Avast! virus scanner

Great, this has a GTK-based GUI scanner, as well as a commandline scanner. Avast! is a commercial product, but free for personal use. It requires a license key to use, which is sent via email.

Here is the project Linux-edition home:
http://www.avast.com/linux-home-edition

Here is a review, comparing virus scanners for Linux:
http://www.tuxradar.com/content/get-best-virus-scanner-linux

I have created a PET. This does not have the signature file. At first startup, it will ask for the license key, and has a button to go to the web page to obtain the key. Once that is provided, the program then sees that there is no signature file and offers to download it -- it is big, 44MB.

When I first did this download of the signature file, the program spat out an error message then quit:

An error occurred in Avast! engine: invalid argument

However, I found the solution here:
http://www.facebook.com/topic.php?uid=38282497425&topic=14021

I inserted this code into /usr/lib/avast4workstation/bin/wrapper-script.sh:

SHMMAX=`sysctl -n kernel.shmmax`
[ $SHMMAX -lt 128000000 ] && sysctl -w kernel.shmmax=128000000


Avast! PET (2.5MB, 2.7MB):
http://distro.ibiblio.org/quirky/pet_packages-common/avast-1.3.0-puppy.pet
http://distro.ibiblio.org/quirky/pet_packages-common/avast_NLS-1.3.0-puppy.pet


Posted on 24 Sep 2011, 8:22


Comments:

Posted on 24 Sep 2011, 11:08 by ozsouth
Avast
Nice tip, Barry. I found I had to exclude the /sys folder in a Lucid 528 frugal installation, as the scan would stall & require ctrl-alt-bkspc. Aside from that, it worked well. I have Avast on my Win7 partition & am happy with that too.


Posted on 24 Sep 2011, 12:15 by 8-bit
Avast av bug
I assume you have not tried the Update button yet.
I did and update would fail.
The solution to this is to edit /proc/sys/kernel/shmmax and change the value there to 128000000.

But since you have made Avast available in a PET, I thought I would pass that along. This is in version 1.3.0 and I do not know if it effects other versions.


Posted on 24 Sep 2011, 12:21 by 8-bit
learning to read
I passed right over your fix for the error when reading your announcement on Avast.
But I never edited the script like you did and instead, edited shmmax directly.
I had read a review of linux antivirus packages and fprot failed to find viruses that Avast found so I installed Avast.


Posted on 24 Sep 2011, 14:53 by Terryphi
Avast - good
I have used Avast on Windows boxes for years. It is very reliable with low overheads. Good move to make a pet available for those who feel the need for it.


Posted on 24 Sep 2011, 15:03 by Sage
Avast
Ah yes, I remember it well from my former incarnation with my glazing escapades. Avast was regularly maligned as barely above scam status in many reviews. Plenty of spivs in the anti-virus games, one of the worst being Norton! Only ever got infected three times in a couple of decades with 3.1 & 98. The first via a email from a trade client which I intercepted immediately, a second when overly curious about promises of magic SW for free on a rogue site and more recently ~5yrs ago by a trojan of unknown origin. The first one was a very long time ago and a vigorous complaint led to five star treatment for many years by the company responsible, the second and third were easily detected and dealt with. Notwithstanding, it would be much more difficult for punters to manage their systems in any Linux distro as it is infinitely more complex in structure and digestible documentation written for users is almost absent. For ordinary folk sometimes there is merit in oversimplification, even bad coding - it's all there before your very eyes, warts and all!
Avast? No thanks.


Posted on 24 Sep 2011, 15:30 by lobster
Virus found
here are my avast adventures . . .
http://www.murga-linux.com/puppy/viewtopic.php?p=567118#567118

Just found another virus . . .


Posted on 24 Sep 2011, 18:29 by BarryK
Cut out /sys
Lobster,
I see from your snapshot that Avast is locking up in /sys.
ozsouth has the solution, exclude /sys. I would think also that you should exclude /proc.

One would think think that Avast by default should be setup to exclude those. I wonder if I could put that into the PET?



Posted on 25 Sep 2011, 3:10 by Charles_Xavier
more of the same
Sage,

Check your keyboard. Scarcely a day passes that something moronic doesn't escape from that thing. Might want to have it checked.


Posted on 25 Sep 2011, 5:45 by lobster
eh yes please . . .
One would think think that Avast by default should be setup to exclude those. I wonder if I could put that into the PET?

Hope so. 6 PH viruses, one Windows virus(when I did not even use it) and a system lock up, not even a complete scan - all before breakfast, is too much for me . . .


Posted on 25 Sep 2011, 6:00 by Sage
"6 PH viruses, one Windows virus(when I did not even use it) and a system lock up, not even a complete scan "
False positives, irrelevant listings, etc etc - can't say I didn't warn you! There are companies making $$$m offering 'dozers 'free on-line scans', finding non-existent malware and selling dud virus checkers on the back of it. Some of these spivs are so wide, their purchased detectors actually install malware! It's all recorded on the Interweb if you can sort the dross from the facts.
Fortunately, not everyone is as ignorant as Charles_Xavier.


Posted on 25 Sep 2011, 9:22 by cthisbear
Stop Process to kill trojans
Avast >> is known 4 false positives.

But if you have had viruses in Windows,
you would do best to run the latest versions of

RKill >> to stop processes
by bleepingcomputer.
They have good guides on their site.

http://www.bleepingcomputer.com/download/anti-virus/rkill

""""
Hitman Pro...which gives you a one time
free fix...and it scans over the net...

http://www.surfright.nl/en

:::::::

and use Malwarebytes Free Antimalware.

http://www.malwarebytes.org/products/malwarebytes_free

"""""""""""

Rogue Killer
Heavy duty Stop Trojan Processes running
if >> rkill won't

http://tigzy.geekstogo.com/Tools/RogueKiller.exe

http://www.geekstogo.com/forum/files/file/413-roguekiller/

http://www.sur-la-toile.com/RogueKiller/

"""""""

Kaspersky TDS Killer

http://support.kaspersky.com/faq/?qid=208280684

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

"""""""''

Combo Fix...use with care

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Majorgeeks...
which has often mentioned
a Puppy release has excellent downloads.

http://majorgeeks.com/

Anti-Spyware

http://majorgeeks.com/downloads31.html

Anti-Virus

http://majorgeeks.com/downloads29.html

Chris.




Posted on 25 Sep 2011, 11:22 by lobster
Virus scam
Thanks guys
Chris have put your links here
http://puppylinux.org/wikka/VirusScam
May try some of your solutions. Many thanks.

Sage
Avast seems to have grayed out/locked whilst still using CPU time. It is almost like a virus . . .
Maybe as courtesy service for the Windows user . . . for Linux users it is curing a problem they do not have with a solution that does not work.

Thanks to Barry for the reminder of Windowing hell (Puppy has rescued me from it) . . . some will find a use for Avast pet


Posted on 25 Sep 2011, 13:28 by Sage
Virii and malware
It was told to me that only a few immature kiddies bother with virii these days and most of those are based on patterns from yesteryear. For 419ers determined to relieve you of your hard earned, the last thing they want to do is disable your conduit to them! Apart from which, in 'dozey PCs virii can be cleansed via the registry (oh yes, it's still there in 7). Trojans, worms and the like want to clone you into the Host, rip off your address book and steal your passwords. A whole new coding regime pertains in Unix & derivatives which is neither within the capabilities of most crooks nor is the audience sufficient (yet!) to make it worthwhile developing for - and felons are lazy, by definition. At present, the criminal fraternity is concentrating on the mobile market; Nokia is about to hand them a glittering prize along with Samsung Omnia 7 owners.
Stay smart is still the best maxim.


Posted on 25 Sep 2011, 21:25 by happypuppy
AV for Linux
Best AV scanner for Linux:

The good old AntiVir commandline scanner is still the best IMO.

Use this guide:
http://www.murga-linux.com/puppy/viewtopic.php?t=32156

with the following changes:

Step 5: Don't download the (outdated) key from the link in the forum thread.
Get the latest key from here instead:
http://dlce.antivir.com/down/windows/hbedv.key

Step 6: Instead of using the generic -s switch, use a long, custom series of switches to maximise the detection rate/efficiency of the scanner. Run "./antivir --help" for more details.


Alternatives:

You can also use the superior cloud-based virus scanner VirusTotal:
http://www.virustotal.com
to scan individual files for Windoze viruses and malware.

Happy cleaning :D



Posted on 25 Sep 2011, 21:30 by happypuppy
Viruses and monkeys
The correct plural is VIRUSES, not virii.

and BTW, SeaMonkey 2.4 is out :)



Posted on 25 Sep 2011, 24:10 by Sage
The correct plural is VIRUSES, not virii.
Yes, I know that, but:
a)it doesn't sound right with -es
b)it sounds like another Americanisation
c)Latin doesn't always defer to the Greek origin - it all depends...


Posted on 26 Sep 2011, 2:27 by 8-bit
exclusions
In my case, I just got through with a "full system scan" using Avast.
Before I did the scan, I excluded "/sys, /proc, and /mnt".
In excluding /mnt, I was trying to get away from scanning files twice.
I should have left /mnt though and instead added /initrd/mnt.

Anyway, after the scan, no infections were found.
But it took a while as all of the /initrd/mnt locations were scanned and maybe that is duplication in scanning files.