Linux doesn't *need* Antivirus... blah.. blah... whatever... I wear seatbelts not because I *will* be in an accident today... I wear them as I *might* be in an accident. I don't actually run AV on my Linux systems...
My Windows 8.1 host was p0wned when I attempted to download/install a Matrix Screensaver from CNET. I thought that site was safe.. but there is definitely many reasons why I don't generally run Windows. Stupid stuff like this... ranks pretty high on that list.
Anyhow - since the host in question is a dual-boot system with Windows and either Fedora or RHEL - I figured I should clean-up the Malware on my Windows partition while running it from Linux.
This is the procedure for Linux:
### Install ClamAV and mount Windows partition
yum -y install clamav clamav-data clamav-filesystem clamav-lib clamav-lib clamav-scanner-systemd clamav-server-sysvinit clamav-update clamav-unofficial-sigs
mkdir -p /windows/C
mount /dev/sda4 /windows/C
### Update the virus definitions
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
sed -i -e 's/db.XY/db.US/' /etc/freshclam.conf
mkdir /var/log/clamav
chown clamupdate:clamupdate /var/log/clamav
cat <(crontab -l) <(echo "30 0 * * 0 /bin/freshclam --quiet -l /var/log/clamav/freshclam.log") | crontab -
### Run a scan
clamscan --quiet --recursive=yes / --log=/var/log/clamav/clamscan-`date +%F`.out
# In another terminal run...
tail -f /var/log/clamav/clamscan-`date +%F`.out | egrep -v 'Symbolic|OK|Empty'
# A more optimal scan command
/bin/clamscan --infected --recursive --quiet --exclude-dir=^/sys --exclude-dir=^/dev --exclude-dir=^/proc --log=/var/log/clamav/clamscan-`date +%F`.out /
My Windows 8.1 host was p0wned when I attempted to download/install a Matrix Screensaver from CNET. I thought that site was safe.. but there is definitely many reasons why I don't generally run Windows. Stupid stuff like this... ranks pretty high on that list.
Anyhow - since the host in question is a dual-boot system with Windows and either Fedora or RHEL - I figured I should clean-up the Malware on my Windows partition while running it from Linux.
This is the procedure for Linux:
### Install ClamAV and mount Windows partition
yum -y install clamav clamav-data clamav-filesystem clamav-lib clamav-lib clamav-scanner-systemd clamav-server-sysvinit clamav-update clamav-unofficial-sigs
mkdir -p /windows/C
mount /dev/sda4 /windows/C
### Update the virus definitions
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
sed -i -e 's/db.XY/db.US/' /etc/freshclam.conf
mkdir /var/log/clamav
chown clamupdate:clamupdate /var/log/clamav
cat <(crontab -l) <(echo "30 0 * * 0 /bin/freshclam --quiet -l /var/log/clamav/freshclam.log") | crontab -
### Run a scan
clamscan --quiet --recursive=yes / --log=/var/log/clamav/clamscan-`date +%F`.out
# In another terminal run...
tail -f /var/log/clamav/clamscan-`date +%F`.out | egrep -v 'Symbolic|OK|Empty'
# A more optimal scan command
/bin/clamscan --infected --recursive --quiet --exclude-dir=^/sys --exclude-dir=^/dev --exclude-dir=^/proc --log=/var/log/clamav/clamscan-`date +%F`.out /
Comments
Post a Comment