Linux 下安装 McAfee VirusScan

Linux 下安装 McAfee VirusScan，目前在其官方网站上为 vlp4510e.tar.Z，下载后开始安装：

# mkdir /tmp/uvscan
# tar -zxvf vlp4510e.tar.Z -C /tmp/uvscan
# cd /tmp/uvscan
# ./install-uvscan    （注明，默认情况下，uvscan 是安装在 /usr/local/uvscan ）

Which directory do you want to install into? [/usr/local/uvscan]
/usr/local/uvscan doesn't exist. Create it? [y]/n
Do you want to create the link(s) to uvscan in /usr/local/bin [y]/n
Do you want to create the link(s) to uvscan_secure in /usr/local/bin [y]/n
Do you want to create the link(s) to liblnxfv.so.4 in /usr/local/lib [y]/n
Do you want to create the link(s) to uvscan.1 in /usr/local/man/man1 [y]/n
/usr/local/man/man1 doesn't exist. Create it? [y]/n

Installation complete.

Do you want to perform a scan of all filesystems y/[n]

依据你的实际使用情况，选择确定上面的信息。

安装完毕后，我们就开始测试 uvscan 是否安装成功了？

在系统中建立一个文件 test.com ，其内容为：

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

使用以下命令：

/usr/local/uvscan/uvscan /tmp/test.com

如果出现下面的类似信息，则表明你的 uvscan 已经安装成功了。

       Found: EICAR test file NOT a virus.
Thank you for choosing to evaluate VirusScan from McAfee.
This  version of the software is for Evaluation Purposes Only and may be
used  for  up to 30 days to determine if it meets your requirements.  To
license  the  software,  or to  obtain  assistance during the evaluation
process,  please call (408) 988-3832.  If you  choose not to license the
software,  you  need  to remove it from your system.  All  use  of  this
software is conditioned upon compliance with the license terms set forth
in the README.TXT file.

至于信息里面还有以下内容：

This program is more than   3 months old. New viruses come out all the
time - we would suggest that you upgrade your copy.
/tmp/test.com

就不需要担心了，只是 uvscan 提示病毒库较旧而已。接下来，我们就写个病毒库更新脚本： uvscan-update.sh ，内容如下：

#!/bin/bash

FileSource='ftp://ftp.nai.com/pub/antivirus/datfiles/4.x'
WorkDir='/usr/local/uvscan'
RemoveOldData='yes'

# 检测系统是否安装了 wget 这个下载程式?

if [ ! -f '/usr/bin/wget' ]; then
       echo "**        Sorry, this script should run with [ wget ] package installed !!!"
       echo "**        now, exiting..."
       echo ""
       exit 1
fi

echo ""
echo "# -----------------------------------------------------------------------------"
echo ""
echo "Updating the McAfee's virus data @ `date` by $USER..."
echo ""

cd "$WorkDir"

# 删除旧的 ini 文件

if [ -f update.ini ]; then
       echo "  Removing the old update.ini..."
       rm -rf update.ini
fi

# 判断旧的病毒库版本

if [ -f update.ini.old ]; then
       OldDatVer=$(grep "DATVersion" update.ini.old | sed -n 1p | cut -d "=" -f 2 | tr -d '\r')
       echo "  The working version of McAfee's virus data is $OldDatVer."
else
       OldDatVer='0000'
fi

# 判断新的病毒库版本

echo "  Downloading $FileSource/update.ini..."
echo ""
wget "$FileSource/update.ini"
if [ $? -gt 0 ]; then
       echo ""
       echo "**        Sorry, the download of $FileSource/update.ini was failed. exiting..."
       echo ""
       exit 1
fi
NewDatVer=$(grep "DATVersion" update.ini | sed -n 1p | cut -d "=" -f 2 | tr -d '\r')
echo "  The last version of McAfee's virus data is $NewDatVer."

# 如果两者版本不同，则下载新的病毒库

if [ "$OldDatVer" = "$NewDatVer" ]; then
       echo "  The McAfee's virus data is up to date. It's no need to update."
else
       if [ -f "dat-$NewDatVer.tar" ]; then
               # 如果该病毒库已存在，则不重复下载
               echo "**        The McAfee's virus data (dat-$NewDatVer.tar) is exist, (Strange!!)."
               echo "**        The download is canceled."
       else
               echo "  Downloading $FileSource/dat-$NewDatVer.tar..."
               echo ""
               # 开始下载新的病毒库
               wget "$FileSource/dat-$NewDatVer.tar"
               if [ $? -gt 0 ]; then
                       echo "**        Sorry, the download of $FileSource/dat-$NewDatVer.tar was failed. exiting..."
               echo ""
               exit 1
               fi
       fi

       # 确定新的病毒库是否正确下载了
       # 可惜没有 md5 码可以检查...
       if [ -f "dat-$NewDatVer.tar" ]; then
               echo "  Extracting dat-$NewDatVer.tar..."
               echo ""
               tar xvf "dat-$NewDatVer.tar"
               # 判断是否解压缩成功
               if [ $? -gt 0 ]; then
                       # 如果失败，则删除掉刚下载的新病毒库
                       echo ""
                       echo "**        Sorry, the downloaded file, dat-$NewDatVer.tar, is broken. restoring..."
                       echo "**        Removing dat-$NewDatVer.tar..."
                       rm "dat-$NewDatVer.tar"
                       echo "**        Restoring old dat-$OldDatVer.tar..."
                       echo ""
                       # 还原旧的病毒库
                       tar xvf "dat-$OldDatVer.tar"
                       if [ $? -gt 0 ]; then
                               # 无法还原旧的病毒库...
                               echo "**        Sorry, an error occured when restoring old dat-$OldDatVer.tar."
                               echo "**"
                               echo "**        YOU SHOULD FIX IT MANUALLY!!!"
                       fi
               else
                       # 成功了，将 update.ini 备份下来                        
      echo ""
                       echo "  Rename update.ini to update.ini.old..."
                       mv update.ini update.ini.old
                       # 根据你的喜好，删除掉旧的病毒库
                       if [ -f "dat-$OldDatVer.tar" -a $RemoveOldData = 'yes' ]; then
                               echo "  Removing dat-$OldDatVer.tar..."
                               rm "dat-$OldDatVer.tar"
                       fi
               fi

               # 显示 uvscan 及 Virus Data 的相关信息
               echo ""
               uvscan --version
               echo ""
       fi
fi

echo ""
echo "The update is finished."
echo ""


＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

更改 uvscan-update.sh 的属性为可执行：

# chmod 755 uvscan-update.sh

那接下来，就可以执行这个病毒库升级脚本了。。。。