-->
Seguimi in Twitter Seguimi in Facebook Seguimi in Pinterest Seguimi in LinkedIn Seguimi in Google+ Seguimi  in Stumbleupon seguimi  in instagram Sottoscrivi il feed
Blender, graphic, software, open source, Linux LibreOffice, open source, openoffice Gimp, graphic, software, open source, Linux kernel, Linux, software, open source Linux, distributions, Ubuntu, Linux Mint, Fedora, Mandriva Jamin, gpl, library, open source matroska, multimedia, container, linux pcman, file manager, linux LuninuX, distribition, Linux, open source Linux, infographic, history
Home » , » System rescue and virus scanning with Dr.Web LiveCD

System rescue and virus scanning with Dr.Web LiveCD

There are several Live CD's for system rescue, forensics, network security and other tasks available, but perhaps less known is a live CD from Dr.Web, a Russian IT-security solutions vendor.

The CD allows for attempting the rescue of Windows and UNIX systems and provides a file manager and editor combined with anti-virus (AV) scanning with a proprietary solution that is in this case free to use, as in beer. Given that there have been instances where a virus has managed to inhibit or even destroy parts of an anti-virus software, a solution running from CD seems a good idea.

One can also download a trial of the AV software for Linux, FreeBSD, Solaris, Mac OS X, Novell Netware, UNIX and Kerio mail servers. The product has several independent databases for virus and malware detection, for spyware, dialers and what is called joke programs. The databases update incrementally with often only a few kilobytes to download, and new add-ons are often issued several times a day. I find the incremental updating particularly useful. Last time I used them on Windows -- which is admittedly years ago -- several of the big-name vendors still made me download the entire database of 4 MB once a week.

Dr.Web LiveCD
Dr.Web LiveCD - the default desktop

Dr.Web LiveCD is based on Linux and uses Openbox and LXPanel for its graphical environment. On top of this, Firefox and Sylpheed are included to make it possible to work on downed systems and fire off a quick email if necessary or perhaps get some troubleshooting advice on the web or log on to the Intranet. Midnight Commander and Leafpad complete the small collection of applications. On boot one can opt to load into a standard GUI mode or into a safe mode with the command-line interface, leading to advanced features such as the console scanner or the creation of a USB Flash drive to boot from. Other options are to boot from hard drive or memory test.
Adserver       610x250

Dr.Web LiveCD
Dr.Web LiveCD - text interface menu

The creation of a USB stick is rather easy: After booting into safe mode, another menu pops up from where one can shut down, start the graphical environment, update the databases if connected, or start the shell which will drop you to a Bash prompt. Then simply type create_usb sdb1 (adjust according to where your drive is, of course). This, according to the manual, leaves files already on the drive intact. If the connected Flash drive has several partitions, files will be written to the bootable one. After some playing around I remembered that there was a shortcut on the desktop to create a live USB as well, and some digging around in the manual confirmed that this can be done automatically as well. Perhaps there are instances where this does not work, so it's always nice to also have the command-line option.


Scanning Options

By default all partitions on the hard drive are selected for scanning. In the graphical environment there are tabs through which the checking mode (fast, full or advanced) and actions to be taken on detection can be selected. Under 'Checking' the full scan is selected by default. This enables deep scanning of archives, symbolic links and the heuristic analyzer which are disabled in the fast check mode. The advanced mode allows to further customize file types and formats and to set the degree of compression and nesting levels for archives to be scanned. Here you can also set the length of log files and if you want to keep any around in the first place. The 'Actions' tab allows for setting whether to report, quarantine or attempt to cure infected mail, archives and files. Here you can also set what is to happen to detected adware, riskware, jokes and so on.

Dr.Web LiveCD
Dr.Web LiveCD - scanning options dialog

If you go for the Console Scanner the options and switches available allow for a seemingly endless combination, giving more flexibility. However, the average user will rarely need more than what is available through the GUI. Professional system administrators may appreciate the options on occasion though. The general format of the scan start command is as follows:

/opt/drweb/drweb -path= [options]

where is the path to the directory or file to be scanned. If no options are specified after the path the default settings are used. Thankfully a manual is included on the CD so you won't have to learn all this beforehand.


Dr.Web LiveCD

Dr.Web LiveCD - select actions dialog

Minimum requirements: an i386 processor, 128 MB of RAM or 64 MB in text mode; a drive to run from or a virtual machine with access to the USB ports to create a live stick. Dr.Web also provide a free link checker in the form of an add-on for Firefox and Opera (and Internet Explorer), which integrates into the shell menu when hovering over a link. Quick download link to the live CD image (the latest version at the time of writing): minDrWebLiveCD-5.0.2.iso (84.5MB, MD5). A 58-page user manual is available from here (PDF format).


Conclusions

Of course we already have ClamAV and in terms of the scanner interface and incremental updates both appear quite similar; however, I am not aware of a ClamAV live CD. On top of this, security-conscious people do not like to put all their eggs in one basket and it is recommended in some settings, even at home, to periodically scan and re-check with different products. I have had anti-virus software in the past detect Trojans that another (free) one did not detect. This was on a different operating system, but you don't have to use this rescue CD exclusively on your UNIX/Linux systems.

Dr.Web LiveCD
Dr.Web LiveCD - updating the virus database

I personally don't run any real-time AV protection and do not feel like installing ClamAV or any other solution on my boxes - it reminds me too much of that other operating system and days long gone. I do however load this CD into my tray from time to time and give the system a good scan after an update without bogging it down day-in-day-out with needless scanning tasks. It all depends on your habits, though, and practicing good internet and computer hygiene goes a long way already. I have yet to encounter a virus or functional malware downloaded in a drive-by situation on my Linux PCs, but it is just as much to protect the users of other operating systems and not to forward infected files to friends and colleagues. A mail server should probably rather be running a real-time solution, as should a file server if you have a lot of document exchange going on and have other operating systems on the network.

Although this is proprietary software I have found it quite useful, and hope bringing it to attention here on DistroWatch will contribute to making our computing a little bit cleaner and safer.

source: Distrowatch

If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:

Related Post

Linux Links



0 commenti:

Post a Comment

Random Posts

My Blog List

Recent Posts

Recent Posts Widget

Popular Posts

Labels

Archive

Followers

Images Photo Gallery

page counter Mi Ping en TotalPing.com Subscribe using FreeMyFeed
 
Copyright © 2014 Linuxlandit & The Conqueror Penguin