PDA

View Full Version : Use Knoppix for Windows anti-virus?



Loper
02-10-2003, 06:18 AM
I just got an idea. I don't know if it's a GOOD idea, but it could very well be -- and get some good press for Knoppix in the bargain.

Have you ever encountered a Windows machine so crudded-up with viruses that it wouldn't boot (or you were afraid to, for fear of further damage)? I have! I envision a version of the Knoppix disc that has Linux-based anti-virus software capable of detecting and dealing with Windows viruses on a user's machine.

The obvious question is: does such Linux software exist? I Googled the phrase "linux based windows antivirus" and the only hits I got were Linux server-side software that could deal with Windows client-side viruses. I think that, in order to run on a Knoppix disc, it would either have to be more local-oriented or able to "trick" the software into a client-server simulation. I think this idea has potential. Any further ideas or suggestions would be appreciated. I'm not a programmer, or I would take this on myself...

yohanman
02-10-2003, 07:51 PM
You could try F-prot.

This is a very good scanner and is free for personal use !
It is availeble for the win/dos and linux/bsd platform.

roberto
02-25-2003, 07:28 AM
I HAVE DONE THIS FOR 3 Months now! Using the f-prot linux commandline scanner... IT WORKS AWESOME even can scan the ENTIRE XP/2000 volume.. i am a tech at a tech bench and this is one of the biggest breakthroughs yet for me with knoppix (M$ does not provide ANY way to scan NTFS volumes for viri without having windows loaded) so i use linux :wink:

if you want to know how to set it up let me know... just send e-mail to the link under this post!

yohanman
02-28-2003, 10:58 PM
Hey Roberto,

I read in a different post on the forum that you use more utils with knoppix.

I'm curious to know and do you have any experience in recovering damaged harddrives ?
What are good proggy's for data recovery ?

roberto
03-03-2003, 07:27 AM
ok i have now (so far) added 3 utilities to my Knoppix tool belt for my day to day use... those are


memtest86 -Awesome memory tester, really fast, also simple to use

smartctl - Does a really fantastic job of telling you issues with your Hard Drives. It reads the content of the S.M.A.R.T. logs out in mostly readable format so you can see if a drive is failing, has failed, or is about to fail. (newer (last 8 years) IDE drives, Some SCSI drives)

f-prot - The only (free) anti-virus scanner for linux i could find that i trust and does what i want to. works pretty damn well... and hey. ITS THE ONLY THING I CAN DO TO SCAN ALL OF THE FILES ON THE NEW WINDOWS XP PARTITIONS. stupid M$.

things to be added:

Intensive CPU tester - something to work the CRAP out of my comp. have considered hotcpu program.

memtest86 - this i already use but i want to find out how to add it to the cheatcodes section of KNOPPIX

F-Prot - some way is needed to make the dat files updateable without having to re-master the cd. what a pain :(

scripts - to make everything run automated from the KDE desktop. What a wonderful world.


As far as a data recovery program goes... Knoppix... lol well anyways... a company who does this for a living called OnTrack makes some REALLY nice software but its not open source. visit www.OnTrack.com it should be there somewhere. They do make a program called Data Advisor though that lets you know if your hard drive is failing and does an excellent surface scan to be sure. And the data advisor software is free, (demo disc(which never expires :-p )) well any ways.. im going to post instructions on how to remaster the cd with f-prot included on my sourceforge web site sometime in the next few days... if you need immediate help e-mail me and i will see about responding as quickly as possible.

the sourceforge page is:
http://sourceforge.net/projects/knoppix-doc

the docs are at:
http://sourceforge.net/docman/?group_id=70773

toast :-p

sireasoning
03-04-2003, 12:46 AM
[quote=
memtest86 - this i already use but i want to find out how to add it to the cheatcodes section of KNOPPIX

F-Prot - some way is needed to make the dat files updateable without having to re-master the cd. what a pain :(

[/quote]

eadz kde3.1 version already has memtest86 in the cheatcodes

If you use persistent home then you can install fpot and do updates in your /home/knoppix directory. You then will have access to the latest without remastering.

aay
03-04-2003, 04:10 AM
If you use persistent home then you can install fpot and do updates in your /home/knoppix directory. You then will have access to the latest without remastering.

I need to play around with persistent home more. As I understand it, it will be part of the next release. If one uses fprot in the way you suggest, then it should be a trivial matter to put the virus deffs on something like a usb drive. Sounds like a good idea to me anyway.

roberto
03-04-2003, 07:45 PM
ok i found one down side to the Knoppix - f-prot combination... it doesnt scan the MBR (Master Boot Record) of the Hard Drives. On their site for f-prot it is said that they will be including this in a future release. I HOPE IT IS SOON... argh well alright gtg


toast

aay
03-05-2003, 06:22 AM
ok i found one down side to the Knoppix - f-prot combination... it doesnt scan the MBR (Master Boot Record) of the Hard Drives. On their site for f-prot it is said that they will be including this in a future release. I HOPE IT IS SOON... argh well alright gtg


toast

Toast,

If you keep up with this, please make a post somewhere on the site when f-prot gets this ability.

Thanks.

roberto
03-07-2003, 04:09 AM
no problem ;-) would be glad to post more info... also please remember that most of my documenting will be posted for final release on the sourceforge page :)




toast

yohanman
03-08-2003, 01:37 PM
Thanks,
The doc's are really interesting, but will take some time before I figure everything out ;)
It isn't a real problem that F-prot can't scan mbr's, cause if the mbr is infected you will notice it trough coruption of files.
The problem is that if you try to fix the mbr of a win partition and it gets overwritten then windows doesn't boot up anymore.
You can simply fix that by using the original dos fdisk prog. like "fdisk /mbr" , but this can only be done in a dos environment and not under linux...

roberto
03-09-2003, 07:03 AM
unless of course a program like VMware gets integrated into knoppix and allows you to run another OS under Linux ;) just a thought....



toast

gd2007
03-09-2003, 12:57 PM
Has anyone tried the online scanners

openantivirus.org


http://www.openantivirus.org/virushammer.php

roberto
03-10-2003, 04:32 AM
looks ok but it seems that it would require an active and functional internet connection. it also seems that it would require a functional computer...

to be noticed... security settings within windows XP and 2000 make it so that your browser still has limited functionality... ESPECIALLY for java programs... most of the time being run in their own "sandbox", keeping them from accessing the OS in the way that knoppix can...


online scanners are a novel idea, the issue is that it doesnt offer anything in advantage compared to active scanners installed on the computer or running from a knoppix cd-rom.

thanks for your view,


toast

ktheking
03-20-2003, 01:05 AM
people,people

Such a cd already exists and has been distributed by CT magazine holland.
If your interested in the ISO send me a mail : mailme@freeworld.be
It is not as performant as knoppix but it does what it should do : clean viruses.

It can mount NTFS,FAT and FAT32 partitions. (you'll have to do it manually :? )
Install network card drivers automatically at boot. :lol:
It has f-prot onboard I believe (if my memory is ok :wink: )
It can get virupdates from the net by menu selection. (if you got a router with dhcp before in your lan)

greetzzz,

KtheKing

aay
03-20-2003, 05:44 AM
people,people

Such a cd already exists and has been distributed by CT magazine holland.
If your interested in the ISO send me a mail : mailme@freeworld.be
It is not as performant as knoppix but it does what it should do : clean viruses.

It can mount NTFS,FAT and FAT32 partitions. (you'll have to do it manually :? )
Install network card drivers automatically at boot. :lol:
It has f-prot onboard I believe (if my memory is ok :wink: )
It can get virupdates from the net by menu selection. (if you got a router with dhcp before in your lan)

greetzzz,

KtheKing

Is there no place on the internet to get more info on this or to download the iso?

roadie
03-21-2003, 10:59 PM
You might want to check this out
http://trinityhome.org/trk/


roadie

roberto
03-28-2003, 04:24 AM
but that cd doesnt allow me to play minesweeper while im scanning for viri, or to edit a document under OOo, or run a memory check on my computer...

linux is wonderful

it is truely multitasking
i can simultaneously

1.) scan for viri
2.) check S.M.A.R.T. status of all of my hard drives
3.) check my e-mail
4.) browse the web
5.) play solitare or some other game
6.) compile a new program
7.) burn a cd of something
8.) remaster knoppix
9.) sleep
10) get bored and stare blankly at the screen

ok ok so the last 2 arent really good things about linux particularily... rather i can do all of these items whenever wherever and not worry about random hangups, bad cd-burns, web browser crashing entire system etc.... glad i ditched winblows... fortunately the rest of the world uses it so i still have a day job... (im a PC/Network repair technician)

who needs portable solitare... ive got the whole game sweet i can run... even on a virus infected computer.

well, im still waiting for f-prot to add the MBR scanning function to linux.. oh well... ill keep you posted


toast


[edit] the link you posted is broken... page not found

Fabianx
03-28-2003, 07:18 PM
well, im still waiting for f-prot to add the MBR scanning function to linux.. oh well... ill keep you posted


toast


Hm, I don't remember too well, but I thought that linux/debian had also an package dos-mbr, like dos fdisk /mbr. But anyway you can have several mbr's on disk and install them with install-mbr.

Btw. Knoppix persistent home and persistent configuration, does now work from version on of Cebit-Edition (2003-03-24 for example).

So you can really have your upgradable f-prot on memory stick or there is another solution you can have files in the /cdrom and not in the KNOPPIX-masterd image.

Ok, this helps you not with the scanning functions, but it came to my mind, while readings this :-))

Btw. thanx for mentioning smartsuite.. I didn't knew this tools before and we had in school, where I am admin several disk-crashes yet ... so it would be good to monitor :-))

cu

Fabian

roberto
04-01-2003, 03:49 AM
OK first off... I already typed this reply once and as soon as I clicked on submit it deleted all of the stuff on the page... mumble mumble.

Here is the latest on my quest with F-prot and Knoppix (in laundry list form naturally). I have been working with a few other people to create a couple of things...


1.) A script that automatically scans for valid partitions and allows you to select what you want to scan and how... something where it will be easier than manually typing a sometimes LONG command.

2.) A GUI Front end to that script that will allow selection through check boxes, drop down menus, and the like. also would be able to explain the options graphically. (read USER FRIENDLY)

3.) Instructions on how to include f-prot in your next remaster of Knoppix. I am also looking into posting instructions to allow f-prot to take advantage of the Persistant Home software. In effect you would run the binary from the remastered cd-rom but it would allow you to have your updated DEF's on a USB thumbstick, Hard-Drive, second CD-ROM, etc.) Hence eliminating the need to remaster Knoppix every time you want to update the f-prot DEF's.

NEW!!! I have created a forum at this location:

www.sourceforge.net/projects/knoppix-doc
or specifically
http://sourceforge.net/forum/?group_id=70773

It is entitled "F-Prot And Other Add-In S/W"
Please USE this forum for further recommendations / improvements / questions / and other help requests. This is also the easiest way to make something heard, contributions to be posted noticed, etc. because my time available to browse this forum has become quite limited. (e-mail still works ESPECIALLY well). Have fun!


[edit] - BTW FabianX is the creator of the script to automount HD and scan for viri found on another post on this forum. This script is what this laundry list is about... His script is what i am planning on working on and improving... naturally with FabianX's support... now if only i could get ahold of him on the #knoppix channel....


toast

roberto
04-15-2003, 12:24 AM
Hello all, toast here again. Thanks to FabianX and his time we now have scripts to automate this portion of the process. Please see here for the origional post. (This post contains both scripts.)


http://www.knoppix.net/forum/viewtopic.php?t=1515&highlight=


Will keep you posted with more information soon...


toast

aay
04-16-2003, 06:18 PM
Any chance this will make it into Knoppix like some of Fabianx's other scripts?

gretchen
04-17-2003, 07:10 PM
Could this possibly result in a "Knoppix to fix Windows" customization? I'm not quite brave enough to make a customized CD myself, but it's an idea for someone with some free time and the know-how of what should be installed.

Once I've used Knoppix some more I'll be happy to do this, but it'll take a while.

Henk Poley
04-17-2003, 08:56 PM
<snip>
linux is wonderful

it is truely multitasking
i can simultaneously

<snip>
8.) remaster knoppix
9.) sleep
:shock:

roberto
04-17-2003, 11:25 PM
Hmm... it would appear that it said remaster knoppix and sleep at the same time.... kinda reflects on my lifestyle then doesn't it.


I have been long considering making a knoppix remaster that allows one to fix Windows related issues. As a matter of fact I also have collected together a bunch of untilities (almost 45Mb) just for fixing windows machines. Of course I do have a working remaster with some of those utilities included as well... I just need to find a way to integrate those utilities into a running linux OS. See, most of the programs that I have assembled are self booting floppies and cd-roms that are built on linux but are not executables from within linux... some of the items I have managed to collect include.

1.) Windows NT password resetter... self booting floppy... requires R/W support for NTFS before I can put it into knoppix. :-(

2.) Memtest86... enough said... I think this one is also included in the newest releases of knoppix...

3.) f-prot ... Decent Anti-Virus software that works quite quickly and efficently... not a freely distributable program but is free for personal use... this program also has a few scripts for it available due to the work FabianX has put into it. the scripts are for installing and automated scanning capabilities.

4.) XcdRoast... this one is a program that WAS included in knoppix but has since been removed. At least it was removed in the 3-30-03 release. I prefer XcdRoast to K3b (the new program replacing it) because of my familiarity and because I can't seem to get K3b to recognise my burner :(

5.)CpuBurn... Pretty decent way of testing your processor and cooling system.

6.) S.M.A.R.T. tools utility suite... is already included in the knoppix package but I prefer having an up-to-date version installed as the older one commonly gave me incorrect readings on many drives.

7.) Gkrellm... awesome processor, disk, network usage graphs and otherwise great computer monitoring proggy... when combined with LMsensors on a supported mainboard it also can give temp., fan speed, and can even tell your computer to shutdown if your processor fan or something gives out... excellent program but this only really works on a per machine installation basis.

8.)DiskSanitizer... awesome way to PERMINANTLY erase the data from a hard disk... works very similar to the things the NSA uses to erase data from their Hard drives when they become declassified.

9.) MacChanger... Very efficent way to spoof another machines MAC address (used for diagnosing / testing network connectivity).

10.) Kismet... Wireless networking tool for the geek in all of us... please see their web page for details... This tool can be used for good and for bad... I use it for diagnosing wireless connectivity issues (i.e. router and network card arent connecting... is it the signal... the router... or the network card???)

that about does it... linux's OWN kernel also generally provides excellent diagnostics as well... but I'm always looking for more toys (as i AM ubergeek :-p )

This already has become quite a long post so if you would like more information on any of the utilities please feel free to head over to my best friend:

www.google.com

Or you can drop me a line in my e-mail box... normally I'm pretty quick to respond so give that a whirl....

-toast

aay
04-21-2003, 06:42 AM
but I'm always looking for more toys (as i AM ubergeek :-p )

Hmm. A partition tool might be nice for this kind of disk. Parted would work from the command line, but if you are going to use a GUI on the disk, you might include QTParted http://qtparted.sourceforge.net/ .

Just a thought.

cascadefx
07-01-2003, 09:18 PM
You could try F-prot.

This is a very good scanner and is free for personal use !
It is availeble for the win/dos and linux/bsd platform.

I thought that this was a great idea, so I had someone whip me up modified iso to do just that. I posted the locations of the instructions on how to use such a modified iso to this topic http://www.knoppix.net/forum/viewtopic.php?t=3383.

It turns out that you can also get f-prot without modifying the iso. I linked to how to do THAT in the post as well.