Scanning from Linux?

Can I use Linux and than connect harddrive with Windows and scan it for viruses from Linux?

If so is there any Linux FREE AV tool that would do that?

This could be fast way to remove viruses prior to Windows repair..


THanks

 

It can be done. But it depends on what you need.

It looks like you want a real time linux scanner on your windows desktop system? I don't know if that is feasible. That would require two operating systems to 'own' the file system at the same time.

Easiest way to scan a windows system, without using the infected windows system itself, is to use a live cd: boot from the linux cd and have it scan your harddisk partitions. The scanner will first update the signatures from the internet, so an older version of the cd is no big problem. Get the bitdefender live cd to do it. You do not need to download any other software or tools, it's a complete solution.

If you need full time prevention: get a linux router/gateway/firewall to intercept attacks. Mail scanning is very easy. Use the linux server as a mailserver and install the spamassassin/clamav anti-spam and anti-virus functions. This is very effective (on my system only the plexus mail virus goes undetected, but my windows scanner gets it).
Content inspection on web traffic (to catch http trojans and so on) is a bit more difficult. It requires a http proxy on linux (defaul squid is used) and a proxyfilter that knows how to interact with clamav. The dansguardian proxy filter seems to be able to do just that. I have no experience with this realtime content inspection, as I use the squidguard proxy filer.

My setup: SME server with the clamav/spamassassin combo (nice howto and antivirus install script)

Other solutions: astaro (.com), censornet (.com) and of course lots of other distro's.

 

Hi André,

I have a question for you:
I think I saw a Knoppix CD on one of the last C'T Magazine (Dutch/German) issues that gives you the possibility to scan on-demand from it. If I remember me well it was called something like KnoppixCilin and it used KAV, but I'm not quite sure of that.
Do you have any experience with that one?

Thanks
Cheers/groetjes,
Jan.

 

Hi,

There was one with the Dutch C'T in the december issue. Haven't used this one but used an older one some time ago, worked ok.

Gerard

 

Thanks Gerard

Cheers/groetjes,
Jan

 

Hmm,

Pure theoretically spoken:
Can give you such an AV-scan from a Linux-CD 100 % certainty?
Well, of course I know that there is no such thing as 100 % certainty.
But I was thinking of this -pure theoretical- problem:
The AV engine is on the CD.
The database is, I guess, on your harddisk.
Now what if you got already some malware on your system that cripples that AV-database (the AV definitions)

 

menner,

I do PC repairs from time to time and I wanted to run AV on linux system, connect harddisk from windows system to this machine and scan&clean it from linux.

This Bitdefender thing is amazing!

It is KNOPPIX bootabile CD with installed BitDefender antivirus! It automatically detect your new hard disk and give you option to browse that Win partition from desktop.

All you have to do is to run Bitdefender update and ran a scan!

It can read&write and NTFS partitions.

This is better than I was looking for!

This kind of CD with Kaspersky AV would be amazing too! Anyway BitDefender offer and 24/7 chat support and for this version of product! Gitdefender also have good detection rate!


Thanks menner!

 

Not quite... when running a live cd, the whole linux is run from a ram disk. So the (updated) sigs are in linux memory. The are unvulnerable to windows crap and they are updated by the linux system.

 

Thanks André for your reply and for correcting me !!!

Warm regards,
Groetjes, Jan.

 

Haaa, finally succeeded in correcting someone

btw... besides being a great virus cure, linux is very good for doing your regular office and wilderssecurity stuff as well

 

Have BitDefender installed on my SuSE Linux drive, and can scan my Windows drive with it. Works great!