TDS and Linux

Discussion in 'Trojan Defence Suite' started by Pieter_Arntz, Apr 24, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    If this is in the help files point my weary eyes in the right direction. ;)When doing a full scan yesterday I happened to notice TDS-3 scanning my CD-ROM drive, that had a Knoppix CD in it.
    My question is: is TDS-3 capable of detecting (and removing) malicious files in Linux and if so, how do I get it to scan my Linux partition?

    Regards,

    Pieter
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    TDS3 can only be run from Windows, you'll probably also have problems if you try to run it under WINE. As for scanning Linux partitions, no it can't do that - only NTFS and FAT, sorry!

    On a side note, Knoppix can be useful for getting around file security settings ... :)
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    OK. Just wondering, because it gave me a file count after scanning the CD.
    That is easier accomplished with a Win2k CD or booting directly to Mandrake. ;)

    Thanks Wayne,

    Pieter
     
  4. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    ok. what about linux files on fat/ntfs partitions?
    I could have a CYGWIN/POSIXSubsystem-driven linux executable on my Windows system. Can there be signatures or even heuristics for those ?
    TIA,
    Andreas
     
  5. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    Well ... this are all normal PE EXE files as far as i know. So they are scanned. ELF (the executable format of linux) are also scanned but i think TDS won't find any linux related backdoor or trojan cause it simply has no signatures for them and the heuristic is not able to handle ELF files. As far as I remember TDS detects a few DOS COM trojans. COM file format is not detectable as far as i know. So every binary file that is not bigger than 64 kb should be handled as COM file. TDS will scan the ELF files for DOS trojans. :D :D
     
Thread Status:
Not open for further replies.