If you have a working vbscan (
VirusBuster Scanner), and you want to make it faster and smarter, you can change the engine it uses. For example if your platform is Linux x86-64, you can steal the version 4.4.5 engine from the vbms-1.60.1-9-linux-amd64.tgz package. You should also replace vdbxdiff and tweak vdbupdate.sh like this:
--- old/vdbupdate.sh 2007-03-01 12:04:05.000000000 +0100
+++ vdbupdate.sh 2008-03-27 00:33:06.000000000 +0100
@@ -19,7 +19,7 @@
VDBDIR=$LIBDIR/vdb
TMPDIR="/tmp/vdbupdate/"
WGETOPT="-q -o wget.log"
-XMLFILE="vdb9.xml"
+XMLFILE="vdb.xml"
# usage: display help and exit
@@ -145,14 +145,13 @@
mkdir -p $TMPVDB
for line in `$VDBXDIFF -s^ -d $HOST/$ROOT/ $VDBDIR/$XMLFILE $RMTXML`; do
- rvdb=`echo "$line" | sed -ne's,^[+-]\^\(.*\)\^.*,\1,p'`
+ rvdb=`echo "$line" | sed -ne's,^[+-]\^\(.*\)\^.*\^.*,\1,p'`
md5s=`echo "$line" | sed -ne's,^+\^.*\^\(.*\)$,\1,p'`
case $line in
+*) # download VDB
lvdb=$TMPVDB/`basename $rvdb`
- download "virus database" $rvdb -O "$lvdb"
+ download `basename $rvdb` $rvdb -O "$lvdb"
TMPVDBS="$TMPVDBS $lvdb"
- md5check $lvdb $md5s
;;
-*) # delete obsolete local VDB
OLDVDBS="$OLDVDBS $rvdb"
I'm assuming that downloaded files have the correct hash, so I removed the check. The final thing you should do is inserting "vdb=vdb/vdb.xml" into vbscan.ini, so the database will be found by the scanner.
Note that vbscan 1.3.4 doesn't fully support 4.4 and newer engines. One thing that comes to my mind that it reports killable malware as non-killable.
Update: vbscan 1.4.3 with engine 4.5.11 is available for the most common platforms.
