Autovirus walkthrough

From Ye Ole Stash
Jump to: navigation, search

What it is

This is a simple automagic virus scan that when you drop a file into a folder is scans it and moves it to a folder based on if its clean or infected. It has several uses but mostly it was for me to scan files I downloaded from the net quickly. It was also a exercise for me in SELinux as I keep finding new ways to see how it doesn't like you doing much of anything on a system :)


Free CLI Virus/Malware Scanners for Linux (Updated Oct 2011 but likely to change)

Selinux

  • This is all assuming you are not getting this error: 
You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"
If you are it might be a good idea to do as it says...it only took about a hour on a 4TB system so its not that bad. Then again you can try and hack around it, your call !


  • Different ways to fix the SELINUX Problem
  • Not Run SELinux...but really..this isnt the best way to do things (although it is easy ;) )
  • Run incrond in the foreground via ``incrond -n`` via daemontools or something along those lines.
  • Write your own SELinux policy.
  • Phase 1 - Create the policy from what I found works (you might have to modify ....but I doubt it)
  • Copy this to a tmp file called /tmp/clamscanforincron.te 
module clamscanforincron 1.0;
 
require {
        type default_t;
        type file_t;
        type clamscan_t;
        class file { read getattr open };
        class dir search;
}
 
#============= clamscan_t ==============
#!!!! This avc is allowed in the current policy
 
allow clamscan_t default_t:dir search;
allow clamscan_t default_t:file open;
#!!!! This avc is allowed in the current policy
 
allow clamscan_t default_t:file { read getattr };
#!!!! This avc is allowed in the current policy
 
allow clamscan_t file_t:dir search;
  • Next do this 
[root@stardust tmp]# checkmodule -M -m -o /tmp/clamscanforincron.mod /tmp/clamscanforincron.te 
checkmodule:  loading policy configuration from /tmp/clamav.te
checkmodule:  policy configuration loaded
checkmodule:  writing binary representation (version 10) to clamscanforincron.mod
#Next...
[root@stardust tmp]# semodule_package -o /tmp/clamscanforincron.pp -m /tmp/clamscanforincron.mod
#And finally...
[root@stardust tmp]# semodule -i /tmp/clamscanforincron.pp
  • Verify it loaded... 
[root@stardust ~]# semodule -l | grep clamscanforincron
clamscanforincron	1.0
Retrieved from "http://www.misterx.org/wiki/index.php/Autovirus_walkthrough"
Personal tools