Scanning windows from linux
in [Setup]
|
From: karthikbalaguru on 27 Dec 2009 08:34 On Dec 27, 3:27 pm, G <geoffstempbox-use...(a)yahoo.com> wrote: > In article <d8c20d66-1f1f-48af-add3-a490c8df2248 > @r33g2000prh.googlegroups.com>, karthikbalagur...(a)gmail.com says... > > > > > > > > > On Dec 26, 1:41 am, G <geoffstempbox-use...(a)yahoo.com> wrote: > > > In article <c6af182c-2b00-4f9a-bcf9-fc3509251558 > > > @d4g2000pra.googlegroups.com>, karthikbalagur...(a)gmail.com says... > > > > > Hi, > > > > Is there a virus scanner that can scan the windows > > > > from linux environment ? > > > > > Hope the virus scanners and security related tools > > > > are available for free. > > > > > Thx in advans, > > > > Karthik Balaguru > > > > Avira and Kaspersky both have free options available at their websites. > > > You just download the program and run it. It will automatically burn a > > > Linux distro with AV scanner to a CD. Just reboot from the CD any you're > > > in the new system. > > > First of all, Thx for your response. > > > I analyzed both the tools. > > I checked Avira Anti-virus (Free version). It seems to be > > based on DazukoFS and has on-access & on-demand > > scanning support. But, i am unable find an option to scan > > a Windows Machine from Linux Machine in the same Network. > > > So, > > I checked the Kaspersky Anti-virus (Free version) also. > > It has an option of remote administration of Kas-persky > > Anti-Virus.For remotely using Kaspersky Administration > > Kit, the Network Agent has to be installed on the > > system that has to be remotely monitored. > > But, is there a method of avoiding the Network agent > > in the remote machine/client and scanning from this > > Administrator machine itself ? > > > I find that, > > Kaspersky Administration Kit enables the complete > > remote administration of Kaspersky Anti-Virus on individual > > client computers, including: starting and pausing scans, > > general configuration such as enabling and disabling > > protection, and configuring settings for report creation. > > > It seems that only linux clients can be monitored > > from windows machine. But, does it support the scanning > > of a Windows Machine from Linux Machine using the > > method of Remote monitoring ? > > > Any ideas ? > > > Thx in advans, > > Karthik Balaguru > > I'm sorry that I wasn't more clear in what I suggested. I was talking > about these two tools that are available: > > http://majorgeeks.com/Avira_AntiVir_Rescue_System_d6005.html > http://majorgeeks.com/Kaspersky_Free_Cleaner_d4515.html > > In order to use them, you don't actually need anything other than the > Windows system. When you download and run the .exe file on windows, it > will burn what is essentially a "LiveCD" that is a minimal Linux distro > that was specifically designed to deal with infections on a Windows > machine. You don't even need a second computer. Just boot from the > LiveCD on the machine you want to check, and run the scanner. > The method of creation of a minimal Linux distro(LiveCD) on windows for dealing with the infections on windows sounds fantastic ! Thats cool ! Interesting method for scanning viruses :-) > I don't know if that's exactly what you're looking for, but it's the > simplest way (in my opinion) to scan a machine when you have the > physical machine with you. I am looking for a Linux-based application that could scan computers by accessing them via network. (Especially the systems(windows based systems) that cannot be booted). But, the below link seems to suggests a linux-based application that allows accessing computers that cannot be booted anymore. http://majorgeeks.com/Avira_AntiVir_Rescue_System_d6005.html Though it is not via network, I think, this will serve the purpose for the time being. Lemme know incase if there is a tool(Freeware) that has a feature of performing it via network. Your response has been very helpful !! >I've used each one several times, and they do > a very nice job. Both companies typically update it several times a day, > so the definition files will always be current. > Interesting ! I will check this out. Karthik Balaguru
From: G on 27 Dec 2009 12:01 In article <0b7249a1-3a24-4948-9d0d-2dd203a81872 @o9g2000prg.googlegroups.com>, karthikbalaguru79(a)gmail.com says... > > I am looking for a Linux-based application that could scan > computers by accessing them via network. (Especially the > systems(windows based systems) that cannot be booted). > I would imagine that there is a way to accomplish this on running networked machines using something like ClamAV, but I don't personally know how to do it. > But, the below link seems to suggests a linux-based application > that allows accessing computers that cannot be booted anymore. > http://majorgeeks.com/Avira_AntiVir_Rescue_System_d6005.html > Though it is not via network, I think, this will serve the purpose for > the time being. Lemme know incase if there is a tool(Freeware) that > has a feature of performing it via network. > That tool is probably your best choice, as long as the BIOS is set to allow you to boot from the CD. If the machine won't boot into Windows, then it isn't going to show up on your network anyway. The only other way I know to check the drive is by physically removing it and hooking it up to another machine. You might want to check the HD as well if it doesn't boot at all. You could run it through something like Spinrite (not free) to check the health of the physical drive. Good luck.
From: Aragorn on 27 Dec 2009 13:59 On Sunday 27 December 2009 14:34 in comp.os.linux.setup, somebody identifying as karthikbalaguru wrote... > I am looking for a Linux-based application that could scan > computers by accessing them via network. (Especially the > systems(windows based systems) that cannot be booted). How on earth are you going to access a computer _which_ _cannot_ _be_ _booted_ over the network? A network connection which shares filesystems over the network for scanning requires at least a minimal running operating system on the target machine. > But, the below link seems to suggests a linux-based application > that allows accessing computers that cannot be booted anymore. > http://majorgeeks.com/Avira_AntiVir_Rescue_System_d6005.html > Though it is not via network, I think, this will serve the purpose for > the time being. Lemme know incase if there is a tool(Freeware) that > has a feature of performing it via network. The first requirement is that you can get the infected computer to boot. That means that if the machine is unbootable of itself due to a totally corrupted bootsector, master boot record or Windows installation, you will need to boot the machine off of a rescue system on a CD or DVD. Getting the infected machine to boot from a rescue CD (or DVD) means that you are physically in the vicinity of the infected computer and sitting at its local console, so what would be the point in then scanning it from somewhere else on the network? The machine would only be temporarily running off of a CD-based system anyway and would either way need to be rebooted after the scan/repair is complete, so you might as well stay sitting there at the machine's local console until after the clean-up and repair have been completed and the machine is ready for reboot into its native operating system. If on the other hand you are talking about scanning Windows partitions on *running* Windows machines over the network as some sort of preemptive scan, then you'd need to export *all* of their files over the network, including the Windows "C:" drive and all system files thereon, which is not exactly the safest way of setting up a network share, and which will in addition not scan the *RAM* of the Windows computers, where a virus might be hiding. The only possible way of performing a virus scan without any viruses hiding in the Windows machine's RAM is to boot the Windows machine from such a rescue CD, which - as explained higher up - and this requires local access to the machine in question. -- *Aragorn* (registered GNU/Linux user #223157)
From: karthikbalaguru on 27 Dec 2009 16:01 On Dec 27, 11:59 pm, Aragorn <arag...(a)chatfactory.invalid> wrote: > On Sunday 27 December 2009 14:34 in comp.os.linux.setup, somebody > > identifying as karthikbalaguru wrote... > > I am looking for a Linux-based application that could scan > > computers by accessing them via network. (Especially the > > systems(windows based systems) that cannot be booted). > > How on earth are you going to access a computer _which_ _cannot_ _be_ > _booted_ over the network? A network connection which shares > filesystems over the network for scanning requires at least a minimal > running operating system on the target machine. > Yes, it is a valid question. I am exploring various ways. The problem is, one of the infected windows machine's CD/DVD drive does not work . So, i was exploring alternate ways like using rescue CD remotely/remote techniques from a remote machine that has a CD/DVD drive (though i was aware of the chances of its availability was very less). Any ideas ? For example, in linux there is a 'kickstart installation' technique that will enable automated installation of Red Hat Linux on indivdual computers based on the answers in the file in the server. Similarly, is it not possible to boot windows remotely so that rescue CD can be used on similar lines to recover it ? One thought is to dis-connect the non-working CD/DVD drive and connect a working CD/DVD drive temporarily to fix this issue. But, that is ruled out due to various reasons. Is there no other way except for replacing the CD/DVD drive in that windows machine and trying with the rescue CD ? No way to avoid the replacement of CD/DVD drive ? > > But, the below link seems to suggests a linux-based application > > that allows accessing computers that cannot be booted anymore. > >http://majorgeeks.com/Avira_AntiVir_Rescue_System_d6005.html > > Though it is not via network, I think, this will serve the purpose for > > the time being. Lemme know incase if there is a tool(Freeware) that > > has a feature of performing it via network. > > The first requirement is that you can get the infected computer to boot. > That means that if the machine is unbootable of itself due to a totally > corrupted bootsector, master boot record or Windows installation, you > will need to boot the machine off of a rescue system on a CD or DVD. > > Getting the infected machine to boot from a rescue CD (or DVD) means > that you are physically in the vicinity of the infected computer and > sitting at its local console, so what would be the point in then > scanning it from somewhere else on the network? The machine would only > be temporarily running off of a CD-based system anyway and would either > way need to be rebooted after the scan/repair is complete, so you might > as well stay sitting there at the machine's local console until after > the clean-up and repair have been completed and the machine is ready > for reboot into its native operating system. > > If on the other hand you are talking about scanning Windows partitions > on *running* Windows machines over the network as some sort of > preemptive scan, then you'd need to export *all* of their files over > the network, including the Windows "C:" drive and all system files > thereon, which is not exactly the safest way of setting up a network > share, and which will in addition not scan the *RAM* of the Windows > computers, where a virus might be hiding. True ! > > The only possible way of performing a virus scan without any viruses > hiding in the Windows machine's RAM is to boot the Windows machine from > such a rescue CD, which - as explained higher up - and this requires > local access to the machine in question. > Okay. Thx in advans, Karthik Balaguru
From: Aragorn on 27 Dec 2009 18:00
On Sunday 27 December 2009 22:01 in comp.os.linux.setup, somebody identifying as karthikbalaguru wrote... > On Dec 27, 11:59 pm, Aragorn <arag...(a)chatfactory.invalid> wrote: > >> On Sunday 27 December 2009 14:34 in comp.os.linux.setup, somebody >> identifying as karthikbalaguru wrote... >> > I am looking for a Linux-based application that could scan >> > computers by accessing them via network. (Especially the >> > systems(windows based systems) that cannot be booted). >> >> How on earth are you going to access a computer _which_ _cannot_ _be_ >> _booted_ over the network? A network connection which shares >> filesystems over the network for scanning requires at least a minimal >> running operating system on the target machine. > > Yes, it is a valid question. I am exploring various ways. > > The problem is, one of the infected windows machine's CD/DVD > drive does not work . So, i was exploring alternate ways like > using rescue CD remotely/remote techniques from a remote machine > that has a CD/DVD drive (though i was aware of the chances > of its availability was very less). > Any ideas ? > For example, in linux there is a 'kickstart installation' technique > that will enable automated installation of Red Hat Linux on > indivdual computers based on the answers in the file in the > server. Similarly, is it not possible to boot windows remotely > so that rescue CD can be used on similar lines to recover it ? I suppose you could try a PXE boot, but the BIOS has to support it, and Windows has to support it as well. On the latter, I have no knowledge - I don't do Windows, sorry - so you would have to ask about that in a Windows group, or via the Microsoft Knowledge Base. > One thought is to dis-connect the non-working CD/DVD drive > and connect a working CD/DVD drive temporarily to fix this > issue. But, that is ruled out due to various reasons. At the moment it seems like you have no alternative. > Is there no other way except for replacing the CD/DVD > drive in that windows machine and trying with the rescue CD ? > No way to avoid the replacement of CD/DVD drive ? Not that I can think of, unless you've got some external USB storage device that the system can boot from - again, this is BIOS-dependent. If USB boot is supported on the target machine, then there are various tools in various distributions for making a bootable USB stick from which you could then scan the system, but none of those USB-based distributions would then be designated virus scanners, so you would probably have to add the antivirus software to the USB stick manually. It can be done, but it's quite a bit of work. On the other hand, you should be able to pick up a cheap second-hand internal CD or DVD drive somewhere and mount it in the machine with the broken CD player. -- *Aragorn* (registered GNU/Linux user #223157) |