Apps :: Anti-virus help
Can clamav etc. be used to diagnose / fix "windows" drives? I've always thought that would be a handy application for DSL, if a virus takes out someones windows machine, chuck in the live CD, boot up, remove the virus, and away you go... but I'm assuming these anti-virus apps would be too big for the standard iso?
I did a search recently for a bootable linux that offered this, but didn't come up with anything. Though "linux" and "virus" don't usually mix, surely that would make linux the ultimate weapon in clearing viruses off windows machines!?
I understan your point Rogue, but if Windows won't boot, it's probably due to the virus overwriting an important system file somewhere, which DSL won't be able to help you recover anyways.
DSL will start up a server that you can use to backup your hard drive to another machine or allow you to back up to CD but it doesn't really have the forensic tools to help one recover a broken windows machine.
The A/V running on Linux makes sense if the Linux box is running as a mail server, it prevents infection, but I don't really see the point in having it run as a regular userspace program because there really isn't the proliferation of virii on Linux as it exists under Windows (yet).
Recently, I have been "testing" with the F-Prot anti-virus package.
It's a small and lightweight command line scanner.
Updates are fast and also small in size, so the whole thing
fits in my backup thru the filetool.lst's "/usr/local/f-prot" entry.
In combination with the LinNeighborhood "samba.dsl" extension,
I have been using it to scan partitions on other computers
over the network, even while they are in use.
Since it would be easy to make a .dsl file out of f-prot,
you could burn the f-prot.dsl and samba.dsl files to the / of the new DSL cdrom,
and you would have a handy "pocket scanner"
that is immune to corruption or infection, short of physical disk damage.
As of today, the latest .tar.gz from f-prot contains updated virus
data thru July 8th, but the package contains a perl script to
download the latest data files from f-prot directly,
if the internet is available on the machine you are testing.
By the time you needed to upgrade the f-prot package,
it would be time to burn the latest DSL version as well.
73
ke4nt
Sounds good.
One of the major problems I have found with virus checkers under windoze is that they can't remove viruses from system files that are "in use". So to be able to boot from a CD and check / clean ALL files on a system would be very handy.
Haven't really had a chance to keep up with where DSL is for the past two months or so, so need to do some serious catching up!
Unfortunately, if you are scanning a windows computer over the network while the target computer is up and running windows you still won't be able to clean these files because they will be in-use.
However, in the worst case you could stick the hard drive into a second windows computer and boot it. Because the second windows computer will be booting from its own hard drive, it will not use the operating system files on your infected drive. The new drive should appear as D:\ or E:\ or F:\ etc and you will be able to clean any and all files that are stored there.
If the infected drives are formatted in FAT16 or FAT32 then you don't need to do all of this hard drive removal stuff. Just boot linux on the computer, mount the partition with read/write permissions and go to work.
And if you have a distro that contains Captive NTFS, AND your hard drive's filesystem driver files are NOT infected, then you could do a repair job without removing the hard drive.
Good Luck.
Next Page...
original here.