New to 4MLinux?

If you are a new 4MLinux user, you should jump here




Pages

Tuesday, February 5, 2013

Antivirus Live CD

Antivirus Live CD is a 4MLinux fork including the ClamAV scanner. Both Ethernet (including Wi-Fi) and dial-up (including fast USB modems) Internet connections are supported to enable automatic updates of the virus signature database.

1) Boot your copy of Antivirus Live CD (or Antivirus LiveUSB):



2) Once it has booted, you can log in as 'root' using password 'root':



3) After executing 'help', you will see the following screen:



4) And after executing 'antivir', you will see this screen:



5) It is highly recommended to update virus databases:
 


NOTE:  
If you need to configure your Internet connection, you should run the 'netconfig' script (the procedure is very similar to the one described here).


6) And finally, when the update process is over, you can start the ClamAV scanner:

 


NOTE:
Antivirus Live CD will check all your disks against viruses. This is possible because all partitions are mounted automatically during boot so that they can be scanned by ClamAV (the supported filesystems are: btrfs, ext2, ext3, ext4, f2fs, fat16, fat32, hfs, hfs+, jfs, nilfs2, ntfs, reiser4, reiserfs, and xfs).

7) AntivirusLivecd has Midnight Commander (file manager) and Links (text-based web browser), which can be very helpful in some cases:


 
NOTE: 
AntivirusLivecd is able to make a backup of your data (and to send it to a remote FTP/SFTP server if desired). Just try it yourself by executing 'backup' and 'fsbackup'  commands!

Good luck :-)



89 comments:

  1. After checking all disks, ClamAV found infected files. Where do I find which files are infected? Where is the logfile stored?

    ReplyDelete
    Replies
    1. 1) The newest Antivirus Live CD (5.1-0.97.7): infected files are automatically moved to the /var/clamav/infected directory.

      2) Older versions: you should execute "clamscan --help" to see all available options.

      Delete
  2. Hello, is there a way (in the latest version) to make a scan without taking any action? I would like to just have a report of the detected infected files, without deleting/moving/renaming them automatically. Thanks.

    ReplyDelete
    Replies
    1. You are not the first one who asks about that. Within 48 hours there will be a new release, which will allow AntivirusLiveCD user to decide what should be done with suspicious files. Normally, this should be quicker, but I am a little busy with my TheSSS now ;-)

      Delete
    2. Done! Antivirus Live CD 6.0-0.97.7-BIS will ask you what should be done with infected files.

      Delete
  3. Is this live CD compatible with 3 terabyte hard disks? I have two internal ones, formatted with GPT and NTFS. Thanks.

    ReplyDelete
  4. Hello, it would be a nice feature to be able to scan just the selected hard disks, instead of always all of them.

    ReplyDelete
    Replies
    1. Just run ClamAV manually:

      clamscan file_to_scan
      camscan -r folder_to_scan

      Delete
    2. What form of the way to the file? C:\Documents and Settings or C:\Documents and Settings\ is correct way?

      Delete
    3. No, it isn't.

      Open Midnight Commander (by executing "mc"), select the files that you want scan (you can navigate using your mouse), press F2, choose "Do something on the current file", type "clamscan", and click on the OK button. You will have to wait a few seconds till antivirus is started.

      Good luck :-)

      Delete
    4. One more remark. You will find your windows in the "mnt" directory.

      Delete
    5. Can I scan a folder or group of folders at once?

      Thank you for your answer.

      Delete
    6. You can select many files (or folders) using your right mouse button in Midnight Commander.

      Delete
  5. Hi, nice tool, i would like to know if there is a way to use the antivirus ISO with YUMI. Of course i´ll ask YUMI team native support for your great/small distro. Thank you.

    ReplyDelete
    Replies
    1. Thanks :-) Unfortunately I have no experience with YUMI, so I cannot help you.

      Delete
    2. I have used the 4mlinux clamav live with YUMI. It works great. Just select the "try unlisted ISO" choice when selecting the ISO.

      Delete
    3. This comment has been removed by the author.

      Delete
    4. A versão atualizada do YUMI já vem com ele na lista, melhor.

      Delete
  6. Trying to clean an old WinMe box (128mb ram) with version 6.0-0.97.8. After virus signatures update, I get this: libclamav error cl_load(); can't get status of /usr/local/share/clamav

    ReplyDelete
    Replies
    1. 128 MB of RAM may be not enough...

      Delete
    2. Thanks for your kind reply. Might an older version have a better chance of running properly?

      Delete
    3. Or, if you're aware of a similar live cd that might work, that info would be great!!

      Delete
    4. The problem is that modern antiviruses have virus databases ca 50MB (or even more). This must be loaded to RAM (plus, of course, operating system itself).
      --------

      If you have at least 1GB of a free disk space and you are familiar with Linux, you may try to install TheSSS to your hard disk drive (see the "Links" section at the top of this page). TheSSS is installed on http://server.4mlinux.com, which has only 128 MB of RAM, and the "antivir" command works flawlessly.

      Delete
    5. I read the page on TheSSS. Might it run live from cd?

      Delete
  7. Thanks for your help! I may give the install a go.

    ReplyDelete
  8. I ran into a problem that the livecd hangs at a chang root password screen. Any ideas?

    ReplyDelete
  9. Try to run it with VESA framebuffer enabled

    ReplyDelete
  10. Running AntivirusLiveCD 6.1-0.97.8 in a PC with 768MB of RAM, when I enter immediately after booting and logging in:
    # clamscan -r /mnt/sda3/home/richard/Documents/BCS
    (which is a valid directory on one of my existing partitions) I get the error:
    LibClamAV error: cl_load(): Can't get status of /usr/local/share/clamav.
    Running:
    # freshclam -v
    before clamscan didn't help.
    Any assistance would be greatly appreciated.

    ReplyDelete
    Replies
    1. It looks that clamav cannot update its virus signature database (or this database is broken). Do you have a valid internet connection ? You can check it by executing (for example) "links google.com".

      Delete
    2. One more remark. You have run antivirus "immediately after booting". You MUST allow clamav to update its virus signature database before running the scanner. Execute the "antivir" script. When the update process is over, you can interrupt this script by pressing CTRL+C.

      Delete
  11. This is a very cool little tool.
    While it's possible to use pretty much any live cd solution to scan media for viruses with clamav, AntiVirusLiveCD presents the process in a very clean and uncluttered environment, perfect to reasure those management-types that nothing is going to get worse than it already might be.

    Could the author (i'm discovering 4MLinux here) put a wiki up for AntiVirusLiveCD? I have some documentation to contribute

    ReplyDelete
    Replies
    1. Thanks for your nice comment.

      PS.
      Unfortunately, I have no time to write Wiki now, but it may change in the future, so please let me know how I can contact you (my mail: 4mlinux at gmail.com).

      Delete
  12. Still hanging at change root password screen when I boot to this cd. I tried enabling VESA Frame buffer with default option (hit space instead of enter). I tried to boot with VESA frame buffer enabled and selected 800x600 graphics mode and any way I try it, it hangs at the change root password screen. I appreciate your work and would like to help troubleshoot, but I have a virus to eradicate... ;)

    ReplyDelete
  13. Before trying the Live CD...
    Has this software been tested with GPT 3TB disks?
    Have file-system corruptions been reported, or they shouldn't happen?

    ReplyDelete
    Replies
    1. No file-system corruptions have been reported yet.

      Delete
  14. This is an odd question, I realize.

    I made a boot disk of this at some point in the last year. I am trying to help a family member remotely run this, however I don't know which version she has.

    When she runs, antivir, it never prompts for what to do with infected files. It just starts scanning. It then subsequently shows a summary, with 4 infected files.

    Was there a command line switch prior? Or did older versions auto quarantine? I've tried to find older docs, but have been unsuccessful.

    Thanks so much. Very nice product. Now if only I'd port forwarded ssh and there was an sshd, I'd be golden. ;)

    ReplyDelete
    Replies
    1. Just download the latest version. It asks what should be done with suspicious files, and it has ssh client. Thanks for your nice words :-)

      Delete
    2. I wish I could, but I'm very remote and really the only option I happen to have is the version she's booting off of.

      Do you have any suggestions about what older versions needed to execute the quarantine?

      Thanks again.

      Delete
    3. For example:
      clamscan -r --move=/tmp /mnt/sda1
      This will scan all files in the /mnt/sda1 directory (this is usually Windows drive C), and move all suspicious files to the /tmp directory.

      Note: AntivirusLiveCD is running in RAM disk, so you should replace /tmp with something else (if you do not loose moved files after reboot).

      Good luck :-)

      Delete
  15. Ok, I have maybe an odd question: Is it possible to boot the live cd, update the signatures, then re-burn the live cd? I thought about using virtualbox somehow but I'm not sure how to create the iso image from the running system because I think its running in ram? can you dd a live system from ram to make a live distro? I'm just asking because sometimes it takes a while to update the signatures and if I could only do it once in a while it would be handy. It's an awesome tool by the way!

    ReplyDelete
    Replies
    1. Your way of making a live CD won't work ;-)

      TIP:
      It is a good idea to interrupt the update process if it goes very slow. You can do by pressing CTRL+C. Then you can execute the "antivir" command again, and you will have a big chance to get connected to a faster mirror.

      Delete
    2. Here you are:
      http://linux.softpedia.com/progDownload/Antivirus-Live-CD-Download-88057.html

      Delete
  16. My linux runs usb modem sakis3g to ease internet conections but it just runs over a gtk environment...and now, how I upadate the app?

    ReplyDelete
  17. Use the "DB" release of Antivirus Live CD:
    http://sourceforge.net/projects/antiviruslivecd/files/
    It works without an Internet connection.

    Good luck!

    ReplyDelete
    Replies
    1. Is it still possible to update the virus signatures for Antivirus Live CD offline/without an internet connection? The DB release does not appear to exist at this link.

      Delete
  18. Sorry but i does not boot...I have used the antivirus.xxxxx.db.iso, it shows nothing

    ReplyDelete
    Replies
    1. So your hardware is either damaged, or totally incompatible with Antivirus Live CD.

      Delete
    2. Or he just copied the .iso file on the CD/USB instead of burning it as an image ;-)

      Delete
  19. My machine has two disks, one has 100G/500G Linux Slackware-14 with ext2 fs, the other has OpenBSD (250GB) that has caused everything. Would it be necessary to remove OpenBSD from 250gb disk in order to your AntiVirus.xxx.db.iso work?

    ReplyDelete
    Replies
    1. The supported file systems are listed in the post above.

      PS.
      Running 100 GB Slackware on ext2 partition is somewhat risky. Consider upgrading it to ext3/ext4

      Delete
  20. hello not let me enter a password on boot test three different teams and squeezed but not brand anything

    ReplyDelete
  21. If I only knew what you are talking about ... If you wish you can send more details to 4mlinux@gmail.com, and you can do it in your native language ;-)

    ReplyDelete
  22. This comment has been removed by the author.

    ReplyDelete
  23. It's a cool tool. I have installed it in my USB "bag of tricks" via YUMI. However, I am running into an update issue. I can connect to my wifi, and when I run antivir, it does not ask me for an update. I had to add a user 'clamav', and chown the /var/clamav to the clamav user, and then run freshclam to have it updated manually. Any idea what might be wrong in my setup? I did not change any files or anything.

    ReplyDelete
    Replies
    1. I agree with you when you say that it's a cool tool! (Just kidding :-)

      I have no experience with YUMI. Please try to use use UNetbootin instead.

      Regards,
      zk1234

      Delete
  24. Well I made it work for my purpose. I edit the initrd with a simple script, that automatically adds a user "clamav" with a standard password, chowns the dir /var/clamav and links /etc/freshclam.conf to /var/clamav/freshclam.conf. I added my script in the rcS file at the end to make it run at boot.
    It works for me. I cannot use UNetbootin, as my USB stick has several tools to boot from, each for different purposes. I have Hiren's bootcd, antivirus live cd, memtest, and two different live linux distributions, that I can choose from in a nice boot menu that I adapted to my needs. It took me a while to have it running, but it does what I want it to do now.

    ReplyDelete
  25. Well, this does seem to do the job, thanks....However, after logging-in, I was informed that the virus database was over seven days out-of-date; and went straight to scan - there was no option to allow the update to take place. I have rebooted several times all with the same result, any ideas, please?

    I have issues with my b****y Windows disc (Linux Mint is my default) and after a five hour scan 19 infected files were detected, so I'd like to find them and avoid a complete re-install.

    Many thanks,

    David

    ReplyDelete
    Replies
    1. You can force an update by executing the "freshclam --user=root" command.

      Good luck :-)

      Delete
  26. Just download it and give a try =)
    It starts but antivirus give me a error message like the virus database is not fresh.
    How to force the update ?

    Good job, great (beta?) tool =)

    ReplyDelete
    Replies
    1. Strictly speaking "freshclam --user=root"

      Delete
    2. Thanks ! I tried "freshclam" only and it did not work, so I considered that this command was off. I just tried freshclam --user=root and it worked =)

      Delete
    3. Maybe someone should write this on the FAQ ? I didn't find this on the blog :)

      Delete
  27. What should I do to make sure the Master Boot Record (MBR) has no virus?

    ReplyDelete
  28. No such an option in AntivirusLiveCD.

    ReplyDelete
  29. I tried to create a USB boot using Windows UNetbootin, but doesn't worked. Only works using Linux UNetbootin with me. What could be?

    ReplyDelete
  30. I tried to use this nice live cd, it seems powerfull, but once booted and selected display type, i cannot insert any type such as login id and password. My usb keyboard seems died. On a Lenovo M73 pc desktop.

    ReplyDelete
  31. Thanks for this unbelievable product.it is a first class prog and I used it today for the first time and it swipes the garbage from my pc away like nothing.
    GREAT PRODUCT INDEED. MY COMPLIMENTS.
    One question is it normal that it takes more than 12 hour's for scanning my harddrive and still going on. Data amount is probably around the 250 gigs on primary mbr and 9 gig recovery. Can you let me know if it's normal?well apriciate for your efforts for making this app. Makes my day perfect.

    Cheers from a happy dude

    ReplyDelete
    Replies
    1. Hi,

      That is normal, especially if you have many compressed archives.

      Delete
  32. Thanks for sharing such informative post on antivirus live CD.

    ReplyDelete
  33. Antivirus Live CD Detect Rootkit

    ReplyDelete
  34. Hello, I tried but it hangs at password screen, try to type but the keys not responding, unfortunately I couldn't pass this step. I have to go to BIOS to extract de CD and reboot.
    Is there any solution to this?
    Thank you and greetings from Argentina.

    ReplyDelete
    Replies
    1. Impossible to give you a short answer here.
      If you wish, you can ask this question here:
      http://www.linuxquestions.org/questions/4mlinux-115/

      Delete
    2. Unplug the keyboard usb, then plug back in, when the green lights come back on your keyboard, try typing, if that does not work, use another keyboard.

      Delete
  35. Mabey I'm a noob but I cann't seem to get it to work.

    You can use Unetbootin to create a usb stick. When I open Unetbootin and chose diskimage and then load the iso file and then chose oke. After it has run and I reboot the system it doesn't load from usb.

    Also the usb isn't recognized as a bootable device, so I ges I dith somthing wrong at usb creation????????

    I hope some one can give a step by step ore tell me what I dith wrong.

    Thank you for your help

    ReplyDelete
    Replies
    1. Ask here:
      http://www.linuxquestions.org/questions/4mlinux-115/

      Delete
  36. Thanks for sharing such informative post uggoutlet on antivirus live CD.

    ReplyDelete
  37. Thank you for such great software, your software cleaned out what McAfee and almost ever other scanner on the market could not.

    Would you be able to tell me what command I could type to have the results show me the location of the infected files as well as the infection type and how to enable logging to the C: drive. Thanks

    ReplyDelete
  38. Thank you very much for giving us to express our feeling and thoughts about above information. I think you will keep updating and changing these information time to time if there is need to change. revenue assurance audit delhi, company registration in delhi online , top 10 ca company in India, read more, business advisory consulting services in india, top accounting companies in india.

    ReplyDelete
  39. can this boot to uefi ? the usb won't boot in uefi

    ReplyDelete
  40. I get an error when it boots

    Not enough memory to load specified image
    boot:

    ReplyDelete
  41. Las Vegas Casinos and Resorts - Mapyro
    Mapyro is a 경기도 출장샵 directory of casinos located in 하남 출장샵 Las Vegas, NV. of the 세종특별자치 출장마사지 three hotels near the airport. 양주 출장안마 The hotel 대전광역 출장안마 also offers

    ReplyDelete
  42. I am using the software to scan for viruses on a windows drive, but the sata to usb adapter doesn't seem to be recognized by the software, either that or the software is not able to see all of the drives. I went to the /mnt folder and saw sda2 through sda5 using the mc command. But i have 5 physical drives including the usb drive that i use to house the antivirus software (used rufus to "burn" it onto the usb drive) and 8 (or more if you count the recovery partitions) partitions across those physical drives so you know that I'm missing some in the list. The sata to usb should not need any special drivers so i am unsure how to fix this so that i can scan specifically the sata drive on the usb adapter. Any ideas? By the way i am using a laptop that does not have any more room for any more drives so i cannot just insert them into the pc to scan them

    ReplyDelete
  43. Thank you for sharing this useful information. Do you know Antivirus is really necessary if you want to keep your Computer, laptop, phone, or another electronic device that comes enabled with webcams are safe. If you want to know about antivirus follow our blog, and here is our latest blog:- What is Virus Signature.

    ReplyDelete
  44. you are absolutely welcome! Love your blog and posts! 
    Private Equity Funding

    ReplyDelete
  45. Thanks for the informative and helpful post, obviously in your blog everything is good.
    Foreign Company Registration in India

    ReplyDelete
  46. Excellent blog.Very helpful
    https://ezybizindia.in/subsidiary-company-registration/

    ReplyDelete