New to 4MLinux?

If you are a new 4MLinux user, you should jump here




Tuesday, February 5, 2013

Antivirus Live CD

Antivirus Live CD is a 4MLinux fork including the ClamAV scanner. Both Ethernet (including Wi-Fi) and dial-up (including fast USB modems) Internet connections are supported to enable automatic updates of the virus signature database.

Note: Antivirus Live CD boots in the same way as 4MLinux does (this was described here).


1) Boot your copy of Antivirus Live CD (or Antivirus LiveUSB):

 


2) After executing 'help', you will see the following screen:

 


3) You can try to run the 'antivir' command now. An automatic update of the virus signatures database will be started:


NOTE: if you need to configure your Internet connection, you should run the 'netconfig' script (the procedure is very similar to the one described here).


4) When the update process is over, you will be able to choose what should be done with suspicious files:




5) And finally the ClamAV scanner will be started:



NOTE: Antivirus Live CD will check all your disks against viruses. This is possible because all partitions are mounted automatically during boot so that they can be scanned by ClamAV (the supported filesystems are: btrfs, ext2, ext3, ext4, FAT, HFS, HFS+, jfs, Minix, NTFS, ReiserFS, and XFS).


6) Antivirus Live CD includes Midnight Commander (file manager) and Links (text-based web browser), which can be very helpful in some cases:

  

  

NOTE: Antivirus Live CD is also able to make a backup of your data (and to send it to a remote FTP server if desired). Just try it yourself by executing 'backup' and 'fsbackup'  commands!

Technically speaking, Antivirus Live CD is an extremely small Linux-based operating system (only about 17-18 MB in size), which was designed to act as a platform independent antivirus tool, meaning that it can be used by Linux, Windows and Mac users.

Good luck :-)


61 comments:

  1. After checking all disks, ClamAV found infected files. Where do I find which files are infected? Where is the logfile stored?

    ReplyDelete
    Replies
    1. 1) The newest Antivirus Live CD (5.1-0.97.7): infected files are automatically moved to the /var/clamav/infected directory.

      2) Older versions: you should execute "clamscan --help" to see all available options.

      Delete
  2. Hello, is there a way (in the latest version) to make a scan without taking any action? I would like to just have a report of the detected infected files, without deleting/moving/renaming them automatically. Thanks.

    ReplyDelete
    Replies
    1. You are not the first one who asks about that. Within 48 hours there will be a new release, which will allow AntivirusLiveCD user to decide what should be done with suspicious files. Normally, this should be quicker, but I am a little busy with my TheSSS now ;-)

      Delete
    2. Done! Antivirus Live CD 6.0-0.97.7-BIS will ask you what should be done with infected files.

      Delete
  3. Is this live CD compatible with 3 terabyte hard disks? I have two internal ones, formatted with GPT and NTFS. Thanks.

    ReplyDelete
  4. Hello, it would be a nice feature to be able to scan just the selected hard disks, instead of always all of them.

    ReplyDelete
    Replies
    1. Just run ClamAV manually:

      clamscan file_to_scan
      camscan -r folder_to_scan

      Delete
    2. What form of the way to the file? C:\Documents and Settings or C:\Documents and Settings\ is correct way?

      Delete
    3. No, it isn't.

      Open Midnight Commander (by executing "mc"), select the files that you want scan (you can navigate using your mouse), press F2, choose "Do something on the current file", type "clamscan", and click on the OK button. You will have to wait a few seconds till antivirus is started.

      Good luck :-)

      Delete
    4. One more remark. You will find your windows in the "mnt" directory.

      Delete
    5. Can I scan a folder or group of folders at once?

      Thank you for your answer.

      Delete
    6. You can select many files (or folders) using your right mouse button in Midnight Commander.

      Delete
  5. Hi, nice tool, i would like to know if there is a way to use the antivirus ISO with YUMI. Of course i´ll ask YUMI team native support for your great/small distro. Thank you.

    ReplyDelete
    Replies
    1. Thanks :-) Unfortunately I have no experience with YUMI, so I cannot help you.

      Delete
    2. I have used the 4mlinux clamav live with YUMI. It works great. Just select the "try unlisted ISO" choice when selecting the ISO.

      Delete
  6. Trying to clean an old WinMe box (128mb ram) with version 6.0-0.97.8. After virus signatures update, I get this: libclamav error cl_load(); can't get status of /usr/local/share/clamav

    ReplyDelete
    Replies
    1. 128 MB of RAM may be not enough...

      Delete
    2. Thanks for your kind reply. Might an older version have a better chance of running properly?

      Delete
    3. Or, if you're aware of a similar live cd that might work, that info would be great!!

      Delete
    4. The problem is that modern antiviruses have virus databases ca 50MB (or even more). This must be loaded to RAM (plus, of course, operating system itself).
      --------

      If you have at least 1GB of a free disk space and you are familiar with Linux, you may try to install TheSSS to your hard disk drive (see the "Links" section at the top of this page). TheSSS is installed on http://server.4mlinux.com, which has only 128 MB of RAM, and the "antivir" command works flawlessly.

      Delete
    5. I read the page on TheSSS. Might it run live from cd?

      Delete
  7. Thanks for your help! I may give the install a go.

    ReplyDelete
  8. I ran into a problem that the livecd hangs at a chang root password screen. Any ideas?

    ReplyDelete
  9. Try to run it with VESA framebuffer enabled

    ReplyDelete
  10. Running AntivirusLiveCD 6.1-0.97.8 in a PC with 768MB of RAM, when I enter immediately after booting and logging in:
    # clamscan -r /mnt/sda3/home/richard/Documents/BCS
    (which is a valid directory on one of my existing partitions) I get the error:
    LibClamAV error: cl_load(): Can't get status of /usr/local/share/clamav.
    Running:
    # freshclam -v
    before clamscan didn't help.
    Any assistance would be greatly appreciated.

    ReplyDelete
    Replies
    1. It looks that clamav cannot update its virus signature database (or this database is broken). Do you have a valid internet connection ? You can check it by executing (for example) "links google.com".

      Delete
    2. One more remark. You have run antivirus "immediately after booting". You MUST allow clamav to update its virus signature database before running the scanner. Execute the "antivir" script. When the update process is over, you can interrupt this script by pressing CTRL+C.

      Delete
  11. This is a very cool little tool.
    While it's possible to use pretty much any live cd solution to scan media for viruses with clamav, AntiVirusLiveCD presents the process in a very clean and uncluttered environment, perfect to reasure those management-types that nothing is going to get worse than it already might be.

    Could the author (i'm discovering 4MLinux here) put a wiki up for AntiVirusLiveCD? I have some documentation to contribute

    ReplyDelete
    Replies
    1. Thanks for your nice comment.

      PS.
      Unfortunately, I have no time to write Wiki now, but it may change in the future, so please let me know how I can contact you (my mail: 4mlinux at gmail.com).

      Delete
  12. Still hanging at change root password screen when I boot to this cd. I tried enabling VESA Frame buffer with default option (hit space instead of enter). I tried to boot with VESA frame buffer enabled and selected 800x600 graphics mode and any way I try it, it hangs at the change root password screen. I appreciate your work and would like to help troubleshoot, but I have a virus to eradicate... ;)

    ReplyDelete
  13. Before trying the Live CD...
    Has this software been tested with GPT 3TB disks?
    Have file-system corruptions been reported, or they shouldn't happen?

    ReplyDelete
    Replies
    1. No file-system corruptions have been reported yet.

      Delete
  14. This is an odd question, I realize.

    I made a boot disk of this at some point in the last year. I am trying to help a family member remotely run this, however I don't know which version she has.

    When she runs, antivir, it never prompts for what to do with infected files. It just starts scanning. It then subsequently shows a summary, with 4 infected files.

    Was there a command line switch prior? Or did older versions auto quarantine? I've tried to find older docs, but have been unsuccessful.

    Thanks so much. Very nice product. Now if only I'd port forwarded ssh and there was an sshd, I'd be golden. ;)

    ReplyDelete
    Replies
    1. Just download the latest version. It asks what should be done with suspicious files, and it has ssh client. Thanks for your nice words :-)

      Delete
    2. I wish I could, but I'm very remote and really the only option I happen to have is the version she's booting off of.

      Do you have any suggestions about what older versions needed to execute the quarantine?

      Thanks again.

      Delete
    3. For example:
      clamscan -r --move=/tmp /mnt/sda1
      This will scan all files in the /mnt/sda1 directory (this is usually Windows drive C), and move all suspicious files to the /tmp directory.

      Note: AntivirusLiveCD is running in RAM disk, so you should replace /tmp with something else (if you do not loose moved files after reboot).

      Good luck :-)

      Delete
  15. Ok, I have maybe an odd question: Is it possible to boot the live cd, update the signatures, then re-burn the live cd? I thought about using virtualbox somehow but I'm not sure how to create the iso image from the running system because I think its running in ram? can you dd a live system from ram to make a live distro? I'm just asking because sometimes it takes a while to update the signatures and if I could only do it once in a while it would be handy. It's an awesome tool by the way!

    ReplyDelete
    Replies
    1. Your way of making a live CD won't work ;-)

      TIP:
      It is a good idea to interrupt the update process if it goes very slow. You can do by pressing CTRL+C. Then you can execute the "antivir" command again, and you will have a big chance to get connected to a faster mirror.

      Delete
    2. Here you are:
      http://linux.softpedia.com/progDownload/Antivirus-Live-CD-Download-88057.html

      Delete
  16. My linux runs usb modem sakis3g to ease internet conections but it just runs over a gtk environment...and now, how I upadate the app?

    ReplyDelete
  17. Use the "DB" release of Antivirus Live CD:
    http://sourceforge.net/projects/antiviruslivecd/files/
    It works without an Internet connection.

    Good luck!

    ReplyDelete
  18. Sorry but i does not boot...I have used the antivirus.xxxxx.db.iso, it shows nothing

    ReplyDelete
    Replies
    1. So your hardware is either damaged, or totally incompatible with Antivirus Live CD.

      Delete
    2. Or he just copied the .iso file on the CD/USB instead of burning it as an image ;-)

      Delete
  19. My machine has two disks, one has 100G/500G Linux Slackware-14 with ext2 fs, the other has OpenBSD (250GB) that has caused everything. Would it be necessary to remove OpenBSD from 250gb disk in order to your AntiVirus.xxx.db.iso work?

    ReplyDelete
    Replies
    1. The supported file systems are listed in the post above.

      PS.
      Running 100 GB Slackware on ext2 partition is somewhat risky. Consider upgrading it to ext3/ext4

      Delete
  20. hello not let me enter a password on boot test three different teams and squeezed but not brand anything

    ReplyDelete
  21. If I only knew what you are talking about ... If you wish you can send more details to 4mlinux@gmail.com, and you can do it in your native language ;-)

    ReplyDelete
  22. This comment has been removed by the author.

    ReplyDelete
  23. It's a cool tool. I have installed it in my USB "bag of tricks" via YUMI. However, I am running into an update issue. I can connect to my wifi, and when I run antivir, it does not ask me for an update. I had to add a user 'clamav', and chown the /var/clamav to the clamav user, and then run freshclam to have it updated manually. Any idea what might be wrong in my setup? I did not change any files or anything.

    ReplyDelete
    Replies
    1. I agree with you when you say that it's a cool tool! (Just kidding :-)

      I have no experience with YUMI. Please try to use use UNetbootin instead.

      Regards,
      zk1234

      Delete
  24. Well I made it work for my purpose. I edit the initrd with a simple script, that automatically adds a user "clamav" with a standard password, chowns the dir /var/clamav and links /etc/freshclam.conf to /var/clamav/freshclam.conf. I added my script in the rcS file at the end to make it run at boot.
    It works for me. I cannot use UNetbootin, as my USB stick has several tools to boot from, each for different purposes. I have Hiren's bootcd, antivirus live cd, memtest, and two different live linux distributions, that I can choose from in a nice boot menu that I adapted to my needs. It took me a while to have it running, but it does what I want it to do now.

    ReplyDelete
  25. Well, this does seem to do the job, thanks....However, after logging-in, I was informed that the virus database was over seven days out-of-date; and went straight to scan - there was no option to allow the update to take place. I have rebooted several times all with the same result, any ideas, please?

    I have issues with my b****y Windows disc (Linux Mint is my default) and after a five hour scan 19 infected files were detected, so I'd like to find them and avoid a complete re-install.

    Many thanks,

    David

    ReplyDelete
    Replies
    1. You can force an update by executing the "freshclam --user=root" command.

      Good luck :-)

      Delete
  26. Just download it and give a try =)
    It starts but antivirus give me a error message like the virus database is not fresh.
    How to force the update ?

    Good job, great (beta?) tool =)

    ReplyDelete
    Replies
    1. Strictly speaking "freshclam --user=root"

      Delete
    2. Thanks ! I tried "freshclam" only and it did not work, so I considered that this command was off. I just tried freshclam --user=root and it worked =)

      Delete
    3. Maybe someone should write this on the FAQ ? I didn't find this on the blog :)

      Delete