Linux Network Boot Disk and Anti-Virus

metallica1973 · 01-03-2007, 07:55 PM

Does anyone know how to mount an NTFS partition using a linux boot disk and them add an windows based anti-virus tool to clean viruses off of infected windows computers?

Simon Bridge · 01-03-2007, 08:12 PM

You mount the ntfs partition normally, but it will only work if the boot disk image contains the ntfs driver. You cannot normally write to ntfs partitions from a linux boot disk. For this, the disk must have "captive" as well.

Of course, you can use one of the many linux based rescue CDs.

You will not normally be able to "install" software to windows from linux. However, if you have clamav and captive, I guess you could use clamav on your ntfs partitions.

If the virus/malware related issues on windows are so bad you cannot afford to start the computer into windows, you should consider restoring to image (reformat and install windows). Linux can be used to extract important data and scan for viruses natively. (This is, in fact, the simplest and most secure approach.)

metallica1973 · 01-03-2007, 08:25 PM

What I wanted to do was to use Damn Small Linux (knoppix) and then use add maybe clamav ut I have used f-prot for windows many years and it does a great job on windows machine. From what I ntfsprogs will due the job. I was just wondering if there was an easier method?:

PHP Code:


			
http://wiki.linux-ntfs.org/doku.php?id=ntfsmount

Simon Bridge · 01-03-2007, 09:57 PM

from ntfstools wiki:

Quote:

Create files and hardlinks. (This will either succeed or it will be refused, 50-50%

... captive is still better.

I have used fprot as well ... though the windows version is commercial only, the dos version is pretty inclusive. It doesn't do word macros or look inside archives though.

You can run fprot from a DOS boot diskette. You can also run fprot from inside an infected system! You cannot run fprot from linux... but you can use linux (with captive, or, if you insist, ntfs-tools) to copy the fprot binary to windows. However, you still have to run fprot from a running dos shell.

(Maybe you could use DOSEMU or WINE?)

But really - retreive the data you want to save then reinstall windows. (Or better yet - remove windows and never look back!)

metallica1973 · 01-03-2007, 11:17 PM

This is for a client that has an infected XP machines using NTFS and she has no backup. So what I want to do is walk in there and put in my magical usbdisk with linux and my utilities(f-prot or clamav) and disinfect the computer and make her happy. How about Clamav, if I used linux, ntfstools and clamav, would that be able to scan in DOS? I think that if this could be done then it would be a great utility that would help out tremdiously. I will look into this and maybe one day you will here of me on SOURCEFORGE with a GPL license trying to promote the project. Many thanks

Simon Bridge · 01-04-2007, 04:08 AM

Quote:

How about Clamav, if I used linux, ntfstools and clamav, would that be able to scan in DOS?

No... it will scan in linux. You will have to mount the ntfs partition and direct clamav to scan/disinfect it.

... consider a "forensics" distribution:
http://www.e-fense.com/helix/
http://fire.dmzs.com/?section=faq

Both are very good ... Helix looks like what you are trying to do - it will run f-prot in a windows autorun environment or clamav under knoppix. It's pretty anal, since it is designed to be used to gather digital evidence for use in a courtroom.

Understand - the basic rescue involves saving the content of "My Documents" then reinstalling windows to factory or shop specs. The client is given a disk copy of the saved files and a very clean machine. The client loses any updates, installed software, and the content of the addressbook.

You can do this - remove the hard-drive and access it from your own linux system. Copy the personal files over to your ext3 or whatever partition. (You could probably copy the addressbook file too.) Run clamav over the files and burn them to a CD.

Install windows from your client's install disk (which she should have if she has a legal copy of windows.) Install the free version of zonealarm and fprot. And you are set.

Personally - I disable IE and Outlook, install firefox, thunderbird and OOo. I also supply the Kia Ora CD and an Ubuntu live CD.

metallica1973 · 01-05-2007, 09:10 PM

I try it out. thanks

metallica1973 · 01-05-2007, 11:23 PM

Can I perform a linux install on a usbdisk? lets say fedora 6, plug in the usbdisk and then boot from a cdrom and perform the install?

Simon Bridge · 01-06-2007, 06:11 AM

Yes - you can install linux to a usbdisk provided the linux install image includes the usb drivers. (Most newer ones should do this.)

There are many threads here dealing with this topic.

metallica1973 · 01-06-2007, 07:22 AM

many thanks