The CD allows for attempting the rescue of Windows and UNIX systems and provides a file manager and editor combined with anti-virus (AV) scanning with a proprietary solution that is in this case free to use, as in beer. Given that there have been instances where a virus has managed to inhibit or even destroy parts of an anti-virus software, a solution running from CD seems a good idea.
One can also download a trial of the AV software for Linux, FreeBSD, Solaris, Mac OS X, Novell Netware, UNIX and Kerio mail servers. The product has several independent databases for virus and malware detection, for spyware, dialers and what is called joke programs. The databases update incrementally with often only a few kilobytes to download, and new add-ons are often issued several times a day. I find the incremental updating particularly useful. Last time I used them on Windows -- which is admittedly years ago -- several of the big-name vendors still made me download the entire database of 4 MB once a week.
The creation of a USB stick is rather easy: After booting into safe mode, another menu pops up from where one can shut down, start the graphical environment, update the databases if connected, or start the shell which will drop you to a Bash prompt. Then simply type create_usb sdb1 (adjust according to where your drive is, of course). This, according to the manual, leaves files already on the drive intact. If the connected Flash drive has several partitions, files will be written to the bootable one. After some playing around I remembered that there was a shortcut on the desktop to create a live USB as well, and some digging around in the manual confirmed that this can be done automatically as well. Perhaps there are instances where this does not work, so it's always nice to also have the command-line option.
By default all partitions on the hard drive are selected for scanning. In the graphical environment there are tabs through which the checking mode (fast, full or advanced) and actions to be taken on detection can be selected. Under 'Checking' the full scan is selected by default. This enables deep scanning of archives, symbolic links and the heuristic analyzer which are disabled in the fast check mode. The advanced mode allows to further customize file types and formats and to set the degree of compression and nesting levels for archives to be scanned. Here you can also set the length of log files and if you want to keep any around in the first place. The 'Actions' tab allows for setting whether to report, quarantine or attempt to cure infected mail, archives and files. Here you can also set what is to happen to detected adware, riskware, jokes and so on.
Dr.Web LiveCD - select actions dialog
Minimum requirements: an i386 processor, 128 MB of RAM or 64 MB in text mode; a drive to run from or a virtual machine with access to the USB ports to create a live stick. Dr.Web also provide a free link checker in the form of an add-on for Firefox and Opera (and Internet Explorer), which integrates into the shell menu when hovering over a link. Quick download link to the live CD image (the latest version at the time of writing): minDrWebLiveCD-5.0.2.iso (84.5MB, MD5). A 58-page user manual is available from here (PDF format).
Of course we already have ClamAV and in terms of the scanner interface and incremental updates both appear quite similar; however, I am not aware of a ClamAV live CD. On top of this, security-conscious people do not like to put all their eggs in one basket and it is recommended in some settings, even at home, to periodically scan and re-check with different products. I have had anti-virus software in the past detect Trojans that another (free) one did not detect. This was on a different operating system, but you don't have to use this rescue CD exclusively on your UNIX/Linux systems.
I personally don't run any real-time AV protection and do not feel like installing ClamAV or any other solution on my boxes - it reminds me too much of that other operating system and days long gone. I do however load this CD into my tray from time to time and give the system a good scan after an update without bogging it down day-in-day-out with needless scanning tasks. It all depends on your habits, though, and practicing good internet and computer hygiene goes a long way already. I have yet to encounter a virus or functional malware downloaded in a drive-by situation on my Linux PCs, but it is just as much to protect the users of other operating systems and not to forward infected files to friends and colleagues. A mail server should probably rather be running a real-time solution, as should a file server if you have a lot of document exchange going on and have other operating systems on the network.
Although this is proprietary software I have found it quite useful, and hope bringing it to attention here on DistroWatch will contribute to making our computing a little bit cleaner and safer.
If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog: