Power of Linux
POWER OF LINUX(1)
This part of the guide shows you how to scan for infected files by booting into SystemRescueCD and running ClamAV, a virus checker.
SystemRescueCD constitutes a Swiss army knife of Linux based tools for system recovery.
ClamAV is one of the useful tools that it includes in a preconfigured, ready to run state. It is possible to boot from SystemRescueCD, mount a Windows partition and then scan it for virus infected files. As you don't have to boot the infected system, this approach offers some advantages over that of running a Windows-based tool.
Boot into the SystemRescueCD desktop in the normal way by accepting the default options and then typing “wizard” when prompted. Once you're at the desktop, open a command line terminal.
The first thing to do is to start the ClamVA demon by typing
root@infi-zeal:~#clamd
After a few moments, control of the command line should return to the user. The next thing we need to do is to update the ClamVA virus database. Use this command:
root@infi-zeal:~#freshclam
The next stage is to mount the NTFS partition that contains the suspect files. Before we can do that though, we have to figure out how Linux has named the Windows partition. Do this by running GParted via the application launcher. GParted will display all of the partitions on all of the disks fitted to the system. Make a note of the device name of the partition that you're interested in.
Once you know the name of the partition, mount it so that we can access it. Do this by typing:
root@infi-zeal:~#
ntfs-3g /dev/sda1 /mnt/windows
adjusting the “sda1” part for the actual name of the partition that you're interested in.
Change the current directory to the root of the windows partition:
root@infi-zeal:~#
cd /mnt/windows
Invoke the virus checker itself and select recursive operation:
root@infi-zeal:~#
clamscan -r
The virus checker will now run and tell you if it finds an infected file. By and large, the simplest procedure is to move any such file to an unused directory. Note that, in cases where you have an idea of where the problem might be, you can add a directory name to the clamscan command.
Remember, if you are sorting out a friend's box, play up the advantages of a Linux system to them. The actual scan takes quite a while, and the person you're helping won't be able to tell you to get lost until you've got it working again for them
Comments
Post a Comment