Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Antivirus Live CD with ClamAV


  • Please log in to reply
44 replies to this topic

#1 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 20 March 2016 - 07:56 PM

Antivirus Live CD 17.0-0.99.1 Uses ClamAV 0.99.1 to Clean Your PCs of Viruses

First, for those who are not in the known, we would like to inform them that Antivirus Live CD has been designed from the offset by Mr. Konojacki as an independent and standalone anti-virus solution, based on the open-source ClamAV (Clam AntiVirus) software, for any platform, including GNU/Linux and Microsoft Windows PCs.

Greets!



BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia

Posted 20 March 2016 - 08:08 PM

How to use Antivirus Live CD


 

Unfortunately, you will be dropped to a shell prompt

And thats where the problems will start for novice Windows users.

 

 

Members are advised to use caution when booting from a live ( Cd USB ) disk to scan an operating system, Removing a file because of a false positive could render a PC unbootable.

 

 

Edit bellow.

 

And novice Linux users and novice Mac users.

 


Edited by NickAu, 20 March 2016 - 08:20 PM.


#3 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:37 AM

Posted 21 March 2016 - 02:24 PM

Caution should definitely be used when using Antivirus Live CD. There is also no GUI to speak of, all CLI. So one should know how to use that.

 

Good looking tool though. I can see this being very useful to malware/virus fighters. Especially for the Security folks in an organization. Have that thing as an ISO out on one of the servers/file systems and network mount it to boot on any PC throughout. Though, would still be good to have on a CD especially for quarantined PCs.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#4 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 26 March 2016 - 12:00 AM

Could see it being very useful if your system were infected and you wanted to use a linux disc to transfer your files off to another drive, but avoid transfering any infected files in the process.



#5 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:37 PM

Posted 26 March 2016 - 03:26 AM

I learned my lesson as Nick pointed out in bold above via the School of Hard Knocks not to use Linux OS's to scan for threats on my PC. :o

 

Fortunately, most all of my OS's are imaged every two weeks at the most, and alternate drives in doing so, therefore was able to recover within 15 minutes. Yet for those who doesn't, better have a recovery media set, working recovery partition or if a full retail install, the media, and depending on OS (the newer, the less time), one to two days & 20+ reboots to reinstall the OS, all of the updates, and don't forget product keys for MS Office & other licensed software. 

 

Even some of the 'official' bootable CD's (like from Bitdefender) has caused some users issues, so am certainly not going to trust a full Linux solution to cleanup Malware. 

 

This is why I always keep the first three backup images, whether new or post reinstall, as well as the last three. Because sometimes going back just one image may have the Malware on it, chances are that the ones before that won't, and after backup, always disconnect the drive used to create the image. 

 

Yet I agree that these are great to rescue important files from, by which chance shouldn't be on the same drive (or 'C' partition). My personal data goes to a secondary drive or separate partition on all of my Windows installs, so most of the time. no need to rescue anything. That is, unless I were to be hit with one of the 'crypto' variants that'll encrypt every drive on the computer, maybe the Linux ones also, if nothing else, the partitions as a whole if can't access each file, though that would take quite a bit of time to encrypt/upload. 

 

Prevention is far better than cure, and anyone who is serious about security cannot leave regular backups out of the picture, these aren't just for hardware failures. :)

 

While the idea of a full Malware scan using Linux media is a great one in thought, in reality can cause a lot more damage to an already infected system. Especially if the Recovery partition is scanned & 'cleansed', that can place the user in a serious jam that they can't get out of, especially if no recovery media set was created, nor reinstall media available or the first full disk backup image was created. If a Windows 7 OEM computer, one will have to make sure that the Windows COA is attached & readable (good to place clear packaging tape across this for protection), and find someone with a Retail copy of the OS (don't matter which version as long as the bit version matches), and use the trick of creating an AIO install media, so that the COA won't be blocked, many won't allow to reinstall using Retail media. Am not going to get into great detail over this, yet a Google search will provide the simple instruction to perform the task. 

 

If Windows 8.1/10, the OS ISO can be downloaded, and so can 7, if a Retail (Full) version. Microsoft provides the sites for these when needed. 

 

I know that I'll never scan my Windows OS's with Linux media again, even if it's a Windows AV that creates the Linux bootable ISO to burn to CD, or create a bootable USB stick. If one has a second Windows computer, it's best when possible, to remove the drive & place in a docking station for scanning with one's security on Windows. This removes threats better than when running, and when cleaned, can be placed back when cleaned. Though once infected, I don't trust the OS, no matter what, would rather revert to a backup, even if it was the first created five years ago. 

 

This is one great example of why it's best to run Linux software on these OS's, and Windows equivalents on those, to prevent the OS from being bricked. :thumbup2:

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#6 musicbits

musicbits

  • Members
  • 63 posts
  • OFFLINE
  •  

Posted 04 February 2017 - 12:55 PM

If one has a second Windows computer, it's best when possible, to remove the drive & place in a docking station for scanning with one's security on Windows.

 

 

 

Why is this approach better than using a bootable linux based AV solution?



#7 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 04 February 2017 - 05:29 PM

 

If one has a second Windows computer, it's best when possible, to remove the drive & place in a docking station for scanning with one's security on Windows.

 

 

 

Why is this approach better than using a bootable linux based AV solution?

 

 

Because there are much better scanning tools on windows than linux. The few that exist for Linux aren't that great, they don't detect as reliably as Windows based malware scanners such as MalwareBytes, ADWcleaner, ESET antivirus, etc.


Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#8 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:37 PM

Posted 04 February 2017 - 11:21 PM

 

If one has a second Windows computer, it's best when possible, to remove the drive & place in a docking station for scanning with one's security on Windows.

 

 

 

Why is this approach better than using a bootable linux based AV solution?

 

 

While my colleague Captain_Chicken has covered the exact reason why, I also covered it in my post above in a different way. 

 

 

 

While the idea of a full Malware scan using Linux media is a great one in thought, in reality can cause a lot more damage to an already infected system. 

 

This is why some Windows AV's have went away from bootable Linux software (creating a Linux based rescue CD, USB stick, or ISO to be used by either) to disinfect systems. Even Avast has done away with their long running 'boot time' scan, which was Linux based. Note that not all has followed this trend, though it's fading, and really not many consumers are using these tools. Many simply doesn't know how & it may be best that it remains as such. :)

 

The bottom line is that each type of OS has it's own types of scanners & how these works to detect infections. For example, and just try it, though don't quarantine anything, ClamTK, which is the GUI for ClamAV on Linux, will flag every .exe file on the system as malicious. Why? Because it's designed to work with select Linux OS's, by default it's going to 'see' .exe files as threats (& some are). Yet the chance of nailing the right one (out of tens of thousands) will be slim, after performing a system image of a SSD that I was going to secure erase anyway to refresh the cells, ran ClamTK for just 5 minutes, over 1,300 threats were identified. Really, if there were that many .exe threats on a system, it likely wouldn't boot, and after quarantining about 25, it wasn't booting, though not for that reason. I messed up the filesystem, though as stated, was an excuse to see what damage that ClamTK could do. :)

 

It's simply best to use the security that's designed for the OS, rather than scan Windows with a tool designed for Android, Linux & Mac. The same applies to the other OS's, there's are many choices of tools for every OS, and when one cannot get rid of a stubborn infection on their own using traditional scanners (the free Emsisoft Emergency Kit is great to have on a USB stick), then simply visit this section of Bleeping Computer & someone will happily assist with a professional like approach. 

 

https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

 

Link to Emsisoft Emergency Kit below, download & then create folder to be extracted to, and extract to that folder, can be anywhere in Documents, Downloads, even if on a Data drive (important Data should never be left on the 'C' drive). There'll be an icon to start the scanner (mine's pinned to the Taskbar where no Emsisoft product is actively protecting the system), that'll first allow one to update the software, then should first run (as recommended), a Malware scan. If anything is found, then scan the entire system with the 'Custom' scan option. This is the one I run anyway, since with a fast SSD, these takes only minutes to complete. On a pure HDD system with 2 or more drives loaded with data, simply make sure in Power Options that Sleep Mode doesn't kick in, may take a few hours & no need to babysit the process, do what's needed or run overnight. 

 

Any quarantined files/registry keys can be restored if rescanned & found to be a False Positive, or one desires to keep these. Just keep in mind that these are likely legit threats to your security if not a FP. :)

 

https://www.emsisoft.com/en/software/eek/

 

Also, note that until today, it's been over 10 months since the last post above, which by chance was mine. I'd suggest that to attract more attention to any concerns, open a new Topic. It can be a Discussion one, where others can jump in with ideas, or if it's an issue with your system, a Support Topic, though if running Windows, may be inappropriate to open such a Topic within the Linux Community. Either post for support for the OS you're running or get in the 'Am I Infected' line if it's very urgent. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#9 musicbits

musicbits

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 04 February 2017 - 11:45 PM

It's simply best to use the security that's designed for the OS, rather than scan Windows with a tool designed for Android, Linux & Mac.

 

 

For post infection scanning the detection and repair algorithms should be nearly identical on both OSes. 



#10 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 05 February 2017 - 02:24 AM

Using a Linux based device to scan a Windows based device for infection is entirely unnecessary, and as already stated poses a number of problems.

 

I've been helping people with their Windows based malware problems on various forums for over 10 years now, and I can't think of any situation I've come across during that time that I haven't been able to take care of using Windows based solutions.

 

Malware is a big deal in Windows, and there is a very well developed set of tools and techniques available to combat it.

 

My advice to anyone with a Linux based anti-virus tool, is to use it only on Linux installations.



#11 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:02:37 PM

Posted 05 February 2017 - 04:47 AM

 

My advice to anyone with a Linux based anti-virus tool, is to use it only on Linux installations.

Even then I would not recommend that people who don't know what they are doing mount a HDD using a Live disk and start scanning and removing stuff without instruction from somebody who knows what they are talking about.



#12 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:37 PM

Posted 05 February 2017 - 05:05 AM

 

My advice to anyone with a Linux based anti-virus tool, is to use it only on Linux installations.

 

 

+1! :)

 

Nick contributed as to why above, no need for me to add anything further. :thumbup2:

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#13 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 05 February 2017 - 10:03 AM



 


My advice to anyone with a Linux based anti-virus tool, is to use it only on Linux installations.

Even then I would not recommend that people who don't know what they are doing mount a HDD using a Live disk and start scanning and removing stuff without instruction from somebody who knows what they are talking about.

 

Unless you know what you're doing, the default action when using any AV product (on any Operating System) should always be to quarantine any infection found, not to remove (delete) it.

 

Quarantined files can always be restored if they need to be, deleted ones cannot.

 

False positives are commonplace (especially when it's a heuristic detection), so things should never be removed unless you know that they need to be.

 

As for using Linux based products on Windows. well as far as I know, it's not possible to reliably edit the Registry in Windows when booted into Linux, and since pretty much all Windows based malware makes changes to the Registry, then you're asking for nothing but trouble if you remove infection files without making the necessary Registry changes associated with them as well.


Edited by Gary R, 05 February 2017 - 10:05 AM.


#14 musicbits

musicbits

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 05 February 2017 - 01:10 PM

But the Windows OS based scanning solution has the serious possibility of getting infected by the target device that we are hoping to clean.



#15 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 05 February 2017 - 01:25 PM

But the Windows OS based scanning solution has the serious possibility of getting infected by the target device that we are hoping to clean.

 

Not unless you go around the infected drive opening files, there is no risk, because you aren't loading startup programs or even programs on that installation of Windows. 


Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users