ubuntu 18.4LTS 安装12.1.6赛门铁克防病毒系统

创建/tools/ 文件夹，并将需要的软件包上传到该目录下

# mkdir -p /tools/ && cd /tools/

# tar -xzvf chang.tar.gz

# cd chang/

1、安装jre

# mkdir -p /usr/java/

# tar -xzvf jre-8u261-linux-x64.tar.gz -C /usr/java/

# chown -R root.root /usr/java/

# cat >> /etc/Symantec.conf << EOF

[Symantec Shared]

BaseDir=/opt/Symantec

JAVA_HOME=/usr/java/jre1.8.0_261/bin

EOF

jre下载地址：https://www.oracle.com/java/technologies/javase-server-jre8-downloads.html

2、复制jce

# apt install unzip

# unzip jce_policy-8.zip -d jce_policy

# cp -av jce_policy/UnlimitedJCEPolicyJDK8/* /usr/java/jre1.8.0_261/lib/security/

jce下载地址：https://www.oracle.com/java/technologies/javase-jce8-downloads.html

3、安装依赖包

# apt-get update

# dpkg --add-architecture i386

# apt-get install libc6:i386 libx11-6:i386 libncurses5:i386 libstdc++6:i386 -y

# apt-get install lib32ncurses5 lib32z1 -y

# apt-get install sharutils -y

# apt-get install ncompress -y

# apt-get install linux-headers-$(uname -r) build-essential -y

4、安装

# unzip SEP-deb.zip

# chmod 777 SEP-deb/install.sh

# SEP-deb/install.sh -i

Starting to install Symantec Endpoint Protection for Linux

Performing pre-check...

dpkg-query: no packages found matching unity

Pre-check succeeded

dpkg-query: no packages found matching unity

Begin installing virus protection component

Selecting previously unselected package sav.

(Reading database ... 144383 files and directories currently installed.)

Preparing to unpack .../SEP-deb/./Repository/sep.deb ...

Performing pre-check...

Pre-check is successful

Unpacking sav (12.1.6867-6400) ...

Setting up sav (12.1.6867-6400) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-21) ...

Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Virus protection component installed successfully

Begin installing Auto-Protect component

Selecting previously unselected package savap.

(Reading database ... 144442 files and directories currently installed.)

Preparing to unpack ..././Repository/sepap-x64.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savap (12.1.6867-6400) ...

Setting up savap (12.1.6867-6400) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-21) ...

Auto-Protect component installed successfully

Begin installing GUI component

Selecting previously unselected package savui.

(Reading database ... 144465 files and directories currently installed.)

Preparing to unpack .../SEP-deb/./Repository/sepui.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savui (12.1.6867-6400) ...

Setting up savui (12.1.6867-6400) ...

Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Processing triggers for mime-support (3.60ubuntu1) ...

GUI component installed successfully

Begin installing LiveUpdate component

Selecting previously unselected package savjlu.

(Reading database ... 144472 files and directories currently installed.)

Preparing to unpack ..././Repository/sepjlu.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savjlu (12.1.6867-6400) ...

Setting up savjlu (12.1.6867-6400) ...

LiveUpdate component installed successfully

Begin installing legacy Auto-Protect component

Legacy Auto-Protect component installed successfully

Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code

Build Auto-Protect kernel modules from source code successfully

Installation completed

=============================================================

Daemon status:

symcfgd [running]

rtvscand [running]

smcd [running]

=============================================================

Drivers loaded:

symap_custom_4_15_0_76_generic_x86_64

symev_custom_4_15_0_76_generic_x86_64

=============================================================

Auto-Protect starting

Protection status:

Definition: Waiting for update.

AP: Malfunctioning

=============================================================

The log files for installation of Symantec Endpoint Protection for Linux are under ~/:

sepfl-install.log

sep-install.log

sepap-install.log

sepap-legacy-install.log

sepui-install.log

sepjlu-install.log

sepfl-kbuild.log

5、让AP变成Enabled状态，需要的三个条件：

（1）symev和symap两个驱动被正确加载到内核里

# lsmod | grep -E "symev|symap"

symap_custom_4_15_0_76_generic_x86_64 49152 28

symev_custom_4_15_0_76_generic_x86_64 90112 2 symap_custom_4_15_0_76_generic_x86_64

（2）当前的SEP已经成功加载了一份病毒定义（无论新旧）

下载地址：

https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep

例如：

# wget https://definitions.symantec.com/defs/20200813-002-core15unix.sh

# chmod 777 20200813-002-core15unix.sh

# ./20200813-002-core15unix.sh

（3）rtvscand等SEP相关服务已经正常启动

/etc/init.d/symcfgd status

/etc/init.d/rtvscand status

/etc/init.d/smcd status

/etc/init.d/autoprotect status

# 启动服务命令

/etc/init.d/symcfgd start

/etc/init.d/rtvscand start

/etc/init.d/smcd start

/etc/init.d/autoprotect start

# 关闭服务命令

/etc/init.d/autoprotect stop

/etc/init.d/smcd stop

/etc/init.d/rtvscand stop

/etc/init.d/symcfgd stop

6、将服务加入开机自启动

systemctl enable symcfgd

systemctl enable rtvscand

systemctl enable smcd

systemctl enable autoprotect

7、其它命令

# 查看帮助信息

# /opt/Symantec/symantec_antivirus/sav -h

# 查看产品版本

# /opt/Symantec/symantec_antivirus/sav info -p

12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400)

# 开启自动防护

# /opt/Symantec/symantec_antivirus/sav autoprotect -e

# 关闭自动防护

# /opt/Symantec/symantec_antivirus/sav autoprotect -d

#查看auto-protect是否enable

/opt/Symantec/symantec_antivirus/sav info -a

Enabled

# 查看病毒定义是否升级

# /opt/Symantec/symantec_antivirus/sav info -d

08/13/2020 rev. 2

# 查看扫描信息

# /opt/Symantec/symantec_antivirus/sav info -s

General Status: Done

Manual Scan: Done

每日调度扫描: Never run

# 查看扫描日志

# cat /var/symantec/Logs/AVMan.log

# cat /var/symantec/Logs/AVMan.log

00080000 00080000 00000003 00000002 00000002 0000001e

000000fa 01d6719baf89e92a 01d6719bad937500 01d6719bad937500 00000001 32070D120032,3,2,0,NAS,root,,,,,,,16777216,"Scan s

tarted on all drives and all extensions.",1597341652,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,00000126 01d6719c02f69112 01d6719c0236f000 01d6719c0236f000 00000001 32070D12030C,2,2,0,NAS,root,,,,,,,16777216,"Scan C

omplete: Threats: 0 Scanned: 0 Files/Folders/Drives Omitted: 314541",1597341652,,0,0:0:0:314541,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,0000010f 01d671a600cc8248 01d671a360b39c80 01d671a360b39c80 00000001 32070D123739,5,1,2,NAS,root,EICAR Test String,/too

ls/eicar.com,5,1,1,256,33574980,"",0,,0,,994050048,11101,0,0,0,,,,20200813.002,208156,0,,0,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,0,

# eicar.com 是从 https://www.eicar.org/?page_id=3950 网站上下载的测试病毒，放入Linux中后被拦截。

参考文章：

https://blog.csdn.net/gdlwx/article/details/106709181

https://545c.com/dir/17401394-28826326-bf937e