Supported Malware tools and their configurations
Table: Malware supported tools and their configurations.
|
Malware tool name
|
Platform
|
Configuration steps
|
|---|
|
NetBackup Malware Scanner
Malware tool signature gets updated before scan every. |
Windows
|
Download NetBackup Malware Scanner from Veritas Download Center Extract the downloaded zip files. Extracted files must have the following structure: NBAntiMalwareClient
Client_version number
Readme.txt
NBAntiMalwareClient_
version number_AMD64
savapi-sdk-win64.zip
setup.bat
cleanup.batRead Readme.txt file for the install, upgrade, or the uninstall processes. To install or uninstall NetBackup Malware scanner on windows computer: If there is an existing setup.sh/setup.bat NetBackup Malware scanner over writes the files. In case you want to uninstall NetBackup Malware scanner from windows computer. An optional setting can be used to increase number of threads in scanning. Update the aviraconf.txt file. Add the following entry: NumThreads = Number of threads for the scanning, where the default value is number of CPU cores. If number of CPUs on scan host are less than 16, then number of threads would default to the number of CPUs and if they are greater than 16, then the number of threads would default to 16 threads. If NumThreads is configured, then threads would be triggered depending on the value set regardless of the number of CPUs on the scan host (Min value: 1 and max value: 300). To validate if scanning is working with the NetBackup Malware Scanner on Windows setup, follow the below steps. Configuration file should be already present in NetBackup Malware Scanner Installed path.
Example command - avira_lib_dir_scan.exe "c:\malwarescample" -log_path "C:\NBMalwareScanner.log" -conf_path "C:\NBMalwareScannerInstallPath\savapi-sdk-win64\bin\aviraconf.txt Make sure above command result in success.
If you have some sample malware file, then output should be list infected files otherwise output will be empty. An optional settings environment variable MALWARE_LOG to increase logging level.
Example
MALWARE_LOG=2
for setting logging level to warning. For example, Log level 0 DEBUG
1 INFO
2 WARNING
3 ALERT 4 ERROR
|
|
Linux
|
Download NetBackup Malware Scanner from Veritas Download Center Extract the downloaded zip file. Files must contain the following structure; NBAntiMalwareClient
Client_
version number
_LinuxR_x86
savapi-sdk-linux64.zip
setup.sh
cleanup.sh
NBAntiMalwareClient_
version number
_LinuxS_x86 -> NBAntiMalwareClient
_version number
_LinuxR_x86
savapi-sdk-linux64.zip
setup.sh
cleanup.shsetup.sh modifies bashrc on Linux.
Read the Readme.txt file for the install, upgrade, or the uninstall processes. To install or uninstall NetBackup Malware Scanner on Linux RHEL computer. Go to the NBAntiMalwareClient_ version number_LinuxR_x86 folder and run setup.sh
Enter the target location to install the NetBackup Malware Scanner.
To install or upgrade NetBackup Malware Scanner on Linux SUSE computer: In case you want to uninstall NetBackup Malware Scanner from Linux computer. For validate scanning is working with the NetBackup Malware Scanner on Linux setup follow below steps. Run ./update.sh to get the latest signature update. Go to NetBackup Malware Scanner installed path.
Run avira_lib_dir_scan binary it required scan path and conf_path compulsory parameters.
Configuration file should be already there in NetBackup Malware Scanner Installed path.
Example command - avira_lib_dir_scan "/root/malwareSample" -log_path "/root/NBMalwareScanner.log" -conf_path "/root/NBMalwareScannerInstalledPath/savapi-sdk-linux64/bin/aviraconf.txt
If you have some sample malware file, then output should be list infected files otherwise output will be empty.
|
|
Symantec Protection Engine
|
Windows
|
Set Command-line executable path in PATH environment variable. For example: C:\Program Files
\Symantec\Scan Engine\
CmdLineScanner\C Run command on cmd ssecls -mode scan -scantype S C:\ and check the result is proper. For the license error, apply the updated licenses. Optional setting environment variable SCAN_FILE_BUCKET_SIZE For example: SCAN_FILE_BUCKET_SIZE
= 40
If SCAN_FILE_BUCKET_SIZE not set
then default SCAN_FILE_BUCKET_
SIZE is 20.
Scanner CLI ssecls support multiple files to be scanned at a time which are specified on command line. SCAN_FILE_BUCKET_SIZE environment variable can be set to change the default which is 20. |
|
Linux
|
Set executable path to LD_LIBRARY_PATH and path in
bashrc file.
For example: LD_LIBRARY_PATH=
$LD_LIBRARY_PATH:/opt/SYMCScan/
ssecls/C:/root/clientserver-2.10.97.234/bin Run command on cmd ssecls -mode scan -scantype F / and check the result is proper. For license error, apply the updated licenses. Optional setting environment variable SCAN_FILE_BUCKET_SIZE For example: SCAN_FILE_BUCKET_SIZE
= 40
If SCAN_FILE_BUCKET_SIZE not set
then default SCAN_FILE_BUCKET_
SIZE is 20.
|
|
Microsoft Defender Antivirus
|
Windows
|
Set executable path in PATH environment variable. For example: C:\Program Files\
Windows Defender Run command in command prompt MpCmdRun -Scan -ScanType 3 -DisableRemediation -File <filepath> check if result is proper
For example: C:\Program
Files\Windows Defender>
MpCmdRun -Scan -ScanType 3
-DisableRemediation -File
"C:\Program Files\Windows
Defender"
Scan starting...
Scan finished.
Scanning C:\Program Files
\Windows Defender found no
threats.
|
