Scan Linux from Windows ?

Discussion in 'other anti-virus software' started by FastGame, Aug 23, 2006.

Thread Status:
Not open for further replies.
  1. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I know Windows AV scanners will scan my Linux partition, what I want to know is if the AV will actualy work right while doing so....unpack, detection, removal.
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Are you sure about this? You need to have ext2fs support in Windows to read the Linux filesystem.
     
  3. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    No my friend, you'll need scanners made for linux.
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    They can't do that unless they have ext2fs mounted as a readable and writable drive, which windows normally can't do. In addition, there aren't really any antiviruses made for detecting linux viruses only. They are usually used in mail servers to scan mail for windows viruses

    Cheers,

    Alphalutra1
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    There are third-party drivers for that, but I'm not sure whether the poster knew about it and had them installed or not.

    For sure.
     
  6. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Yes, thats why I said "I know Windows AV scanners will scan my Linux partition" I use This Works perfect on my ext3fs partiton. I also have NTFS read & write support in Linux.

    I ran some test, downloaded some known virurs in various Linux folders. While in Win XP I scanned my Linux drive with Avast, AntiVir, Bitdefender and MWAVSCAN. All the AV's found the virus on the Linux drive, they also quarantined (except MWAV) or deleted the virus.

    So the AV's that are for Linux, only detect windows virus ? don't they have any detection for things that might affect Linux ? If the "for Linux AV" does have detection for Linux germs, do the window AV's also include the Linux sigs ?
     
    Last edited: Aug 23, 2006
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    No, they will have signatures to detect multiple os viruses, however there are very very few viruses that currently affect *nix, thus most signatures are used to detect windows viruses. Likewise, windows antiviruses usually contain sigs for linux viruses since they are so few.

    Cheers,

    Alphalutra1
     
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Not "only", but certainly "mostly".
    There's really not much malware out there for Linux; the most common are probably rootkits, but I'm not sure how good are common AVs at detecting those. Frankly, I wouldn't count on AVs at all to detect malware on Linux. Use Tripwire: http://sourceforge.net/projects/tripwire/
     
  9. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Thanks to all :)

    I was mainly interested because even though I have read & write access in Linunx for NTFS, I wasn't able to scan the windows drive with Linux F-Prot but was able to scan Linux from my windows drive.

    TNT, thanks for the "Tripwire" :)
     
Loading...
Thread Status:
Not open for further replies.