8.8. 病毒工具

There are not many anti-virus tools included with Debian GNU/Linux, probably because GNU/Linux users are not plagued by viruses. The Unix security model makes a distinction between privileged (root) processes and user-owned processes, therefore a "hostile" executable that a non-root user receives or creates and then executes cannot "infect" or otherwise manipulate the whole system. However, GNU/Linux worms and viruses do exist, although there has not (yet, hopefully) been any that has spread in the wild over any Debian distribution. In any case, administrators might want to build up anti-virus gateways that protect against viruses arising on other, more vulnerable systems in their network.

当前的 Debian GNU/Linux 提供如下用于构建防火墙环境的工具:

http://www.clamav.net, provided since Debian sarge (3.1 release). Packages are provided both for the virus scanner (clamav) for the scanner daemon (clamav-daemon) and for the data files needed for the scanner. Since keeping an antivirus up-to-date is critical for it to work properly there are two different ways to get this data: clamav-freshclam provides a way to update the database through the Internet automatically and clamav-data which provides the data files directly. ^[56]
mailscanner an e-mail gateway virus scanner and spam detector. Using sendmail or exim as its basis, it can use more than 17 different virus scanning engines (including clamav).
libfile-scan-perl 提供 File::Scan 一个扫描病毒的 perl 扩展. 此模块可用于制作 plataform 独立病毒扫描器.
http://www.sourceforge.net/projects/amavis, provided in the package amavis-ng and available in sarge, which is a mail virus scanner which integrates with different MTA (Exim, Sendmail, Postfix, or Qmail) and supports over 15 virus scanning engines (including clamav, File::Scan and openantivirus).
http://packages.debian.org/sanitizer, a tool that uses the procmail package, which can scan email attachments for viruses, block attachments based on their filenames, and more.
http://packages.debian.org/amavis-postfix, a script that provides an interface from a mail transport agent to one or more commercial virus scanners (this package is built with support for the postfix MTA only).
exiscan, 一个用 perl 写的基于 Exim 的电子邮件病毒扫描器.
blackhole-qmail 一个 Qmail 的垃圾过滤器, 内置支持 Clamav.

一些网关守护进程已经支持工具扩展, 以构建防病毒环境, 其包括 exim4-daemon-heavy (Exim MTA 的 heavy 版), frox(一个透明缓存的 ftp 代理服务器), messagewall(一个 SMTP 代理守护进程), 和 pop3vscan (透明的 POP3 代理).

Debian currently provide clamav as the only antivirus scanning software in the main official distribution and it also provides multiple interfaces to build gateways with antivirus capabilities for different protocols.

Some other free software antivirus projects which might be included in future Debian GNU/Linux releases:http://sourceforge.net/projects/openantivirus/ (see http://bugs.debian.org/150698 and http://bugs.debian.org/150695 ).

FIXME: Is there a package that provides a script to download the latest virus signatures from http://www.openantivirus.org/latest.php?

FIXME: Check if scannerdaemon is the same as the open antivirus scanner daemon (read ITPs).

However, Debian will never provide propietary (non-free and undistributable) antivirus software such as: Panda Antivirus, NAI Netshield, http://www.sophos.com/, http://www.antivirus.com, or http://www.ravantivirus.com. For more pointers see the http://www.computer-networking.de/~link/security/av-linux_e.txt. This does not mean that this software cannot be installed properly in a Debian system ^[57].

For more information on how to set up a virus detection system read Dave Jones' article https://web.archive.org/web/20120509212938/http://www.linuxjournal.com/article/4882.

^[56] If you use this last package and are running an official Debian, the database will not be updated with security updates. You should either use clamav-freshclam, clamav-getfiles to generate new clamav-data packages or update from the maintainers location:

  deb http://people.debian.org/~zugschlus/clamav-data/ /
  deb-src http://people.debian.org/~zugschlus/clamav-data/ /

^[57] Actually, there is an installer package for the F-prot antivirus, which is non-free but gratis for home users, called f-prot-installer. This installer, however, just downloads http://www.f-prot.com/products/home_use/linux/ and installs it in the system.