Overclock.net › Forums › Software, Programming and Coding › Operating Systems › HOW TO: Remove a Virus in Windows using Linux
New Posts  All Forums:Forum Nav:

HOW TO: Remove a Virus in Windows using Linux - Page 2

post #11 of 24
1/30/12 at 12:47pm
Thread Starter 
Quote:
Originally Posted by Plan9 View Post

Does the virus scanner really need to run as root?
Also, what's the virus definitions and heuristics like for Clamav? it's all very good and well booting into a known a safe environment to perform your system scan, but if it's effectiveness at spotting viruses is less than it's Windows rivals, then you're better off just running Avast / whatever in Windows safe mode.

Yes, ROOT is required. That being said, in most liveCDs you are already ROOT, but have no root password. The standard in Linux is when you are root, or need to install something as root but not in root, SUDO for example, you would need a password. Yes there are other ways to do this, but I wrote this based upon what is the easiest for everyone, even for those who have never even seen anything Linux and know nothing about it. Most people I talk to mention Linux as some really hard OS that you have to know code in order to use it, which is completely false. So, writing this in the simplest format seemed to be best. Also, as others have said, CLAMAV is pretty good, and keeps up with updates.
Quote:
Originally Posted by E-Peen View Post

You use your Linux partition to download the latest network drivers for your board, I assume tongue.gif

You wouldn't even need to use a Linux partition. You can do the same thing without a partition at all, and just use a liveCD, mount the windows partitioned drive, and drop your downloaded drivers there.
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
post #12 of 24
1/30/12 at 12:54pm
Thread Starter 
Quote:
Originally Posted by Weedvender View Post

ok. now what happens when removal of virus kills the internet.

Sounds like you were pretty screwed to begin with! Easy enough though... Use the Linux LiveCD to access the internet, download the latest drivers for your network card, and also your browser of choice to be safe, and put them somewhere on your windows partitioned harddrive that you can readily access them when back on windows. Boot into windows and reinstall both. Most web browsers are good enough these days to even save all your bookmarks when reinstalling them. All of this is of course assuming you removed the original virus using linux thumb.gif
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
post #13 of 24
1/30/12 at 1:04pm
  • Joined: Aug 2011
  • Location: Dallas, Texas
  • Posts: 956
  • Rep: 79 (Unique: 66)
  • Trader Rating: 4
  • Folding Team Rank: 320
  •  
    Name Team Rank Points / May Work Units / May
    glinux 320 8,765,632 / 17,943 2,772 / 3
     
  • Select All Posts By This User
Quote:
Originally Posted by Weedvender View Post

Quote:
Originally Posted by E-Peen View Post

You use your Linux partition to download the latest network drivers for your board, I assume tongue.gif

Some of the particularly nasty viruses disable the device so even the windows o.s. with drivers can't see it.
Rep given to OP.

Yeah I had that happen to me once when we got a couple bad viruses but I scanned it from my old laptop using ubuntu.
Project Sophos
(23 items)
  		  
CPUMotherboardGraphicsGraphics
AMD 1100T 3.3Ghz @ 4.012Ghz Asus Sabertooth 990FX Sparkle GTX 560TI EVGA Geforce GTX 460 Fermi 
RAMHard DriveHard DriveOptical Drive
Patriot G2 Western Digital Caviar Blue Western Digital Caviar Blue none - their ancient 
CoolingCoolingCoolingCooling
EK-Supreme LTX CPU Water Block - Acetal EK-VGA Supreme HF High Performance GPU Water Bl... Tejava glass bottle Swiftech MCP-655B 
CoolingOSOSMonitor
Masterkleer 1/2" ID 3/4" OD tubing Ubuntu 10.10 64-bit Windows 7 64-bit I-inc 22" 
MonitorKeyboardPowerCase
I-inc 22" Logitech k-300 Gaming Keyboard Thermaltake Toughpower 775 Watt Power Supply Corsair 800D 
MouseMouse PadOther
Logitech G700 Eh they're useless Scythe Kaze Master Pro 
View all
  hide details  
Reply
Project Sophos
(23 items)
  		  
CPUMotherboardGraphicsGraphics
AMD 1100T 3.3Ghz @ 4.012Ghz Asus Sabertooth 990FX Sparkle GTX 560TI EVGA Geforce GTX 460 Fermi 
RAMHard DriveHard DriveOptical Drive
Patriot G2 Western Digital Caviar Blue Western Digital Caviar Blue none - their ancient 
CoolingCoolingCoolingCooling
EK-Supreme LTX CPU Water Block - Acetal EK-VGA Supreme HF High Performance GPU Water Bl... Tejava glass bottle Swiftech MCP-655B 
CoolingOSOSMonitor
Masterkleer 1/2" ID 3/4" OD tubing Ubuntu 10.10 64-bit Windows 7 64-bit I-inc 22" 
MonitorKeyboardPowerCase
I-inc 22" Logitech k-300 Gaming Keyboard Thermaltake Toughpower 775 Watt Power Supply Corsair 800D 
MouseMouse PadOther
Logitech G700 Eh they're useless Scythe Kaze Master Pro 
View all
  hide details  
Reply
post #14 of 24
1/30/12 at 1:12pm
  • StormX2
  • ♫♪.ılılıll|̲̅̅●̲̅̅|̲̅̅=̲̅̅|̲̅̅●̲̅̅|llılılı.♫♪
I started reading this

I decided that I really like the command, ClamScan



THis always was funny to me, Geek Squad and Staples computer repair teams know absolutely nothing about anything~

Worked for staples and they didnt evne know what Linux was, they tried telling me that it would be against the law to use a Linux Small boot on a flash drive, to simply enter someones harddrive to extract a password.......

I eventually quit, they wouldnt give me enough hours to complete the workload, and forced me out onto the sales floor too often sicne they refuse to train new hires, and would rather yell at me for not having the same amount of Sales as a Full Timer and not completing my PC Fixes.......

Total Scum.



Good write up though, not enough people know about this.
Nameless Traitor
(14 items)
 
Ultimate Rig Contest
(6 items)
 
†he cu|†
(13 items)
 
CPUMotherboardGraphicsRAM
Core I7 920@3.8ghz Asus P6T-Deluxe eVGA GTX 275 Mushkin RedLine: 3x2GB 1600mhz 998805 
Hard DriveCoolingOSMonitor
128GB Crucial M4 SSD + 2 x 250GB + 500GB Extern... Noctua U12P Win7 Ultimate 64-bit 20in Wide LCD 1680x1050 
KeyboardPowerCaseMouse
Ducky OCN 1008 MX Brown MechBoard Corsair CMPSU-750HX HAF 932! Logitech G5 
Mouse Pad
Cool Warhammer Print 
View all
CPUMotherboardGraphicsRAM
i7-3930k Rampage IV Extreme 2011 EVGA Titan Mushking Redline 16GB 4 x 4GB 2133 
Hard DriveCooling
Samsung 840 Pro 512GB Corsair H100i 
View all
CPUMotherboardGraphicsRAM
Opty 165 CCBBE @ 300fsb DFI LanP UT SLI-DR eVGA 8800gts 640mb 2x1gb Corsair XMS TwinX P 
Hard DriveOptical DriveOSMonitor
250 g sataII Max†or NEC DVD+/-DL XP pro 20.1 inch wide 5ms 
KeyboardPowerCaseMouse
Some old Thing OCZ GameXstream 600w Spire Baby! Logitech G5 
Mouse Pad
What? 
View all
  hide details  
Reply
Nameless Traitor
(14 items)
 
Ultimate Rig Contest
(6 items)
 
†he cu|†
(13 items)
 
CPUMotherboardGraphicsRAM
Core I7 920@3.8ghz Asus P6T-Deluxe eVGA GTX 275 Mushkin RedLine: 3x2GB 1600mhz 998805 
Hard DriveCoolingOSMonitor
128GB Crucial M4 SSD + 2 x 250GB + 500GB Extern... Noctua U12P Win7 Ultimate 64-bit 20in Wide LCD 1680x1050 
KeyboardPowerCaseMouse
Ducky OCN 1008 MX Brown MechBoard Corsair CMPSU-750HX HAF 932! Logitech G5 
Mouse Pad
Cool Warhammer Print 
View all
CPUMotherboardGraphicsRAM
i7-3930k Rampage IV Extreme 2011 EVGA Titan Mushking Redline 16GB 4 x 4GB 2133 
Hard DriveCooling
Samsung 840 Pro 512GB Corsair H100i 
View all
CPUMotherboardGraphicsRAM
Opty 165 CCBBE @ 300fsb DFI LanP UT SLI-DR eVGA 8800gts 640mb 2x1gb Corsair XMS TwinX P 
Hard DriveOptical DriveOSMonitor
250 g sataII Max†or NEC DVD+/-DL XP pro 20.1 inch wide 5ms 
KeyboardPowerCaseMouse
Some old Thing OCZ GameXstream 600w Spire Baby! Logitech G5 
Mouse Pad
What? 
View all
  hide details  
Reply
post #15 of 24
1/31/12 at 5:31am
Thread Starter 
Quote:
Originally Posted by StormX2 View Post

I started reading this
I decided that I really like the command, ClamScan
THis always was funny to me, Geek Squad and Staples computer repair teams know absolutely nothing about anything~
Worked for staples and they didnt evne know what Linux was, they tried telling me that it would be against the law to use a Linux Small boot on a flash drive, to simply enter someones harddrive to extract a password.......
I eventually quit, they wouldnt give me enough hours to complete the workload, and forced me out onto the sales floor too often sicne they refuse to train new hires, and would rather yell at me for not having the same amount of Sales as a Full Timer and not completing my PC Fixes.......
Total Scum.
Good write up though, not enough people know about this.

After seeing far too many instances of geek-squad not knowing jack, is when I decided to just do it all myself for family, friends, and coworkers.

You should do a write-up on how to recover a windows password using linux. I bet plenty of people could use that info. I suppose I could write one too, if you don't wanna.
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
post #16 of 24
1/31/12 at 5:38am
Quote:
Originally Posted by StupidMonkey View Post

After seeing far too many instances of geek-squad not knowing jack, is when I decided to just do it all myself for family, friends, and coworkers.
You should do a write-up on how to recover a windows password using linux. I bet plenty of people could use that info. I suppose I could write one too, if you don't wanna.

Does this count? http://pogostick.net/~pnh/ntpasswd/

tongue.gif

Its Linux based....
My System
(30 items)
 
"Zeus"
(13 items)
  		 
CPUMotherboardGraphicsRAM
Intel Core i5 2500K (4.5ghz @ 1.320v) Gigabyte Z68X-UD3R-B3 MSI R7970 Lightning Corsair 16GB (4x4GB) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Crucial M4 128GB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 7 Ultimate 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2212HM Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Microsoft IntelliMouse Optical  XTRAC Ripper XXL 
AudioAudioAudioAudio
Westone W3 IEMs RE-272 IEMs Shure SE-215 IEMs Schiit Bifrost DAC 
AudioAudio
Schiit Asgard 2 amp HiVi Swan M50W 2.1 
View all
CPUMotherboardGraphicsRAM
Intel Core i7 950 GA-X58-UD3R Radeon HD 5450  24GB Corsair @ 1333mhz 
Hard DriveOSPowerCase
4x WD Cavair Red 1TB in RAID 0 Windows Server 2008 R2 x64 Corsair HX-520 LianLi LanCool 
View all
  hide details  
Reply
My System
(30 items)
 
"Zeus"
(13 items)
  		 
CPUMotherboardGraphicsRAM
Intel Core i5 2500K (4.5ghz @ 1.320v) Gigabyte Z68X-UD3R-B3 MSI R7970 Lightning Corsair 16GB (4x4GB) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Crucial M4 128GB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 7 Ultimate 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2212HM Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Microsoft IntelliMouse Optical  XTRAC Ripper XXL 
AudioAudioAudioAudio
Westone W3 IEMs RE-272 IEMs Shure SE-215 IEMs Schiit Bifrost DAC 
AudioAudio
Schiit Asgard 2 amp HiVi Swan M50W 2.1 
View all
CPUMotherboardGraphicsRAM
Intel Core i7 950 GA-X58-UD3R Radeon HD 5450  24GB Corsair @ 1333mhz 
Hard DriveOSPowerCase
4x WD Cavair Red 1TB in RAID 0 Windows Server 2008 R2 x64 Corsair HX-520 LianLi LanCool 
View all
  hide details  
Reply
post #17 of 24
1/31/12 at 6:37am
Quote:
Originally Posted by StupidMonkey View Post

Yes, ROOT is required. That being said, in most liveCDs you are already ROOT, but have no root password.
Except in this instance you're not. You specifically chose to enable and log into root.
Quote:
Originally Posted by StupidMonkey View Post

The standard in Linux is when you are root, or need to install something as root but not in root, SUDO for example, you would need a password. Yes there are other ways to do this, but I wrote this based upon what is the easiest for everyone, even for those who have never even seen anything Linux and know nothing about it. Most people I talk to mention Linux as some really hard OS that you have to know code in order to use it, which is completely false. So, writing this in the simplest format seemed to be best.
Yes, I know this as I'm a full time Linux and UNIX user - both professionally (unix sys admin) and personally (at home) tongue.gif

Anyhow, you're not logging into root to install something, you're logging in to run the AV.
So my original question stands: does the AV really need to run as root? I can't see why it should need it unless it was trying to mount / unmount file systems - however even then, you'll most likely be running this against NTFS which runs against FUSE (rather than in kernel memory) and thus can be mounted / umount with regular user access anyway.

So I'm just puzzled why the AV is running as root as you're introducing two additional and unnecessary console commands to your walkthrough if freshclam doesn't require root permissions (which on face value, I wouldn't have expected it would).

If it does require root, then fair enough. But I'm genuinely more intellectually curious why it would rather than trying to troll / berate your hard work. So it's really just curiosity why it needs root than anything smile.gif
Quote:
Originally Posted by StupidMonkey View Post

Also, as others have said, CLAMAV is pretty good, and keeps up with updates.
Excellent biggrin.gif
Reply
Reply
post #18 of 24
1/31/12 at 2:05pm
Thread Starter 
Quote:
Originally Posted by tompsonn View Post

Does this count? http://pogostick.net/~pnh/ntpasswd/
tongue.gif
Its Linux based....

Fair enough!
Quote:
Originally Posted by Plan9 View Post

Except in this instance you're not. You specifically chose to enable and log into root.
Yes, I know this as I'm a full time Linux and UNIX user - both professionally (unix sys admin) and personally (at home) tongue.gif
Anyhow, you're not logging into root to install something, you're logging in to run the AV.
So my original question stands: does the AV really need to run as root? I can't see why it should need it unless it was trying to mount / unmount file systems - however even then, you'll most likely be running this against NTFS which runs against FUSE (rather than in kernel memory) and thus can be mounted / umount with regular user access anyway.
So I'm just puzzled why the AV is running as root as you're introducing two additional and unnecessary console commands to your walkthrough if freshclam doesn't require root permissions (which on face value, I wouldn't have expected it would).
If it does require root, then fair enough. But I'm genuinely more intellectually curious why it would rather than trying to troll / berate your hard work. So it's really just curiosity why it needs root than anything smile.gif
Excellent biggrin.gif

The action of scanning /media requires root access, stated by clamav, and proven when you try to clamscan or freshclam.
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
post #19 of 24
1/31/12 at 5:45pm
Quote:
Originally Posted by StupidMonkey View Post

The action of scanning /media requires root access, stated by clamav, and proven when you try to clamscan or freshclam.

Seeming as you didn't know, I went off and did my own research. Seems I was right and clamscan doesn't need root permissions to scan (as long as the files can be read and -presumably- written by said user. But that shouldn't be an issue on NTFS volumes anyway).

However freshclam (which is the virus definitions updater) does need to run as root. Which actually makes more sense as you'd expect the definitions and program data to have root permissions (albeit globally executable where applicable) so it would be rather hard to update them without elevating your permissions first.

The only other thing I'd say would be that it might be more useful for Linux noobs if you had the log file output to the users home (or better yet, their desktop). eg:
Code:
clamscan -rl /home/[live_cd_use_name]/Desktop/clam.log

That aside, it looks a very good guide smile.gif
Edited by Plan9 - 1/31/12 at 5:51pm
Reply
Reply
post #20 of 24
2/1/12 at 3:32pm
Thread Starter 
Quote:
Originally Posted by Plan9 View Post

Seeming as you didn't know, I went off and did my own research. Seems I was right and clamscan doesn't need root permissions to scan (as long as the files can be read and -presumably- written by said user. But that shouldn't be an issue on NTFS volumes anyway).
However freshclam (which is the virus definitions updater) does need to run as root. Which actually makes more sense as you'd expect the definitions and program data to have root permissions (albeit globally executable where applicable) so it would be rather hard to update them without elevating your permissions first.
The only other thing I'd say would be that it might be more useful for Linux noobs if you had the log file output to the users home (or better yet, their desktop). eg:
Code:
clamscan -rl /home/[live_cd_use_name]/Desktop/clam.log
That aside, it looks a very good guide smile.gif

Setting to root 1st avoids SUDO and thus one less step. Thanks for the verification!

The command of -r tells clamav to remove said files automatically upon scanning... and you get a summary at the end of scanning. If they are new to this at all, then a log file gives them nothing of value. A simple summary is sufficient. "6 bazillion files scanned, 6 Viruses Found, 6 Viruses Removed" is peace of mind. Putting it in /var/log/clam puts it out of sight and out of mind, but leaves it there for the curious, and is gone upon ejection of the liveCD. No cleanup, no mess, no after thought. Easy Virus Go Bye-Bye = Goal.
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
Alienware Area-51 7500-R5 (Big Blue)
(13 items)
  		  
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
View all
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › HOW TO: Remove a Virus in Windows using Linux