stevepedwards.com/DebianAdmin linux mint IT admin tips info

Linux Anti Virus 3 – Comodo AV

Of the prior two AV solutions looked at so far, this is the best AND easiest GUI based AV App to install, setup and use.

https://www.comodo.com/?prod=antivirus-for-linux&track=6129&key5sk1=1ad03c7599d581a662868ac8bd4f42b0fede3c7f&key5sk0=6129

A simple install after a .deb package download from the above link for (in my case) linux Mint, then the package install using:

dpkg -i     /cav-linux_1.1.268025-1_amd64.deb

installing a missing dependency:

apt-get install libssl0.9.8

then running:

/opt/COMODO/post_setup.sh

as per the instructions, and agreeing to the license:

The AV prog is found under Applications/other :

First, update the sig DB:

Then run the Diagnostics:

I just ignored this warning at this stage, as it's the Install script all over again, so looks like you have to research where to get and how to install the missing ".ko" modules.

This seems to affect the network scans of directories, which don't seem to scan fully, recursively, but local disks do...hmm research required.

Now for a test run on your Eicar virus test directory:

Hmmm? No Eicar threat found – really..??

Just like Windows MSAV which can't detect this Eicar file either?! This is weird.

 

But Clamav DOES notify that this test file shows as a virus!

# clamscan -vir /Quadra/Ei*/

Scanning /Quadra/Eicar/Bad.txt

/Quadra/Eicar/Bad.txt: Eicar-Test-Signature FOUND

Scanning /Quadra/Eicar/cleanFile1.txt

Scanning /Quadra/Eicar/cleanFile2.txt

I have tested the Apps locally too to remove any network aspect non functionality, and both MSAV and Comodo still do NOT react to the Eicar file. I guess some programmers just don't think anyone would want to test their AV software, but just accept that it will work...?

Still, Comodo later did warn of other possible threats after a MyComputer scan of the linux box:

So, how does Comodo fare running against an SSL Win7 system C: drive from a Linbox?

As Mint mounts this separate drive locally, it has access permissions to the Windows C drive, and as it's a 120GB SSL drive it scanned it very quickly – 8 mins or so:

Well, I'm glad it did not actually find anything as this is my dual boot Lin/Win7 PC.

I quite like the old fashioned design of this prog – like 90's FTP software, so basic and easy to use.

It has a mail filter too, for those using any of the main MTA servers such as Exim, Sendmail etc.:

There is a fair amount of control over settings:

It also has some command line options found if you tab after:

sudo /opt/COMODO/
cav cmdscan etc/ qmail-queue-cmg
cavdiagnostic cmdtcpd load_cav.sh repair/
cavlogviewer cmgdaemon load_cmdagent.sh scanners/
cavscan database/ load_cmgdaemon.sh share/
cavupdater db/ menu/ tmp/
cmdagent doc/ post_setup.sh translations/

You can run a file/dir scan verbosely:

sudo /opt/COMODO/cmdscan -vs /home/stevee/

cavcmd.png

On the whole, pretty good, except for the few missing ".ko" files which, I suspect, make it misbehave when accessing network files due to the way it may needs to work with the implementation of VFS as a bit of quick research intimated:

http://www.redirfs.org/docs/thesis/thesis.pdf

I really don't want to look into this! This is 2015, and I expect any and all software released to just WORK! If something is missing it should be able to get it for you if there is a diagnostics function to highlight it. Bloody half baked programmers again...

I am now curious to install it on a Win box and see if there is a similar issue.

 

Comments are closed.

Post Navigation