Category Archives: Work

Install AnsavAnti Virus in Ubuntu Server

Playing around with anti virus lead me to ansav, a free anti virus that convince me to give it a chance for our linux server.

Installation process is simple as 123 :

1. Download core engine and update from here.

2. Install ansav.

dpkg -i ansav-linux-i386.deb

3. Move latest update to /etc/ansav

mv dbs.anv /etc/ansav/

4. Checking if it work

# ansav

—————————————————————
ANSAV 2.0.11  beta-3 (Linux.2.6.28-11-server)
updated: 16.05.2009
total: 1329 signatures inside
—————————————————————

for more command use –help

# ansav –help

—————————————————————
ANSAV 2.0.11  beta-3 (Linux.2.6.28-11-server)
updated: 16.05.2009
total: 1329 signatures inside
—————————————————————

USAGE:
ansav [options] [path]

OPTIONS:
-v   verbose mode.
-w   show malware list from database
show also list from external (dbs.anv) if exists.
-f   enable auto fix for every detected threat.
-d   enable auto deletion for every detected threat.
if -f and -d specified auto deletion will be used
for unfixable threat. This rule not affected for suspected object
or you can force delete use `–force-kill` instead.
-r   scan recursively.
-p   format output to pipeline friendly.

EXAMPLE:

ansav -vf /mnt/f

scan and fix every detected threat in directory /mnt/f.

ansav -vfd /mnt/f

scan and fix every detected threat in directory /mnt/f
and delete threat if fix fail.

Need to test it against local virus.

Detect conflicker in our LAN

Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free :-)

Detect from Windows machine :

Download detector from Florian Roth, click here.

Save and extract to any folder, I choose C.

Make sure to run it from comman line :

C:\scs2-win32>scs2.exe 172.88.1.95  172.88.1.100

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth

[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
Done

Detect from Linux machine ( I use Ubuntu 9.04 server) :

# apt-get install python-impacket

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip

# cd scs2

# ./scs2.py 172.88.1.1 172.88.1.50

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[UNKNOWN]  172.88.1.10: No response from port 445/tcp.
[UNKNOWN]  172.88.1.14: No response from port 445/tcp.
[UNKNOWN]  172.88.1.8: No response from port 445/tcp.
[UNKNOWN]  172.88.1.5: No response from port 445/tcp.
[UNKNOWN]  172.88.1.9: No response from port 445/tcp.
[CLEAN]    172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.50: No response from port 445/tcp.[CLEAN]    172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.

[CLEAN]    172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[CLEAN]    172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.1: No response from port 445/tcp.
[UNKNOWN]  172.88.1.4: No response from port 445/tcp.
[UNKNOWN]  172.88.1.6: No response from port 445/tcp.
[UNKNOWN]  172.88.1.7: No response from port 445/tcp.
[UNKNOWN]  172.88.1.11: No response from port 445/tcp.
[UNKNOWN]  172.88.1.12: No response from port 445/tcp.
[UNKNOWN]  172.88.1.13: No response from port 445/tcp.
[UNKNOWN]  172.88.1.16: No response from port 445/tcp.
[UNKNOWN]  172.88.1.17: No response from port 445/tcp.
[UNKNOWN]  172.88.1.18: No response from port 445/tcp.
[UNKNOWN]  172.88.1.19: No response from port 445/tcp.
[UNKNOWN]  172.88.1.20: No response from port 445/tcp.
[UNKNOWN]  172.88.1.21: No response from port 445/tcp.
[UNKNOWN]  172.88.1.26: No response from port 445/tcp.
[UNKNOWN]  172.88.1.30: No response from port 445/tcp.
[UNKNOWN]  172.88.1.31: No response from port 445/tcp.
[UNKNOWN]  172.88.1.32: No response from port 445/tcp.
[UNKNOWN]  172.88.1.33: No response from port 445/tcp.
[UNKNOWN]  172.88.1.35: No response from port 445/tcp.
[UNKNOWN]  172.88.1.36: No response from port 445/tcp.
[UNKNOWN]  172.88.1.37: No response from port 445/tcp.
[UNKNOWN]  172.88.1.39: No response from port 445/tcp.
[UNKNOWN]  172.88.1.40: No response from port 445/tcp.
[UNKNOWN]  172.88.1.41: No response from port 445/tcp.
[UNKNOWN]  172.88.1.44: No response from port 445/tcp.
[UNKNOWN]  172.88.1.45: No response from port 445/tcp.
[UNKNOWN]  172.88.1.46: No response from port 445/tcp.
[UNKNOWN]  172.88.1.49: No response from port 445/tcp.

Detect using FreeBSD machine :

# cd /usr/ports/net/py-impacket && make install

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip &&  cd scs2

# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[CLEAN]    172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[UNKNOWN]  172.88.1.92: No response from port 445/tcp.
[UNKNOWN]  172.88.1.91: No response from port 445/tcp.
[UNKNOWN]  172.88.1.93: No response from port 445/tcp.
[UNKNOWN]  172.88.1.94: No response from port 445/tcp.
[UNKNOWN]  172.88.1.95: No response from port 445/tcp.
[UNKNOWN]  172.88.1.97: No response from port 445/tcp.
[UNKNOWN]  172.88.1.98: No response from port 445/tcp.
[UNKNOWN]  172.88.1.99: No response from port 445/tcp.
Done
#

Time to patch those infected machine.

Install OpenNMS on FreeBSD

Download

# cd /usr/ports/net-mgmt
# wget -c http://www.geeklan.co.uk/files/opennms/opennms-164-freebsd-port.tgz

–2009-05-15 03:17:40–  http://www.geeklan.co.uk/files/opennms/opennms-164-freebsd-port.tgz
Resolving www.geeklan.co.uk… 93.97.185.103
Connecting to www.geeklan.co.uk|93.97.185.103|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 15093 (15K) [application/x-tar]
Saving to: `opennms-164-freebsd-port.tgz’

100%[=====================================================================================================>] 15,093      5.23K/s   in 2.8s

2009-05-15 03:17:45 (5.23 KB/s) – `opennms-164-freebsd-port.tgz’ saved [15093/15093]

Extract and delete

# tar xvzf opennms-164-freebsd-port.tgz && rm opennms-164-freebsd-port.tgz

x opennms/
x opennms/files/
x opennms/distinfo
x opennms/pkg-descr
x opennms/pkg-message
x opennms/pkg-plist
x opennms/Makefile
x opennms/files/opennms.in
x opennms/files/patch-maven-conf_settings.xml
x opennms/files/patch-pom.xml

Continue reading

Read chm file in opensuse

zypper camo into rescue when I need to read chm file in opensuse :

# zypper install chmsee

Reading installed packages…

The following NEW packages are going to be installed:
chmsee chmlib

Overall download size: 136.0 K. After the operation, additional 295.0 K will be used.
Continue? [YES/no]: y
Downloading package chmlib-0.39-101.9.i586 (1/2), 30.0 K (65.0 K unpacked)
Downloading: chmlib-0.39-101.9.i586.rpm [done (2.8 K/s)]
Installing: chmlib-0.39-101.9 [done]
Downloading package chmsee-1.0.1-1.13.i586 (2/2), 106.0 K (230.0 K unpacked)
Downloading: chmsee-1.0.1-1.13.i586.rpm [done (2.2 K/s)]
Installing: chmsee-1.0.1-1.13 [done]

chmsee, ready to serve me :-)