FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-04-2010, 07:37 AM
Thomas Taylor
 
Default A virus scanner on linux for windows partition

On Sat, 03 Jul 2010 21:49:52 -0700
JD <jd1008@gmail.com> wrote:

> I came across an article that mentioned some viruses
> that can hide and move around on a booted windows
> machine, and can evade virus scanner.
> So, I thought that is the windows partition can be scanned
> by another booted OS like linux it would make it impossible
> for the virus to evade detection and quarantine.
> Is there such a scanner than can be run from Linux?

Hi JD;

Haven't actually tried it but if it's a dual boot or the windows partition is
mountable, any virus scanner running on linux should be able to check it.
Don't know if it would meet your needs but BitDefender for unices is free for
non-commercial use. My wife runs the windows version on her win7 desktop and
it seems to work quite well (course ya gotta pay for that one).

Tom

--
Tom Taylor - retired penguin
openSuSE 11.3-RC1 x86_64
Fedora 13
KDE 4.4.3, FF 3.6.4
claws-mail 3.7.6
registered linux user 263467
linxt-At-comcast-DoT-net
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-04-2010, 07:46 AM
Frank Murphy
 
Default A virus scanner on linux for windows partition

On 04/07/10 05:49, JD wrote:
> I came across an article that mentioned some viruses
> that can hide and move around on a booted windows
> machine, and can evade virus scanner.

You can also use something like Kaspersky,
which uses Linux as the basis of it's RescueCD.
Commercial app.

or

Clamav? in fedora repos

ymmv

--
Regards,

Frank Murphy
UTF_8 Encoded
Friend of Fedora
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-04-2010, 01:08 PM
Dave Ihnat
 
Default A virus scanner on linux for windows partition

On Sat, Jul 03, 2010 at 09:49:52PM -0700, JD wrote:
> I came across an article that mentioned some viruses that can
> hide and move around on a booted windows machine, and can evade virus
> scanner.

That actually happens often with the nastiest critters. You commonly
simply don't boot from that machine to kill 'em--pull the drive(s) and
scan with either another Windows machine or a Linux box while the
critters are quiescent and can't defend themselves.

Cheers,
--
Dave Ihnat
dihnat@dminet.com
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-04-2010, 04:22 PM
JD
 
Default A virus scanner on linux for windows partition

On 07/04/2010 12:46 AM, Frank Murphy wrote:
> On 04/07/10 05:49, JD wrote:
>> I came across an article that mentioned some viruses
>> that can hide and move around on a booted windows
>> machine, and can evade virus scanner.
> You can also use something like Kaspersky,
> which uses Linux as the basis of it's RescueCD.
> Commercial app.
>
> or
>
> Clamav? in fedora repos
>
> ymmv
>
I yum installed clamav., and updated the databse.

I will also try Bitdefender, suggested by Thomas Taylor.

So far, clamav has not found anything in the mounted windows partition.
That could be good news or bad news


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-04-2010, 05:08 PM
Athmane Madjoudj
 
Default A virus scanner on linux for windows partition

On 07/04/2010 05:22 PM, JD wrote:
> On 07/04/2010 12:46 AM, Frank Murphy wrote:
>> On 04/07/10 05:49, JD wrote:
>>> I came across an article that mentioned some viruses
>>> that can hide and move around on a booted windows
>>> machine, and can evade virus scanner.
>> You can also use something like Kaspersky,
>> which uses Linux as the basis of it's RescueCD.
>> Commercial app.
>>
>> or
>>
>> Clamav? in fedora repos
>>
>> ymmv
>>
> I yum installed clamav., and updated the databse.
>
> I will also try Bitdefender, suggested by Thomas Taylor.
>
> So far, clamav has not found anything in the mounted windows partition.
> That could be good news or bad news
>
>

AFAIK, ClamAV (the engine of.) is more efficient then all AV software
except Kaspersky AV.

See review here:

http://cybernetnews.com/best-linux-antivirus-kaspersky-clam-norton/

To install ClamAV on Fedora or RHEL (through EPEL) (as root):

yum clamav-filesystem clamav-data clamav-lib clamav-update

Update AV DB (as root):
freshclam


HTH



--
Athmane Madjoudj
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-05-2010, 12:10 PM
birger
 
Default A virus scanner on linux for windows partition

On Sun, 2010-07-04 at 09:22 -0700, JD wrote:
> So far, clamav has not found anything in the mounted windows partition.
> That could be good news or bad news

Systems running windows from an infected disk are often unable to find
the infection, as the infection often installs a root kit that hides the
infection from the virus scanner.

When you boot linux and scan the disk using clamav you have a good
chance of finding infections that even expensive anti virus apps running
on the infected windows system couldn't find.

I have several times found infections on running windows systems by
remotely mounting their C: drive (the C$ share) on my linux box and
running clamav on them. That way I can check them without downtime.

How does the infection get past the windows anti-virus? It could either
be something new that wasn't detected yet when you got infected. Or (as
in my case) systems that need to have anti-virus disabled for certain
data directories and applications because of performance problems.
Combine that with a need to allow connections to that same app from the
internet... Recipe for infections.

I usually find 3 different 'hits' on infected systems, and when looking
up the signatures on the web I usually find that one is the component
that initially infected the system. That one then downloads and installs
a root kit to hide itself, and then a backdoor to offer services.

--
birger

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-06-2010, 01:34 PM
sandeep Patel
 
Default A virus scanner on linux for windows partition

Hello, I installed the clam AV in fedora-12.But i am unable to update it.My internet connection uses proxy.please help me And I downloaded the freshclam.conf file also.

--
Sandeep Kumar Patel

University of Hyderabad

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-06-2010, 01:52 PM
Athmane Madjoudj
 
Default A virus scanner on linux for windows partition

On 07/06/2010 02:34 PM, sandeep Patel wrote:
> Hello, I installed the clam AV in fedora-12.But i am unable to update
> it.My internet connection uses proxy.please help me And I downloaded the
> freshclam.conf file also.
>
>

from the manpage:

HTTPProxyServer STR, HTTPProxyPort NUMBER
Use given proxy server and TCP port for database downloads.

HTTPProxyUsername STR,HTTPProxyPassword STRING
Proxy usage is authenticated through given username and password.
Default: no proxy authentication

See:
man 5 freshclam.conf

--
Athmane Madjoudj
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-06-2010, 02:27 PM
sandeep Patel
 
Default A virus scanner on linux for windows partition

On Tue, Jul 6, 2010 at 7:22 PM, Athmane Madjoudj <athmanem@gmail.com> wrote:

On 07/06/2010 02:34 PM, sandeep Patel wrote:

> Hello, I installed the clam AV in fedora-12.But i am unable to update

> it.My internet connection uses proxy.please help me And I downloaded the

> freshclam.conf file also.

>

>



from the manpage:



HTTPProxyServer STR, HTTPProxyPort NUMBER

* * Use given proxy server and TCP port for database downloads.



HTTPProxyUsername STR,HTTPProxyPassword STRING

* * Proxy usage is authenticated through given username and password.

* * Default: no proxy authentication



See:

man 5 freshclam.conf



--

Athmane Madjoudj

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


I tried man 5 freshclam but it showed that no manual entry for its.I am not getting how to use HTTPProxyServer etc. please help
--
Sandeep Kumar Patel
University of Hyderabad


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-06-2010, 02:56 PM
Michal
 
Default A virus scanner on linux for windows partition

> I tried man 5 freshclam but it showed that no manual entry for its.I am
> not getting how to use HTTPProxyServer etc. please help
>
> --
> Sandeep Kumar Patel
> University of Hyderabad
>

Have you actually bothered to try and search for your problem in the
archives and search engines? You can read man pages on the internet.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 08:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org