Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (3) </ 1 [2] 3 >/

[ Track this topic :: Email this topic :: Print this topic ]

 reply to topic new topic new poll
Topic: Anti-virus help< Next Oldest | Next Newest >
RoGuE_StreaK Offline





Group: Members
Posts: 418
Joined: Jan. 2004
Posted: May 06 2004,00:09 QUOTE
Can clamav etc. be used to diagnose / fix "windows" drives?  I've always thought that would be a handy application for DSL, if a virus takes out someones windows machine, chuck in the live CD, boot up, remove the virus, and away you go...  but I'm assuming these anti-virus apps would be too big for the standard iso?
I did a search recently for a bootable linux that offered this, but didn't come up with anything.  Though "linux" and "virus" don't usually mix, surely that would make linux the ultimate weapon in clearing viruses off windows machines!?

--------------
"I find your lack of penguin disturbing"
                                      - Darth Tux
Back to top
Profile PM WEB 
Grim Offline





Group: Members
Posts: 284
Joined: Mar. 2004
Posted: July 17 2004,15:49 QUOTE
I understan your point Rogue, but if Windows won't boot, it's probably due to the virus overwriting an important system file somewhere, which DSL won't be able to help you recover anyways.

DSL will start up a server that you can use to backup your hard drive to another machine or allow you to back up to CD but it doesn't really have the forensic tools to help one recover a broken windows machine.

The A/V running on Linux makes sense if the Linux box is running as a mail server, it prevents infection, but I don't really see the point in having it run as a regular userspace program because there really isn't the proliferation of virii on Linux as it exists under Windows (yet).

--------------
No good deed goes unpunished...
Back to top
Profile PM WEB 
ke4nt1 Offline





Group: Members
Posts: 2329
Joined: Oct. 2003
Posted: July 17 2004,17:14 QUOTE
Recently, I have been "testing" with the F-Prot anti-virus package.
It's a small and lightweight command line scanner.
Updates are fast and also small in size, so the whole thing
fits in my backup thru the filetool.lst's  "/usr/local/f-prot"  entry.

In combination with the LinNeighborhood "samba.dsl" extension,
I have been using it to scan partitions on other computers
over the network, even while they are in use.

Since it would be easy to make a .dsl file out of f-prot,
you could burn the f-prot.dsl and samba.dsl files to the / of the new DSL cdrom,
and you would have a handy "pocket scanner"
that is immune to corruption or infection, short of physical disk damage.

As of today, the latest .tar.gz from f-prot contains updated virus
data thru July 8th, but the package contains a perl script to
download the latest data files from f-prot directly,
if the internet is available on the machine you are testing.

By the time you needed to upgrade the f-prot package,
it would be time to burn the latest DSL version as well.

73
ke4nt
Back to top
Profile PM 
RoGuE_StreaK Offline





Group: Members
Posts: 418
Joined: Jan. 2004
Posted: July 18 2004,07:19 QUOTE
Sounds good.
One of the major problems I have found with virus checkers under windoze is that they can't remove viruses from system files that are "in use".  So to be able to boot from a CD and check / clean ALL files on a system would be very handy.

Haven't really had a chance to keep up with where DSL is for the past two months or so, so need to do some serious catching up!

--------------
"I find your lack of penguin disturbing"
                                      - Darth Tux
Back to top
Profile PM WEB 
cbagger01 Offline





Group: Members
Posts: 4264
Joined: Oct. 2003
Posted: July 19 2004,02:05 QUOTE
Unfortunately, if you are scanning a windows computer over the network while the target computer is up and running windows you still won't be able to clean these files because they will be in-use.

However, in the worst case you could stick the hard drive into a second windows computer and boot it.  Because the second windows computer will be booting from its own hard drive, it will not use the operating system files on your infected drive.  The new drive should appear as D:\ or E:\ or F:\ etc and you will be able to clean any and all files that are stored there.

If the infected drives are formatted in FAT16 or FAT32 then you don't need to do all of this hard drive removal stuff.  Just boot linux on the computer, mount the partition with read/write permissions and go to work.

And if you have a distro that contains Captive NTFS, AND your hard drive's filesystem driver files are NOT infected, then you could do a repair job without removing the hard drive.

Good Luck.
Back to top
Profile PM 
11 replies since May 04 2004,13:41 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (3) </ 1 [2] 3 >/ 		reply to topic new topic new poll
Quick Reply: Anti-virus help

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code