tag:blogger.com,1999:blog-5194546.post2084352127573000530..comments2023-03-30T15:45:53.940-07:00Comments on Neil's Open Source & Linux Blog: Virus scan Windows using a Linux live CDNeilhttp://www.blogger.com/profile/10168824672796810309noreply@blogger.comBlogger20125tag:blogger.com,1999:blog-5194546.post-78667435527745131652014-02-17T10:34:59.081-08:002014-02-17T10:34:59.081-08:00@Danny: There's really no conflict in running ...@Danny: There's really no conflict in running two different antivirus scans on the same storage device. Note that I wouldn't recommend running them at the same time, and I'm also not talking about using two anti-virus products simultaneously that both run monitoring services. But just running a disk scan? Use as many different programs as you like.Neilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-64232050156210993922013-09-13T09:56:24.325-07:002013-09-13T09:56:24.325-07:00Can we use F-proot antivirus together with one oth...Can we use F-proot antivirus together with one other antivirus software? I heard from a friend that F-proot works well and I want to give it a try myself as well. However I am a bit hesitant because I have a current antivirus installed in my PC. Any advice you can give please?Danny D. Clarkhttps://plus.google.com/110511869915458636751/aboutnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-12350835874467680082010-09-18T11:08:57.785-07:002010-09-18T11:08:57.785-07:00A quick check on the F-PROT Antivirus latest produ...A quick check on the <a href="http://www.f-prot.com/currentversions.html" rel="nofollow">F-PROT Antivirus latest product versions and virus signature files</a> indicates that they use the same signature file for all of their products, which makes sense: it's easier to maintain one single signature file than to try to fork a signature file for each OS. <br /><br />Note that you could set up a cron job for the command line version to automatically update the definition file and also automatically scan a directory on regular intervals -- a good option for a file server.Neilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-86478028678780045772010-09-14T02:55:33.633-07:002010-09-14T02:55:33.633-07:00Just curious, I read the f-prot's website and ...Just curious, I read the f-prot's website and they didn't indicate f-prot for linux can scan for windows based malware/virus/etc.<br /><br />According to the website, f-prot for linux scans for and detects malware developed for the *nix platform.<br /><br />I only ask because, I'm running a linux file server (for downloads) and want to implement some malware detection prior to moving the files into production (i.e my media server). My main concern is windows users who might access the files.<br /><br />Any ideas?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-58687855302593186472010-03-05T06:07:04.252-08:002010-03-05T06:07:04.252-08:00If you boot from the CD how can you have an intern...If you boot from the CD how can you have an internet connection to update the virus software?<br /><br />Don't forget to check out <a href="http://www.adminkernel.com/linux/100-linux-tips-and-tricks" rel="nofollow">"Linux Tips and Tricks "</a>creativesumantnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-88247771914061571372009-11-02T05:27:12.425-08:002009-11-02T05:27:12.425-08:00Hey Im using this method to clean up a system some...Hey Im using this method to clean up a system some family friends brought me.<br /><br />F-Prot is great but itś not everything, it found 4 backdoors (backdoor2 family) of which the files I deleted, not being anything critical.<br /><br />So then I wanted to boot into windows to see if anything else was wrong, needed tweaking or fixing (full service when I fix friendś systems) but on boot I found out F-Prot by far doesn get everything, as soon as I booted into windows I got bombarded with those fake anti virus tools (now I know how they got the backdoor though) trying to install trojans and backoors again.<br /><br />So while F-Prot will find strictly virusses and such it's not as able to find the software responsible for keeping the system infected.<br /><br />Still thanks for the guide, this will be a standard tool in my repair kit from now on, just hope to find a scanner that will sniff out the crap that keeps downloading and installing these thins as soon as you plug in the utp cable / connect to wifi.Luggagehttps://www.blogger.com/profile/01151882531449709389noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-9699152947574947782009-09-19T17:17:42.394-07:002009-09-19T17:17:42.394-07:00I tried installing f-prot to scan my Windows PC vi...I tried installing f-prot to scan my Windows PC via an Ubuntu (9.04) LiveCD, but it seems f-prot doesn't exist anymore in the Debian repositories, so this procedure didn't work. Does this method require Knoppix? Or is there a new name for f-prot?<br /><br />Regardless, I'm trying ClamAV (using KlamAV as a frontend). So far it's picking up a lot of security threats on the computer. And updating the virus database was a matter of clicking a button.<br /><br />I have my fingers crossed that it'll work good :)Anonymoushttps://www.blogger.com/profile/09704296688190898606noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-78862912628654190842009-04-26T13:24:00.000-07:002009-04-26T13:24:00.000-07:00Great article. Helped me a lot!Great article. Helped me a lot!Tatianehttp://tatianeps.netnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-29890553319841752722009-02-12T06:53:00.000-08:002009-02-12T06:53:00.000-08:00Robert,Neil provided good info... I would also rec...Robert,<BR/><BR/>Neil provided good info... I would also recommend the dual-install.<BR/><BR/>Also, reinstalling vista would be the best choice, but maybe you don't have the license key, or the media, or you want to preserve some of the apps that are on there?<BR/><BR/>If you need the key, use <A HREF="http://www.magicaljellybean.com/keyfinder/" REL="nofollow">KeyFinder</A> to find your key, although you have to be careful since it might be a key for an OEM distribution and may not work with the Vista CD you reinstall with.<BR/><BR/>In any case, it's helpful that Ubuntu will be able to resize your Windows partition for you, to create space so it has room to install.Keith Salustrohttps://www.blogger.com/profile/06541345012929727968noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-62164050132010949122008-10-20T08:35:00.000-07:002008-10-20T08:35:00.000-07:00Robert,You raise some interesting issues about F-p...Robert,<BR/><BR/>You raise some interesting issues about F-prot in your post, above. I can't say I have tested each of the Linux-compatible anti-virus programs to the extent you suggest. My interest in running an anti-virus scan from a Linux boot CD is, as you suggest, to ensure that the virus scan executes in a "known-good" environment; specifically, an operating system and file system that has not been potentially compromised by a virus attack. I recommend F-prot because it's a solid product and well maintained across platforms. There may be other superior products out there -- please post your suggestions here if they also run on Linux.<BR/><BR/>You asked if F-prot downloads the latest definitions when you install it. It certainly <B>should</B> be current, but it doesn't hurt to double check, so I'd recommend running the f-prot updater after you've installed it, to be sure -- or carefully read the output from the installer to see if you received the latest definition file during the install.<BR/><BR/>Good luck with your Vista laptop! If you have lots of work to do on that computer to ensure it's reliable, you might also consider setting up a dual-boot configuration with Ubuntu, or a similar easy-to-use Linux variant, to help repair Vista to your satisfaction. With a dual-boot setup, the Linux partitions will be invisible to Windows when you boot into Vista (i.e. safe from viral infection), but you can work with the Windows partitions if you boot into Linux, and use a number of Linux-based tools to maintain or repair the Windows volumes -- a setup that is useful in many circumstances, if Windows ever gets hosed on your laptop, for any reason.Neilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-70637149507420112042008-10-18T14:51:00.000-07:002008-10-18T14:51:00.000-07:00I notice that Knoppix 5.3.1 (apparently DVD only, ...I notice that Knoppix 5.3.1 (apparently DVD only, not CD?) changelog includes "Updated ntfs-3g with 'visible alternate data streams' extension (to discover files in other files, mount option streams_interface=visible)". I seem to recall that alternate data streams (a file with more than one stream of bytes in it, I forget what for originally, not the same as journalling, hasn't caught on) has been proposed, perhaps used, as a method to hide a virus. It's a bit like Macintosh files since the old days with data fork, resource fork (icons and such? - not part of the file data body). So I guess I'm wondering whether F-prot for Linux will detect viruses in these circumstances. (Probably not if you use Knoppix pre 5.3 and it can't even see that part of files - or can it?) Indeed we're assuming that it will detect Windows viruses as well as Linux ones...? And also assuming that using the free F-prot Linux download on a PC that runs Windows the other 364 days of the year is actually within licence terms - it can't be what they had it in mind for you to do. You may as well buy it for Windows anyway: by most accounts it's good stuff and it covers several home PCs. But the catch is to virus scan a modern Windows PC so that a clever virus can't get into the operating system first and pretend to the scanner that it isn't there, and I presume that's why we want to boot from a read-only disc.<BR/><BR/>One other thing to check on is, if you're mostly a Windows person and you run Knoppix or Linux wiithout networking for this exercise (there is wireless in there), can you do all the downloading on a separate Windows PC including current F-prot virus information? Is the download of F-prot itself initially up to date, or do you need to get new virus data to do a proper check? The instructions describe getting virus definitions using the Linux tool. I think F-prot -used- to update their download packages once a week or maybe better, so that you always got a fairly fresh copy.<BR/><BR/>I'm pursuing this because I've just bought a Vista laptop second-hand and I don't know where it's been.<BR/><BR/>I know of one deliberately specified non-virus string which has been agreed to test virus scanners safely - here: http://www.eicar.org/anti_virus_test_file.htm But it won't tell you "This virus scanner detects Windows viruses" or Linux viruses or whatever. You probably don't -want- one that discriminates, unless there are only 3 viruses for your model of cell phone and it doesn't have enough RAM to run F-prot's copyright message. But... well, this is already way too long.Robert Carnegiehttps://www.blogger.com/profile/11868446481195390009noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-66895122906141648512008-10-07T20:57:00.000-07:002008-10-07T20:57:00.000-07:00Please note that, as I mentioned in the original p...Please note that, as I mentioned in the original post above, you need to <A HREF="http://www.f-prot.com/download/home_user/download_fplinux.html" REL="nofollow">download F-prot from their web site: http://www.f-prot.com/download/home_user/download_fplinux.html</A>. Also, see Wellu's comment above for suggestions on how to install F-prot to a temporary directory.Neilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-80349366392334938542008-10-03T19:54:00.000-07:002008-10-03T19:54:00.000-07:00Maybe I'm doing something wrong, but I couldn't se...Maybe I'm doing something wrong, but I couldn't seem to find the f-prot package on Knoppix's DVD (or should I be using the CD instead?) I tried 5.3 and 5.1, and neither of them had the f-prot package when I did a search. I tried to download it over the Internet, but for some reason I wasn't able to install it. I'm not as fluent in Linux as Microspeak, so maybe I just need a couple more tries...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-16055913129993455022008-08-05T10:41:00.000-07:002008-08-05T10:41:00.000-07:00No need to do any kind of installing here. Just ex...No need to do any kind of installing here. Just extract the tar.gz somewhere (e.g /tmp/ will do) and you get f-prot subdirectory. From there do sudo cp f-prot.conf.default /etc/f-prot.conf and then ./fpupdate as normal user. This will get the latest virus definitions. After that you can run ./fpscan from the temporary directory. After updating one can remove /etc/f-prot.conf. Ok, there's no harm in installing if using live cd but I'll use this trick on my normal desktop too just to make sure nothing is left behind after I'm done with scanning. IMHO these installation scripts suck and running those as root sucks even more!Wellu Mäkinenhttps://www.blogger.com/profile/08477385916038502423noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-91179628738192907942008-05-29T06:33:00.000-07:002008-05-29T06:33:00.000-07:00Earlier, Anonymous asked how are we able to "insta...Earlier, Anonymous asked how are we able to "install fprot when using/booting from knoppix live" since the Knoppix CD is obviously read only, and all of the file systems are mounted by default in read only mode as well. The answer is this: the updates and changes to the Knoppix installation are made in RAM, and do not persist after you reboot.<BR/><BR/>In the original post, I suggest using a USB "thumb" drive to keep the F-prot installation files handy, so you don't have to download the installer again, but you still need to check for the latest definitions once f-prot is installed.<BR/><BR/>If you want to update your actual Knoppix CD with the latest f-prot & virus definitions, so the updated code persists after you reboot, you will have to remaster your Knoppix CD, which is, as they say, non-trivial. Perhaps a topic for another post...<BR/><BR/>Also, unless you are checking many, many computers at the same time, the chances are that you will need to update the latest definitions the next time you use the Knoppix CD to do a virus scan, and if that's the case, you might as well use the latest f-prot code as well. Again, follow the steps in the main post to update the latest version of f-prot and the accompanying definitions -- but the update only lasts until you shut down.Neilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-86764432258115315362008-05-29T06:18:00.000-07:002008-05-29T06:18:00.000-07:00Good catch: I've updated the body of this post to ...Good catch: I've updated the body of this post to use sudo ./install-f-prot.pl. Thanks!<BR/><BR/>NeilNeilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-24473317192630140002008-05-28T08:14:00.000-07:002008-05-28T08:14:00.000-07:00Just wondering how your able to install fprot when...Just wondering how your able to install fprot when using/booting from knoppix live. When you boot from the cd, you have no space for storage if your working on a windows pc (its NTFS).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-54193394168272142662008-05-28T00:22:00.000-07:002008-05-28T00:22:00.000-07:00Instead of using ./install-f-prot.pl, new linux us...Instead of using ./install-f-prot.pl, new linux users should be instructed to use:<BR/><BR/>sudo ./install-f-prot.plAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5194546.post-86510189204167374512008-03-24T14:43:00.000-07:002008-03-24T14:43:00.000-07:00Paul,After going through the process of updating l...Paul,<BR/><BR/>After going through the process of updating libc6, just to get freshclam to work, I've decided it's much easier just to go with F-Prot. I've updated the original post to describe a reliable way to run the latest F-Prot from a Knoppix 5.1 boot CD.<BR/><BR/>Thanks!Neilhttps://www.blogger.com/profile/10168824672796810309noreply@blogger.comtag:blogger.com,1999:blog-5194546.post-55629644640584442362008-02-04T17:04:00.000-08:002008-02-04T17:04:00.000-08:00good advice, except clamav requires a newer versio...good advice, except clamav requires a newer version of libc6 than is available on knoppix (usually). If freshclam doesn't work, you're pretty much done. On to f-prot then.Paul Joneshttps://www.blogger.com/profile/12030205827869182239noreply@blogger.com