Anti virus

From Atomicorp Wiki
Revision as of 16:56, 19 May 2010 by Scott (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Description

ASL has a kernel space anti-virus module. As of version 2.2.6 this module is not activated by default. The basic behaviour when activated is to mark up malware with permissions of 000 and send an alert via logs.


Installation

Step 1) ASL kernel 2.6.29 and above required


Step 2) Install kernel modules 

 yum install kmod-dazuko

Step 3) Enable setting in /etc/asl/config 

 CLAMAV_ENABLED="yes"
 CLAMAV_ENABLE_DAZUKO="yes"

Step 4) Set directories to monitor in /etc/asl/dazuko-include. (Note this file may not exist, this is normal). One line per entry 

 /path/to/directory
 /path/to/directory2

Step 5) Optional, set directories to exclude in /etc/asl/dazuko-exclude. (Note this file may not exist, this is normal). One line per entry 

 /path/to/directory/exclude1
 /path/to/directory/exclude2

Step 6) Update the security policy with: 

 asl -s -f

Step 7) Reboot 

 reboot
Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=Anti_virus&oldid=855"
Personal tools