im thinking about setting up a linux box so i can pull the hard drive out of laptops and pcs and attach to linux pc to scan for virus etc. i have had to do this with a couple of laptops this week but i attached to xp machine just to remove virus. i have all the usual live cds etc but for some reason none worked. Has anyone setup something up like this?.
virus removal
- Thread starter jay007
- Start date
NickCat11
Active Member
- Reaction score
- 0
Someone can correct me if I'm wrong here but I don't believe slaving drives to a linux box is going to make removing the viruses any easier. What advantages do you think you'll have over live cd's or slaving it to a windows based machine?
seedubya
Well-Known Member
- Reaction score
- 1,019
- Location
- Carlow, Ireland
Agree with Nick. I understand why you're doing it - Linux can't get infected but the fact is there are far more and better AV programs available for Windows so your chances of success are far better.
iisjman07
Active Member
- Reaction score
- 6
- Location
- South End Of The UK
Plus on Windows you can use all the kewl tools like Regedit to edit the registry of the offline computer.
PcTek9
Well-Known Member
- Reaction score
- 89
- Location
- Mobile, AL
Hi there Jay007. We have been talking about a lot of simliar things. A few of the things we recently talked about that relate to you may be these things...
1.) many of us use this little drive adaptor thing, you can plug it into the usb port of a linux/windows machine, then the other end has like 3 heads on it for different types of hard drives, like sata, versus IDE, etc. It has a power supply. What we do is leave the customers drive in the pc, and just reach in and unplug the power connector from the customers psu to the customers hard drive, and the data cable. Then we attach our device, and we can scan the drive from linux.
2.) If you can get the pc on the network. Some of us use switches & routers that have advanced capabilities, like setting up vlan's, and pvlans. All this means, is that if you buy one nice router, with say 24, 36, 48 ethernet connectors (or however many), that the nicer switches & routers let you stick like certain 'connections' in 'groups' and if you like, you can have multiple vlan's. Like accounting, lab, and internet. In my switch, I have the lab vlan set up so that ... one port is promiscuous and is attached to a lab server running linux with fprot for linux on it. This linux server has thousands of utilities on a partition. Now the customer computers are set up on 'isolated' ports (you click on this in the web interface of the switch, just select the port and click isolated). Anyway what winds up happening is that you can have say 5 or 10 client pc's all powered up on the net, and they can't cross infect each other. They can only talk to the linux server which of course is pretty much immune to windows virus and trojans.
so say on one switch have a vlan for (accounting/business) , another vlan for (internet), and a vlan for (lab). None of them can talk to each other, even though they are on the same switch. B/c I have put them in their own groups. The lab vlan is the part that has the linux server with utilities on it. so if I hook up 10 pc's from customers, each one of those pc's that is on the (lab) vlan is special case. Each customer pc cannot talk to any other customers pc. Each customers pc cannot talk to the (accounting vlan) or to the (internet vlan). The only computers are on the (lab) vlan are the linux server with all the utilities running a linux antivirus, and then there are connections of course for hooking up customers pc's. Customers pc's are on pvlans where the port for each customer pc is 'isolated' but the linux server with the utilities is marked as the 'promiscuous' port (in the switch web page), which means i can access whatever i need to fix each pc, without worrying that one customers pc will infect another customers pc, and etc... Isolated ports in a vlan cant talk to each other, they can only talk to ethernet ports on the switch in the same vlan designated as community or as promiscuous
**In the unlikely event a very good hacker broke through your firewall, into your router, and launched a very sophisticated attack against you that would send isolated traffic to a different isolated port, this can be easily stopped by simply setting up a vlan access control list. According to cisco that causes the isolated ports to disregard all ip nat external traffic.
1.) many of us use this little drive adaptor thing, you can plug it into the usb port of a linux/windows machine, then the other end has like 3 heads on it for different types of hard drives, like sata, versus IDE, etc. It has a power supply. What we do is leave the customers drive in the pc, and just reach in and unplug the power connector from the customers psu to the customers hard drive, and the data cable. Then we attach our device, and we can scan the drive from linux.
2.) If you can get the pc on the network. Some of us use switches & routers that have advanced capabilities, like setting up vlan's, and pvlans. All this means, is that if you buy one nice router, with say 24, 36, 48 ethernet connectors (or however many), that the nicer switches & routers let you stick like certain 'connections' in 'groups' and if you like, you can have multiple vlan's. Like accounting, lab, and internet. In my switch, I have the lab vlan set up so that ... one port is promiscuous and is attached to a lab server running linux with fprot for linux on it. This linux server has thousands of utilities on a partition. Now the customer computers are set up on 'isolated' ports (you click on this in the web interface of the switch, just select the port and click isolated). Anyway what winds up happening is that you can have say 5 or 10 client pc's all powered up on the net, and they can't cross infect each other. They can only talk to the linux server which of course is pretty much immune to windows virus and trojans.
so say on one switch have a vlan for (accounting/business) , another vlan for (internet), and a vlan for (lab). None of them can talk to each other, even though they are on the same switch. B/c I have put them in their own groups. The lab vlan is the part that has the linux server with utilities on it. so if I hook up 10 pc's from customers, each one of those pc's that is on the (lab) vlan is special case. Each customer pc cannot talk to any other customers pc. Each customers pc cannot talk to the (accounting vlan) or to the (internet vlan). The only computers are on the (lab) vlan are the linux server with all the utilities running a linux antivirus, and then there are connections of course for hooking up customers pc's. Customers pc's are on pvlans where the port for each customer pc is 'isolated' but the linux server with the utilities is marked as the 'promiscuous' port (in the switch web page), which means i can access whatever i need to fix each pc, without worrying that one customers pc will infect another customers pc, and etc... Isolated ports in a vlan cant talk to each other, they can only talk to ethernet ports on the switch in the same vlan designated as community or as promiscuous
**In the unlikely event a very good hacker broke through your firewall, into your router, and launched a very sophisticated attack against you that would send isolated traffic to a different isolated port, this can be easily stopped by simply setting up a vlan access control list. According to cisco that causes the isolated ports to disregard all ip nat external traffic.
Last edited:
tankman1989
Active Member
- Reaction score
- 5
I don't see anything wrong with it. I have just started using ClamAV and find that it is pretty nice actually! ClamAVWin is also pretty nice and it is a fully functional app which I would rate up there with most other AV programs.
If you install ClamAV on the Linux box, get to know the clamscan manual and you can do A LOT with it! I think it may be the most in depth command line AV out there.
Here is my opinion on AV software. I actually really dislike the free AVG, Avira, Avast etc programs as I think they not up to par and you can't schedule scans ot be very proactive in scanning.
Now, ClamAV is an opensource AV for Linux and Windows. If you have faith in running Linux, why would you not have faith in an open source AV like ClamAV? I used to not trust it either, but after using it I do like it a lot!!! I hate to say this, but I think that it may have been the goofy name of the app which turned me off.
Good luck and let us know how it works out.
Also, Like PcTek9 said, it is a good idea to use one of those drive adapters and just plug it into the USB. Pop the side off the machine and plug in the adapter. Or, if the drive is a SATA, you could possibly use a long internal SATA -> external SATA cable as well as a power cable extender and bypass the USB adapter (which I highly suggest as it is MUCH faster!!).
