Scanning windows from linux

Avira and Kaspersky both have free options available at their websites. You just download the program and run it. It will automatically burn a Linux distro with AV scanner to a CD. Just reboot from the CD any you're in the new system.

First of all, Thx for your response.

I analyzed both the tools. I checked Avira Anti-virus (Free version). It seems to be based on DazukoFS and has on-access & on-demand scanning support. But, i am unable find an option to scan a Windows Machine from Linux Machine in the same Network.

So, I checked the Kaspersky Anti-virus (Free version) also. It has an option of remote administration of Kas-persky Anti-Virus.For remotely using Kaspersky Administration Kit, the Network Agent has to be installed on the system that has to be remotely monitored. But, is there a method of avoiding the Network agent in the remote machine/client and scanning from this Administrator machine itself ?

I find that, Kaspersky Administration Kit enables the complete remote administration of Kaspersky Anti-Virus on individual client computers, including: starting and pausing scans, general configuration such as enabling and disabling protection, and configuring settings for report creation.

It seems that only linux clients can be monitored from windows machine. But, does it support the scanning of a Windows Machine from Linux Machine using the method of Remote monitoring ?

Any ideas ?

Thx in advans, Karthik Balaguru

It seems that only linux clients can be monitored from windows machine. But, does it support the scanning of a Windows Machine from Linux Machine using the method of Remote monitoring ?

Any ideas ?

Hello, how about mounting your Windows partition in your Linux tree? (smb or nfs) Greetings Jacob

s: snipped-for-privacy@r33g2000prh.googlegroups.com...

I'm sorry that I wasn't more clear in what I suggested. I was talking=20 about these two tools that are available:

In order to use them, you don't actually need anything other than the=20 Windows system. When you download and run the .exe file on windows, it=20 will burn what is essentially a "LiveCD" that is a minimal Linux distro=20 that was specifically designed to deal with infections on a Windows=20 machine. You don't even need a second computer. Just boot from the=20 LiveCD on the machine you want to check, and run the scanner.

I don't know if that's exactly what you're looking for, but it's the=20 simplest way (in my opinion) to scan a machine when you have the=20 physical machine with you. I've used each one several times, and they do=20 a very nice job. Both companies typically update it several times a day,=20 so the definition files will always be current.

Sure, if you can mount the partition/drive or whatever, have it scan the file system, or use it as a system for incoming data that's transfered to the system via email, FTP, etc.

The method of creation of a minimal Linux distro(LiveCD) on windows for dealing with the infections on windows sounds fantastic ! Thats cool ! Interesting method for scanning viruses :-)

I am looking for a Linux-based application that could scan computers by accessing them via network. (Especially the systems(windows based systems) that cannot be booted).

But, the below link seems to suggests a linux-based application that allows accessing computers that cannot be booted anymore.

it is not via network, I think, this will serve the purpose for the time being. Lemme know incase if there is a tool(Freeware) that has a feature of performing it via network.

Your response has been very helpful !!

Interesting ! I will check this out.

Karthik Balaguru

I would imagine that there is a way to accomplish this on running networked machines using something like ClamAV, but I don't personally know how to do it.

That tool is probably your best choice, as long as the BIOS is set to allow you to boot from the CD. If the machine won't boot into Windows, then it isn't going to show up on your network anyway. The only other way I know to check the drive is by physically removing it and hooking it up to another machine.

You might want to check the HD as well if it doesn't boot at all. You could run it through something like Spinrite (not free) to check the health of the physical drive.

Good luck.

How on earth are you going to access a computer _which_ _cannot_ _be_ _booted_ over the network? A network connection which shares filesystems over the network for scanning requires at least a minimal running operating system on the target machine.

The first requirement is that you can get the infected computer to boot. That means that if the machine is unbootable of itself due to a totally corrupted bootsector, master boot record or Windows installation, you will need to boot the machine off of a rescue system on a CD or DVD.

Getting the infected machine to boot from a rescue CD (or DVD) means that you are physically in the vicinity of the infected computer and sitting at its local console, so what would be the point in then scanning it from somewhere else on the network? The machine would only be temporarily running off of a CD-based system anyway and would either way need to be rebooted after the scan/repair is complete, so you might as well stay sitting there at the machine's local console until after the clean-up and repair have been completed and the machine is ready for reboot into its native operating system.

If on the other hand you are talking about scanning Windows partitions on *running* Windows machines over the network as some sort of preemptive scan, then you'd need to export *all* of their files over the network, including the Windows "C:" drive and all system files thereon, which is not exactly the safest way of setting up a network share, and which will in addition not scan the *RAM* of the Windows computers, where a virus might be hiding.

The only possible way of performing a virus scan without any viruses hiding in the Windows machine's RAM is to boot the Windows machine from such a rescue CD, which - as explained higher up - and this requires local access to the machine in question.

Yes, it is a valid question. I am exploring various ways.

The problem is, one of the infected windows machine's CD/DVD drive does not work . So, i was exploring alternate ways like using rescue CD remotely/remote techniques from a remote machine that has a CD/DVD drive (though i was aware of the chances of its availability was very less). Any ideas ? For example, in linux there is a 'kickstart installation' technique that will enable automated installation of Red Hat Linux on indivdual computers based on the answers in the file in the server. Similarly, is it not possible to boot windows remotely so that rescue CD can be used on similar lines to recover it ?

One thought is to dis-connect the non-working CD/DVD drive and connect a working CD/DVD drive temporarily to fix this issue. But, that is ruled out due to various reasons. Is there no other way except for replacing the CD/DVD drive in that windows machine and trying with the rescue CD ? No way to avoid the replacement of CD/DVD drive ?

True !

Okay.

Thx in advans, Karthik Balaguru

I suppose you could try a PXE boot, but the BIOS has to support it, and Windows has to support it as well. On the latter, I have no knowledge - I don't do Windows, sorry - so you would have to ask about that in a Windows group, or via the Microsoft Knowledge Base.

At the moment it seems like you have no alternative.

Not that I can think of, unless you've got some external USB storage device that the system can boot from - again, this is BIOS-dependent.

If USB boot is supported on the target machine, then there are various tools in various distributions for making a bootable USB stick from which you could then scan the system, but none of those USB-based distributions would then be designated virus scanners, so you would probably have to add the antivirus software to the USB stick manually. It can be done, but it's quite a bit of work.

On the other hand, you should be able to pick up a cheap second-hand internal CD or DVD drive somewhere and mount it in the machine with the broken CD player.

This sounds great . This will surely be helpful :-) :-) I think, this approach can be tried out. I need to check for the USB- based Free distributions and need to check for the method to add the Free antivirus software to the USB stick. Can you lemme know the steps/links that talk in detail about this ?

Yeah, this is another good idea, but in the current scenario, this is ruled out due to various reasons.

Thx in advans, Karthik Balaguru

Mandriva is a distribution which is available on a USB stick, and there are some others as well. As I gather, the cost is not too high, but alternatively, you can do it yourself using a freely downloadable distribution and a USB memory stick you already own. There are HowTos about it on the web. ;-)

Google is your friend. ;-)

I don't see why it would be a problem, if you have a non-booting machine, and thus a machine that is currently useless. Surely adding an old CD player to it - you might even find one for free - to remedy the problem would not be a big issue?

I've been partial to Fedora for a long time. So here's one for you to=20 check out.

I've never used, but have heard many good impressions of DSL.

And here's a little more info.

Great ! This is interesting.

I searched for setting up ubuntu in USB stick and the below link -

Another link that claims the installation of ubuntu in USB stick from Live CD is below -

Does clamav come by default after following the procedures mentioned in the below link ?

Or, should we need to add clamav by setting up the network/internet once the ubuntu is up from the USB stick ?

Thx in advans, Karthik Balaguru

Thanks for the links. They are really helpful. Looks interesting. I will check these.

Karthik Balaguru

That is correct.

There are several methods for doing this, but if you're going to save it on a separate partition on the USB stick - as opposed to making it part of the boot image - then I recommend formatting that partition with a UNIX-style filesystem, i.e. ext2/3, reiserfs, XFS or JFS, but not with FAT32, as that does not honor the UNIX permissions and file ownerships.

Either use an ext2/3 or similar filesystem on the USB stick and save it to that, or add it to the boot image from which the GNU/Linux system boots up from the stick. If push comes to shove, you can temporarily save the downloaded files to a /tmpfs/ - i.e. a temporary filesystem in RAM while you are fiddling with the USB stick.

That link is known to just about every GNU/Linux user. ;-) As you didn't seem to know about it yet until I mentioned it here, you're probably not a real GNU/Linux user... :p

Right, you need to add clamav, after you have built the stick, but this is very straightforward. The penstick will be updated to reflect changes as packages are added or removed. (It works justs like a regular installation).

I've got some notes on the creation of the bootable pendrive somewhere. I will try and dig them out for you.

Mark.

huh why does windows need to support it ? you just boot your favorite live cd with PXE boot (BIOS feature), mount the filesystems and scan with whatever you want:

clamav, ...

personally i also use a few vm's with avast home free, mcafee and other virus scanners and get it to scan with virtualbox shared folders feature.

you need the cpu cycles tho for that but a lot of my time is (invested|lost) in taking an infected machine's hd and scanning it on my system like that (i dont use windows either).

then i take the suspected files and run them through virustotal if possible (obviously infected pagefiles or hiberfiles are just gonna get deleted).