Scanning from Linux?

Discussion in 'other anti-virus software' started by KERANO, Jan 8, 2005.

Thread Status:
Not open for further replies.
  1. KERANO

    KERANO Guest

    Can I use Linux and than connect harddrive with Windows and scan it for viruses from Linux?

    If so is there any Linux FREE AV tool that would do that?

    This could be fast way to remove viruses prior to Windows repair..


    THanks
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    It can be done. But it depends on what you need.

    It looks like you want a real time linux scanner on your windows desktop system? I don't know if that is feasible. That would require two operating systems to 'own' the file system at the same time.

    Easiest way to scan a windows system, without using the infected windows system itself, is to use a live cd: boot from the linux cd and have it scan your harddisk partitions. The scanner will first update the signatures from the internet, so an older version of the cd is no big problem. Get the bitdefender live cd to do it. You do not need to download any other software or tools, it's a complete solution.

    If you need full time prevention: get a linux router/gateway/firewall to intercept attacks. Mail scanning is very easy. Use the linux server as a mailserver and install the spamassassin/clamav anti-spam and anti-virus functions. This is very effective (on my system only the plexus mail virus goes undetected, but my windows scanner gets it).
    Content inspection on web traffic (to catch http trojans and so on) is a bit more difficult. It requires a http proxy on linux (defaul squid is used) and a proxyfilter that knows how to interact with clamav. The dansguardian proxy filter seems to be able to do just that. I have no experience with this realtime content inspection, as I use the squidguard proxy filer.

    My setup: SME server with the clamav/spamassassin combo (nice howto and antivirus install script)

    Other solutions: astaro (.com), censornet (.com) and of course lots of other distro's.
     
  3. FanJ

    FanJ Guest

    Hi André,

    I have a question for you:
    I think I saw a Knoppix CD on one of the last C'T Magazine (Dutch/German) issues that gives you the possibility to scan on-demand from it. If I remember me well it was called something like KnoppixCilin and it used KAV, but I'm not quite sure of that.
    Do you have any experience with that one?

    Thanks ;)
    Cheers/groetjes,
    Jan.
     
  4. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    There was one with the Dutch C'T in the december issue. Haven't used this one but used an older one some time ago, worked ok.

    Gerard
     
  5. FanJ

    FanJ Guest

    Thanks Gerard :D

    Cheers/groetjes,
    Jan
     
  6. FanJ

    FanJ Guest

    Hmm,

    Pure theoretically spoken:
    Can give you such an AV-scan from a Linux-CD 100 % certainty?
    Well, of course I know that there is no such thing as 100 % certainty.
    But I was thinking of this -pure theoretical- problem:
    The AV engine is on the CD.
    The database is, I guess, on your harddisk.
    Now what if you got already some malware on your system that cripples that AV-database (the AV definitions) ;)
     
  7. KERANO

    KERANO Guest

    menner,

    I do PC repairs from time to time and I wanted to run AV on linux system, connect harddisk from windows system to this machine and scan&clean it from linux.

    This Bitdefender thing is amazing!

    It is KNOPPIX bootabile CD with installed BitDefender antivirus! It automatically detect your new hard disk and give you option to browse that Win partition from desktop.

    All you have to do is to run Bitdefender update and ran a scan!

    It can read&write and NTFS partitions.

    This is better than I was looking for!

    This kind of CD with Kaspersky AV would be amazing too! Anyway BitDefender offer and 24/7 chat support and for this version of product! Gitdefender also have good detection rate!


    Thanks menner!
     
  8. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Not quite... when running a live cd, the whole linux is run from a ram disk. So the (updated) sigs are in linux memory. The are unvulnerable to windows crap and they are updated by the linux system.
     
  9. FanJ

    FanJ Guest

    Thanks André for your reply and for correcting me !!!

    Warm regards,
    Groetjes, Jan.
     
  10. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Haaa, finally succeeded in correcting someone :D

    btw... besides being a great virus cure, linux is very good for doing your regular office and wilderssecurity stuff as well :cool:
     
  11. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Have BitDefender installed on my SuSE Linux drive, and can scan my Windows drive with it. Works great!

    ;)
     
Loading...
Thread Status:
Not open for further replies.