Virus Scanning With Knoppix

[DeadAddict]

Knoppix, the live Linux on a bootable CD, is proving to be the most innovative, useful Linux distribution there is. Starting with Knoppix 3.4, you can use it as a portable, cross-platform virus scanner. The advantages of this are many

[list=1][*] You are working from a guaranteed clean operating system, which being on a non-writable disk, is impossible to compromise[*] Because you must power down the PC to boot Knoppix, any memory-resident nasties are evicted[*] It is free, so you can burn masses of disks, and go on a virus-scanning spree[/list=1]
source:
http://networking.earthweb.com/netse...0952_3389801_2

[hogfly]

Hmmm this is pretty useless actually. Considering it can't disinfect a machine using NTFS, and nearly every system that is current is using NTFS. Might as well use an online virus scanner.

to quote the site..
What should you do if f-prot finds infected files on a Windows system? If the filesystem is NTFS, f-prot cannot disinfect the system, because write support for NTFS in Linux is not reliable, so you don't even want to try. You'll need an AV product made for Windows.

meh.

[Tedob1]

whats your opinion on using bartPE for this purpose hogfly?

[hogfly]

bartPE is a better alternative for the purpose of virus scanning and cleaning from a "clean OS". I can't say I'm a fan of mcafee, but beggars can't be choosers. Knoppix however does have many other uses..like imaging a windows partition with dd and nc.


Dead, don't get me wrong, knoppix is great, just not for this purpose.

[DeadAddict]

It is no problem hogfly just thought it would be good to have something to discuss and find out if someone has something better then what was printed.

[Cruptr]

Give a look into Hiren's Boot CD v6.0. It includes F-Prot and McAfee AV scanners. Get an ISO builder such as WinISO to reconstruct the image file so you can add the latest downloaded definitions to the appropriate directories on the CD. Info available in the readme files. Buy yourself a stack of CD-R's and make a new one as you need. At $.25 per CD, it is a small fee for a bootable, Windows safe AV scanner with NTFS write support.

[Negative]

I use McAfee's CleanBoot instead of BartPE for this purpose. It's still in beta (I think... I can't find anything about it on the McAfee site... maybe it's discontinued?), but works like a charm and uses the standard McAfee .DAT-files (you have to "promise" that you have a license to download the .DAT's, though). It comes with its own OS, just like BartPE, and it's only a couple of MB's. Like BartPE, you of course have to burn a new CD every time a new .DAT comes out.

You can get it here.

[chsh]

Originally posted here by DeadAddict
It is no problem hogfly just thought it would be good to have something to discuss and find out if someone has something better then what was printed.

Considering NTFS write support is flakey at best with linux, it's probably right out. Perhaps a DOS bootable floppy/CD with a copy of whatever AV and an NTFS capable dos bootdisk such as this might be a more ideal solution.

[Und3ertak3r]

Bartpe or PEBuilder enviroments are bloody handy.. Just getting the tools you want to work is the only hurdle.. The current disk I have in use is configured with a remote registry tool, adaware (v6 not se) , McAfee commandline AV, and Mcafee Stinger.. various passsword recovery tools (testing - but who needs it most machine have a blank admin pass anyhow)

With any of these tools you need to know what your doing.. don't trust them 100%.. but as mentioned earlier the live cd approach get around a get number of obsticals when virii or adware hunting..

Will have a good look at your idea chsh..

cheers