Focus on Virus
[Solved, so far]: How to - Scan a Windows machine for virus from a Linux machine Nov 14 2006 10:14PM
Ivan Aleman (bonovoxmofo gmail com) (1 replies)
RE: [Solved, so far]: How to - Scan a Windows machine for virus from a Linux machine Nov 15 2006 01:13AM
Quark IT - Hilton Travis (Hilton quarkit com au)
Hi Ivan,

The issue with mounting shares and scanning is mainly that it is post-infection cleaning that you are providing - like trying to regain your virginity. Another major issue is that there will be a lot of locked files that cannot be scanned this way that could were you doing this properly.

--

Regards,

Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark AudioVisual http://www.quarkav.net

War doesn't determine who is right. War determines who is left.

This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.

Quark Group Pty. Ltd.
T/A Quark Automation, Quark AudioVisual, Quark IT

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Ivan Aleman
> Sent: Wednesday, 15 November 2006 8:15 AM
> To: focus-virus (at) securityfocus (dot) com [email concealed]
> Subject: [Solved, so far]: How to - Scan a Windows machine for virus
> from a Linux machine
>
> Thank you all for your responses, all of them were very educative.
>
> I will try the solution that involves smbfs and ClamAV and possibly a
> better solution will be a commercial product like the NOD32
> recommendation.
>
> By the way if somebody is following this thread, I am posting here the
> comments made by others to me directly (without posting to the list)
> just in case somebody have a similar doubts of how to accomplish this
> so far.
>
> ==============
>
> Kusuriya said:
>
> ClamAV, and I like the GUI KlamAV for it (honestly its the easiest to
> use even if its KDE dependant)
>
> ==============
>
> Jose Nazario said:
>
> nstall samba on that linux box.
> share C:\ (and any other drives) from the PCs.
> mount them on the linux box using smbmount.
> now point your AV scanners on the Linux box to the mount point, ie:
>
> clamscan /mount/pc/DesktopPC_1
>
> that should do it.
>
> ===============
>
> Seyhan Tekelioglu said:
>
> hi,
>
> if you are using clamav and you want to scan network traffic. You can
> use
> snort-inline.
> For more information chek this site http://snort-
> inline.sourceforge.net/
>
> ===============
>
> THORNTON Simon said:
>
> Hi Ivan,
>
> I normally use an smbfs mount of the remote machine(s):
>
> i.e:
>
> mount //machine/share dir -t smbfs -o
> username=whatever,workgroup=domain
>
>
> E.g.: TO scan the C: drive on machine1 and the share 'share' on
> machine2:
>
> mkdir -p /mnt/machine1 /mnt/machine2
> mount //machine1/c\$ /mnt/machine1 -t smbfs -o
> username=Administrator,workgroup=mydomain
> mount //machine2/share /mnt/machine2 -t smbfs -o
> username=Administrator,workgroup=mydomain
> clamscan /mnt/machine1 /mnt/machine2
> .
> umount /mnt/machine1 /mnt/machine2
>
>
> (see man smbmount for more options)
>
> Once mounted you can scan the directories as normal from the linux
> machnie.
>
> ===================
>
> Hilton Travis said:
>
> Hi Ivan,
>
> If BitDefender can't do what you need - and you say it can't - then
> look at a decent AV such as NOD32 that has its Remote Administrator
> interface that allows you to start scans on remote machines, have a
> single interface to see the status of NOD32 on all machines across
> your network, and basically allows full remote management of NOD32
> across your network. Oh, and it is a significantly more effective
> scanner than BitDefender.
>
> ==============
>
> Thank again to all .
> Kind regards.
> --
> Iván Alemán
>
> -----------------------------------------------------------------------
> -----
> ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
> It's as simple as placing additional SQL commands into a Web Form input
> box giving hackers complete access to all your backend systems!
>
> https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZ
> Wl
> -----------------------------------------------------------------------
> -----
>

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus