The team hit a major milestone last week: technology preview of F-Secure Mac Protection.

The team is now called ”Mac & Linux team” and we’re taking care of all F-Secure Linux software and also the new Mac software. Mac OS X is, after all, a UNIX system under the pretty user interface.

We are considering whether we should post also Mac-related articles here on the Linux blog or not. We love Linux as much as we love the Mac, but maybe our readers are only interested in one or other. Please tell us what you think by email to

Last month we released a beta of Internet Gatekeeper for Linux. Now it has reached maturity and we’re announcing its general availability. Internet Gatekeeper is a stable multi-purpose virus scanning proxy that supports the FTP, SMTP, POP3 and HTTP protocols. As mentioned before, the Internet Gatekeeper now builds upon the same foundation as our product Linux Security, enabling us to provide fast and effective updates. IGK supports several modes of operation, including acting as a transparent proxy, a reverse proxy scanning incoming files in HTTP PUT or POST request, as well as chaining with other proxy software such as Squid.

Please download your free 30-day trial from our main website. Check our support pages if you have any problems, and in particular, try searching our Knowledge Base articles.

We are now releasing a new beta version of our Internet Gatekeeper for Linux. This version contains several architectural improvements and utilizes the same core components as our Linux Security 7 product. More information can be found in the release notes and manual within the product package.

Without further ado - please download and give it a spin on your test box :). And, as always, do drop us a note about your experiences with the beta!

Product package:
f-secure-internet-gatekeeper-for-linux-3.02.1164-beta.tgz (MD5, SHA1)

A new version of Linux Security 7 is available. Please find the product package here:

f-secure-linux-security-7.02.73807.tgz (MD5, SHA1)

This release contains several bug fixes. For example, scanning speed for certain types of archive files has been improved, and the automated command-line-only installation now works properly. Have a look at the release notes for a more in-depth view of what has changed.

Please note that from now on, the product manual will be available for downloading separately, which makes it easier for us to keep it up to date. You can find it on the F-Secure Product Manuals web page, as well as here.

We recently made a small new feature for the Rescue CD. One of our customers had problems with a system file that was renamed by our virus scanner, but the detection was actually a false positive. Problem was of course promptly fixed in anti-virus databases, but since the system file was renamed, the machines in question failed to boot. To help this customer we implemented a new feature for Rescue CD that allows the user to run repair scripts from a USB stick when booting with the Rescue CD. Since this feature might be useful in some other situations too, we decided to make a new public release. Here are instructions on how to use the feature:

1. Copy the script (repair_script.sh) onto a USB stick, in a folder called fsecure/rescuecd (for example, in Windows this might be E:\fsecure\rescuecd\repair_script.sh). The script must be called repair_script.sh, and if the script is from F-Secure, it should have an accompanying gpg signature file (repair_script.sh.sig) which should also be copied to the same folder.

2. Insert the USB stick in the broken computer and boot the computer using Rescue CD 3.01.

3. When Rescue CD asks which partitions to scan, there is now a new option to run the repair script. Select that, and which partitions you want to run the script on, and continue.

4. If the script is not from F-Secure or the gpg signature is not correct, the script will still be shown, but Rescue CD will display a warning and ask if you still want to run the script.

5. After the script has ran, the results will be displayed and you have the option to continue with a file system scan or reboot the computer.

Please note that this version only supports running the repair script before the actual virus scan. So if you must run a repair script after a virus scan, you should first boot and scan the computer, and then insert the USB stick containing the repair script and reboot with Rescue CD.

The new version can be downloaded here.

checksums for f-secure-rescue-cd-release-3.01-14505.zip:
md5sum: 5c2b86cdb11f9d1cade3243818afb7ca
sha1sum: 8eb21784e780222c1823c09d9e21ac577888ba4c

It seems that some people have experienced problems with Rescue CD not mounting NTFS partitions for scanning.

If you encounter a display that looks like this It means that the partition was not mounted for some reason. In this case only one partition - hda1, but it could be multiple partitions. If mounting failed because the NTFS partition was marked dirty (windows had not been properly shutdown), there are ways to try and fix this.

The Best solution in this case is to detach the network cable or disable wireless and boot the Windows preferably into safe mode by removing the CD and pressing F8 in boot sequence and selecting “Safe Mode”. After Windows has booted, select shutdown. After machine has turned itself off, attach/enable network and boot into Rescue CD.

However, if your computer is so badly infected that booting to Windows will not work or it gets hung up till infinity and beyond, you might be able to mount the problematic partitions for scanning with following procedure.

Press Alt-F2 and into command prompt type
root!tty2:/# grep scan /tmp/mount_error_details.txt

You should get the commands that you can try to use for mounting dirty NTFS partitions.
ie.
mount -t ntfs-3g /dev/hda1 /mnt/scan/hda1 -oforce
mount -t ntfs-3g /dev/hda5 /mnt/scan/hda5 -oforce

With the df command you can verify if the mount succeeded and also check the partition information (how big it is and how much of it is used/free)

After you have verified that the partition you wish to scan is mounted, press Alt-F1 and press
enter to verify next and continue with scanning process.

The workaround is a bit complicated, I know. We will try to fix the issue in the next version of Rescue CD.

We released F-Secure Rescue CD 3.00 beta two weeks ago. After one more development sprint, here’s the actual release of F-Secure Rescue CD 3.00 for you!

Rescue CD scans the computer and renames all files containing malware to .virus file extension.

• Rescue CD will by default scan:
  • all hard drives in the computer
  • all USB drives attached to the computer
  • Windows FAT and NTFS drives
• Virus definition databases are updated automatically if the computer has an internet connection
• Virus definition databases can be updated manually by using a USB drive
• The Rescue CD Guide (pdf) has step by step instructions how to use the CD

Rescue CD is localized to English only.

The release package including an ISO image, the manual and release notes can be downloaded here. See the release notes for more information. Feel free to send us feedback!

details of f-secure-rescue-cd-3.00-release.zip:
size: 153MB
md5sum: ed690b558493c3096bb666ea19749316
sha1sum: 71017c8325e90aaf19f8d2cb2f235519239384c2

The next version of F-Secure Rescue CD is going to see the daylight in few weeks. And here comes a feature complete beta for you to try. The big changes compared to 2.00 include a proper manual for the product, ability to update databases manually with a USB stick, better hardware support (Knoppix version 5.3.1), upgraded NTFS driver (NTFS-3G 1.2506) and the ability to detect MBR viruses.

The beta package including an ISO image, the manual and release notes can be downloaded here. See the release notes for more information. Keep the feedback flowing!

details of f-secure-rescue-cd-3.00-beta.zip:
size: 151MB
md5sum: 8a66ca08ccdcb4759fae6bc9ce1818df
sha1sum: abdec0cd567880170c6e5fea2c780c549d82730a

Linux Security 7.01 has now been released, addressing the issue we blogged about last week. We urge all users to upgrade, even if you are using the Server Edition keycode. To prevent users from accidentally installing the old version, we have changed all keycodes - please contact your reseller to get the new 7.01 keycodes.

As the problem only occurred in certain circumstances, we have only received very few reports from customers that their systems have been affected. It was after investigating the first customer report that we decided to recall the product to minimize the potential impact on other customers. We would still like to hear from you if you think you have been affected - you can find our email address in the footer of the page.

With this version, we have also included Ubuntu 8.04 LTS as an officially supported platform.

You can download Linux Security 7.01 here, and please read the release notes:

• 32-bit package: f-secure-linux-security-7.01.72011.tgz (MD5, SHA1)
• 64-bit (x86_64) package: f-secure-linux-security-64bit-7.01.72011.tgz (MD5, SHA1)

We have discovered that the Linux Security 7.00 that we released just three weeks and a few days ago, contains a very serious bug that can have severe consequences for customer systems. The short version is: if you have installed Linux Security 7.00 and you are using the Client Edition keycode, please uninstall immediately to prevent further damage to your system. Below I have included the official recall notification sent to our maintenance notification mailing list and partners.

How could this happen? There really is no excuse to let this kind of things pass our testing. We have often boldly and proudly talked about our extensive testing and validation processes - and yet we failed to catch this bug. There were a number of things that went wrong, each of which should have caught this mistake. We do code reviews, automatic tests, manual validation, etcetera, and still at each of those steps human error made this possible. While researching this issue, most of our mistakes became very apparent to us, and steps have already been taken to prevent this and similar things from happening in the future, but we will still need to carefully examine this situation to figure out every possible way to fix our tools, processes and mindsets.

Here is the recall notification:

RELEASE RECALL

A serious issue has been discovered in the newly released F-Secure Linux
Security 7.00. The flaw only affects installations using the Client
Edition keycode. When triggered, the bug will cause serious data loss
and possibly render the system unusable by removing the entire /var
directory hierarchy. In other cases, random sub-directories of /var can
be silently deleted from the system. Installations using the Server
Edition keycode or running in evaluation mode are not affected.

To recover, the user must restore the /var directory from a backup.

F-Secure is urging all users of F-Secure Linux Security 7.00 Client
Edition to not make new installations and immediately uninstall it from
all systems to prevent further damage.

To check if your system is affected, run:

  grep “Device or resource busy” /var/opt/f-secure/fssp/dbupdate.log

If the command returns one or more rows, there is a high probability
that parts of your /var directory structure has been deleted and must be
restored from a backup.

F-Secure will release F-Secure Linux Security 7.01 within a few days,
that will fix this issue. A new notification will be posted when this
new version is available.