Ubuntu Security :: Clean Windows Partition With ClamAV
May 30, 2011
My windows partition is infected and I recall that it is supposed to be possible from the linux partition with ClamAV. Now I'm running Fedora12 but this forum is much more active and I suppose that doesn't make a big difference. I tried to find something on google but most procedures seem to involve a Live CD but it would be more convenient for me to just do it from my linux distro running. Is there anything I have to be aware of or is it literally just scanning the windows partition with ClamAV?
what a horrendous piece of software. Ive been at it 3 days trying to do something that ought to be simple and everytime i solve one problem another problem arises. at first I removed the old clamav 9.5 or something. I got the latest ubuntu release btw, and Clamav used to work when i first installed it in the previous ubuntu release. anyway, it asked me to upgrade, so since synaptic doesnt have the latest, i downloaded from sourceforge. I did the whole ./configure gave me errors like need build-essentials-- which i then did, error: need zlib.dv--- I did that one too. Now two more errors that i need to fix so I can compile it.
I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
I am working on a production system on which it is not advisable to enable on-access scan with use of Dazuko. However, I want to do an automatic scan with clamscan when the flashdrive is mounted. As far as I know, Kudzu is arranging the automount of the flashdrives.
I just downloaded with a terminal the program ClamAV. But where it is located? I don't see it in Application - accessories -etc ? neither in "Places", etc where it is? ps: the place where I found about this was here:[URL]...
I am a newbie in ubuntu. I did clamscan on my ubuntu /, and I got the result message as follow. it shows "486 errors" I am wondering if the result is OK or I need to do some action on it.
Known viruses: 968595 Engine version: 0.96.5 Scanned directories: 28067 Scanned files: 131696 Infected files: 0 Total errors: 486 Data scanned: 9020.40 MB Data read: 17800.31 MB (ratio 0.51:1) Time: 1349.479 sec (22 m 29 s)"
Also, my engine is 0.96.5. The latest version is 0.97. But "aptitude upgrade" can not upgrade the engine to 0.97. I understand 0.97 is still on testing. I am wondering if I can just stay with 0.96.5 and wait for the 0.97 passing all tests. if so, does it cause any security issue?
ubuntu 10.04lts, want to upgrade my clamav from 096.5 to the 097 scan engine. the ubntu repositories have only the 096.5 release, while the debian repositories have the 097 package. set the repositoriy path in the synaptic package manager, and made sure the checkbox was checked. can't see the clamav package.
I've scanned my computer (I'm using Ubuntu 8.04 Hardy Heron) and ClamAV has issued it has found a virus called Exploit.PDF-9669. What seems strange to me is that such a warning always happens (or, at least, in the most cases) in the same folder tree "sys" and ClamAV issues the very same virus/malware warning (Exploit.PDF-9669).
An example: sys/devices/virtual/vtconsole/vtcon0/uevent: Exploit.PDF-9669 FOUND sys/devices/virtual/net/ppp0/address: Exploit.PDF-9669 FOUND sys/devices/virtual/net/ppp0/broadcast: Exploit.PDF-9669 FOUND sys/devices/LNXSYSTM:00/device:00/uevent: Exploit.PDF-9669 FOUND
My ClamAV version is 0.94.2/10275/Fri Jan 8 22:06:46 2010. It has been not updated since I installed Hardy in my computer last year. Is my computer in danger?
I have network shares automounted in /media and I want to exclude them from my automatic scheduled ClamAV scan in Maverick. How do I do this? I can't find any CRON link or script that actually starts the scan. Is it the Daemon that does this?
I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
Is it possible to remotely access, inject, manipulate files and/or folders in the Windows NTFS partition when logged into Ubuntu?
I'm either logged into Windows or Ubuntu but NOT both -- ever. Therefore, while logged into Ubuntu, would it be possible for someone to crack into Windows via Ubuntu using Wi-Fi or modem?
I am semi new to UBUNTU worked a bit with it in the passed on vps and that. but i am currentaly tring to make a module for *Zpanel* i am making an anti virus module and am going to be using clamav. up to now everything has been going smoothly but i have hit massive problem.
I am tring to do this:
Code:
And i get this in return
Code:
Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
The following information may resolve the situation:
The following packages have unmet dependencies.
I dont get any install. and the information i have collect from people say that and install should not be stopped becuase of an depend
So as any one who is semi new would do i then tried installing the depend
Code:
And i get this in return
Code:
E: Package 'phpapi-20060613+lfs' has no installation candidate
So it look like problem after problem
Does any one know why i can not install php5-clamavlib
I have UBUNTU 11.04 desktop (with zpanel installed on it)
*zpanel an open source web hosting panel for windows and NOW LINUX (zpanel has just been release on UBUNTU ONLY ).
I'm noodling around with Ubuntu 10.4.1, latest updates and kernel (2.6.32.24?).Anyway, I run ClamAv as root and it goes fine through almost all of my system (huge amount of it), including several virtual devices, where it hangs on pan0, which has some association with my network (eth0 would be for wired connection, and wlan0 for wireless, and pan0 is listed also, but I'm not at that machine right now, so I can't tell why it shows up. wlan0 is what I use to connect to the internet).Is there an issue for clamAV with virtual devices? Any workaround? I had to terminate the scan after it stayed hung for over 5 minutes on pan0.
I use Fedora 12 AMD64 , my Fedora mount automatic windows partition , I try find way Fedora dose not this you can see in this linkSo I want set password for windows partition and I do not want somebody can see what I have in windows partition , if I can not set password for partition , I want set password for folders are in windows partitions , can I do this ?---------- Post added at 05:25 PM CDT ---------- Previous post was at 09:29 AM CDT ----------
My windows 7 system is severely infected and I can't cure it from within itself or safe mode.I was going to do that with ClamAV but as I am running F12 the current version is not supported. Do you know an AV client that you could recommend for that purpose.I don't want to risk upgrading F12 as I don't want to jeopardise my only stable system at the moment.
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing), - Kaspersky Rescue CD 10 (removed infections, now detects nothing), - Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot. 2) Copy over files from Windows XP partition using Xubuntu. 3) Back up files to an external drive using Xubuntu. 4) Reinstall XP Pro and format hard drive. 5) Reinstall Xubuntu with dual boot. 6) Use Xubuntu for daily use. 7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
Let's say I have an avi file that contains a virus for ntfs windows xp sp3. I put that file on a linux ext3 partition. Then on a windows xp sp3 nfts computer, I connect to the partition over a network share via smb. I run the file within the share so the file is never physically on the windows xp sp3 computer. In this situation will the virus infect the windows xp ntfs partition?
My Windows Installation is infected even with Eset installed! I don't know how to clean it. Already tried safe mode scan, but that doesn't even clean it. The only reason I installed ubuntu was so that I could download infected files without any conserns of my windows parition being infected. When ever I download a file, I move it to the NTFS partition from where windows can access it. But just about a week ago when I booted into Windows, my whole drive was infected, not only windows installed partition but also all my NTFS partition. Can anyone please tell me how can I CLEAN the files rather than qurantine all the files which CLAMAV does!
Also, what steps should I take in advance before downloading a virus infected file? I know the virus could've have gotten in when I disable eset for some software installation but it should clean after boot or after being booted.But there should be a way to clean all my NTFS partition .... how? I don't know how to used CLAMAV properly because whenever I try to scan anything, it always returns with '0 files scan' because I think the directory scan doesn't work the way it should!
Some time back using this computer a SucKit rootkit was found. Having dd urandomed the drive, flattened CMOS battery, flashed BIOS, run Knoppix live CD 6.1,using no flat pack battery (laptop), and memtested the RAM, I am still having problems with what I suspect is a javascript file that tries to reload the rootkit from? firmware. I suspect the firmware as everything else should have eradicated it??
Also it or a hacker via a backdoor then corrupts the drivers so devices malfunction. Windows security programs and rootkit detectors don't seem to pick it up. Fresh install of Windows or linux after the above still show this problem, though internet not used. The person who admitted rootkitting this machine is capable of writing java programs or using javascripts to do all this.
When viewed using Ubuntu 8.4 files and dates on a Windows partition appear normal both in file manager and terminal. However booting using Knoppix CD these files are all green, and I cannot change their permissions, even as root. ie: everything is green including text files etc. If I copy them to a linux partition, I can change their permissions and make them nonexecutable and nonwritable. Also on the Windows FAT32 partition the . directory has the date 1 Jan 1970.
If I disable any green files, I can shutdown and reboot cleanly. If I don't I start having problems shutting down [/usr/sbin/init ?] And always these follow a pattern:
Can't remember details as I have now corralled the beast but error messages relating to:
I have used SUse some time now, and I return now to Ubuntu. In Yast cron jobs can be edited easily in order to keep the tmp-partition clean. I would like to do the same in ubuntu, as I know a full tmp partition prevents the system from booting. So, how to do it? I have tmpreaper installed, but this soft is not as handy as Yast. Tmpreaper.conf can indeed be edited, but I have no idea how. It is always "read only".
after upgrading ClamAV to version 0.97.1 and run the command Code: clamscan -r -i / --exclude-dir=^/sys --exclude-dir=^/dev --exclude-dir=^/proc | mail -s "clamav scan report XYSERVER" xy@mail.com the following errors appeared:
installed ubuntu 10.10 via wubi but no uninstall in add and remove windows 7 so how do i remove safely so to do a clean install of 11.04 by doing a partition
I made an upgrade from Kubuntu 9.04 to 9.10 and this upgrade generated a series of permission problems.
Considering that I have an individual /home partition, I am planning to make a clean install of Karmic (9.10) on a laptop with a 230GB hard disk and 2GB RAM.
The actual hard disk is mounted the following way:
In total there are some 230GB of Hard Disk available.
The fat 32 partition was not a good idea, because I can't access it from the file manager, so I will dump this partition on my next installation.
Now my question: What partitions would you recommend to mount and what size would you give to each partition?
