Last update 17-Feb-2008

MBSE BBS Setup - virus scanners

Once upon a time there was no DOS and no computer virusses. But since DOS was invented as a small OS which was easily extensible, virus writers saw their chance to easy spread their hacks. Although running a GNU/Linux system is relative safe, most of the files that you have available on your bbs are DOS/Windows based programs. And before you put them available for download, they should be checked for virusses. Macro virusses are a relative new danger, this can also hurt Unix/Linux users.

There are several scanners for GNU/Linux available. Default only four of them are setup. You may consult for more scanners mentioned in a mini-FAQ maintained by Rainer Link.

When you configured the sources and build mbse, the configure script searched for excisting scanners. When mbsetup was run the first time, when mbtask was started, the scanners found on your system are already configured with the right paths and enabled.

The following scanners are default installed in the setup:

As soon as you have made one scanner available in the setup and you receive files in tic areas where the scan flag is set, then these files will be checked. As soon as one of the scanners detects a virus the received file will not be imported. Uploads from users will be checked with the installed virus scanners as well.


Stream scanners

A new feature is stream scanning. In this setup you need a virus scanner loaded as a daemon and it must listen to a TCP/IP port to receive commands and data to scan. Currently this is only implemented for ClamAV, but F-Prot may follow. First you need a machine where clamd is running, this can be a remote machine but of course also the bbs machine itself. ClamAV needs to be configured so that it listens to a TCP/IP port, and depending on other things on the local socket too. Recent versions of ClamAV can do both together. Change your /etc/clamav/clamd.conf to contain the following lines:

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd

# Remove stale socket after unclean shutdown.
# Default: no
#FixStaleSocket yes

# TCP port address.
# Default: no
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
I left the comment for the TCPaddr, but it's up to you to protect the clamd server. After you restart clamd test the connection with telnet host.where.clamd.runs 3310, type VERSION followed by a return and you should see the ClamAV version. If that works, you can enable the ClamAV stream scanner in mbsetup and disable the old commandline scanner.
So why would you use this. It's about 10 times faster then the commandline scanner.

BackBack to index  HomeBack to main index