opt/BitDefender-scanner/var/lib/scan/bdcore.so \
              /opt/BitDefender-scanner/var/lib/scan/bdcore.so.old;
          ln -s /opt/BitDefender-scanner/var/lib/scan/$bdcore_so \
              /opt/BitDefender-scanner/var/lib/scan/bdcore.so;
          chown bitdefender:bitdefender \
              /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;
      done

 

p5rn7vb