System rescue and virus scanning with Dr.Web LiveCD

There are several Live CD's for system rescue, forensics, network security and other tasks available, but perhaps less known is a live CD from Dr.Web, a Russian IT-security solutions vendor.

The CD allows for attempting the rescue of Windows and UNIX systems and provides a file manager and editor combined with anti-virus (AV) scanning with a proprietary solution that is in this case free to use, as in beer. Given that there have been instances where a virus has managed to inhibit or even destroy parts of an anti-virus software, a solution running from CD seems a good idea.

One can also download a trial of the AV software for Linux, FreeBSD, Solaris, Mac OS X, Novell Netware, UNIX and Kerio mail servers. The product has several independent databases for virus and malware detection, for spyware, dialers and what is called joke programs. The databases update incrementally with often only a few kilobytes to download, and new add-ons are often issued several times a day. I find the incremental updating particularly useful. Last time I used them on Windows -- which is admittedly years ago -- several of the big-name vendors still made me download the entire database of 4 MB once a week.

Dr.Web LiveCD - the default desktop

Dr.Web LiveCD is based on Linux and uses Openbox and LXPanel for its graphical environment. On top of this, Firefox and Sylpheed are included to make it possible to work on downed systems and fire off a quick email if necessary or perhaps get some troubleshooting advice on the web or log on to the Intranet. Midnight Commander and Leafpad complete the small collection of applications. On boot one can opt to load into a standard GUI mode or into a safe mode with the command-line interface, leading to advanced features such as the console scanner or the creation of a USB Flash drive to boot from. Other options are to boot from hard drive or memory test.

Dr.Web LiveCD - text interface menu

The creation of a USB stick is rather easy: After booting into safe mode, another menu pops up from where one can shut down, start the graphical environment, update the databases if connected, or start the shell which will drop you to a Bash prompt. Then simply type create_usb sdb1 (adjust according to where your drive is, of course). This, according to the manual, leaves files already on the drive intact. If the connected Flash drive has several partitions, files will be written to the bootable one. After some playing around I remembered that there was a shortcut on the desktop to create a live USB as well, and some digging around in the manual confirmed that this can be done automatically as well. Perhaps there are instances where this does not work, so it's always nice to also have the command-line option.


Scanning Options

By default all partitions on the hard drive are selected for scanning. In the graphical environment there are tabs through which the checking mode (fast, full or advanced) and actions to be taken on detection can be selected. Under 'Checking' the full scan is selected by default. This enables deep scanning of archives, symbolic links and the heuristic analyzer which are disabled in the fast check mode. The advanced mode allows to further customize file types and formats and to set the degree of compression and nesting levels for archives to be scanned. Here you can also set the length of log files and if you want to keep any around in the first place. The 'Actions' tab allows for setting whether to report, quarantine or attempt to cure infected mail, archives and files. Here you can also set what is to happen to detected adware, riskware, jokes and so on.

Dr.Web LiveCD - scanning options dialog

If you go for the Console Scanner the options and switches available allow for a seemingly endless combination, giving more flexibility. However, the average user will rarely need more than what is available through the GUI. Professional system administrators may appreciate the options on occasion though. The general format of the scan start command is as follows:

/opt/drweb/drweb -path= [options]

where is the path to the directory or file to be scanned. If no options are specified after the path the default settings are used. Thankfully a manual is included on the CD so you won't have to learn all this beforehand.

Dr.Web LiveCD - select actions dialog

Minimum requirements: an i386 processor, 128 MB of RAM or 64 MB in text mode; a drive to run from or a virtual machine with access to the USB ports to create a live stick. Dr.Web also provide a free link checker in the form of an add-on for Firefox and Opera (and Internet Explorer), which integrates into the shell menu when hovering over a link. Quick download link to the live CD image (the latest version at the time of writing): minDrWebLiveCD-5.0.2.iso (84.5MB, MD5). A 58-page user manual is available from here (PDF format).

Conclusions

Of course we already have ClamAV and in terms of the scanner interface and incremental updates both appear quite similar; however, I am not aware of a ClamAV live CD. On top of this, security-conscious people do not like to put all their eggs in one basket and it is recommended in some settings, even at home, to periodically scan and re-check with different products. I have had anti-virus software in the past detect Trojans that another (free) one did not detect. This was on a different operating system, but you don't have to use this rescue CD exclusively on your UNIX/Linux systems.

Dr.Web LiveCD - updating the virus database

I personally don't run any real-time AV protection and do not feel like installing ClamAV or any other solution on my boxes - it reminds me too much of that other operating system and days long gone. I do however load this CD into my tray from time to time and give the system a good scan after an update without bogging it down day-in-day-out with needless scanning tasks. It all depends on your habits, though, and practicing good internet and computer hygiene goes a long way already. I have yet to encounter a virus or functional malware downloaded in a drive-by situation on my Linux PCs, but it is just as much to protect the users of other operating systems and not to forward infected files to friends and colleagues. A mail server should probably rather be running a real-time solution, as should a file server if you have a lot of document exchange going on and have other operating systems on the network.

Although this is proprietary software I have found it quite useful, and hope bringing it to attention here on DistroWatch will contribute to making our computing a little bit cleaner and safer.

source: Distrowatch

If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:

Related Post 20/03 - Lubuntu is a fast, lightweight and energy-saving variant of Ubuntu using the LXDE (Lightweight X11 Desktop Environment) desktop 19/03 - Midge, midi sequencing from the comfort of your text editor 12/03 - PC/OS is a Xubuntu-based desktop Linux distribution 10/03 -MCNLive is a Mandriva-based live CD developed by MandrakeClub.nl in the Netherlands 10/03 - PCLinuxOS is a free easy to use Linux-based Operating System for desktops or laptops 09/03 - SME Server is a Linux distribution based on CentOS offering an operating system for computers used as web, file, email and database servers 03/03 - Linux From Scratch (LFS) is a project that provides you with the steps necessary to build your own custom Linux system 28/02 - Vine Linux is a supreme Linux distribution with integrated Japanese environment for desktop PCs and notebooks 28/02 - Igelle is an advanced modern operating system for desktop computers, mobile devices, embedded systems and server computers 27/02 - SliTaz GNU/Linux is a mini distribution and live CD designed to run speedily on hardware with 256 MB of RAM
	Linux Links 24/03 - Meter Bridge, McTools-lite, mhWaveEdit and Mcp-plugins, collection of Audio for Ubuntu 10.04 Lucid Lynx 20/03 - Trepidation is a first person shooter set in the future based on the GPL IOQ3 Quake Engine 19/03 - Mikmod, portable tracked music player 19/03 - Midish is a MIDI sequencer/filter implemented as a shell-like interpreter 14/03 - Vgrabbj is a program that will grab an image from a v4l compatible device 05/03 - TSSHP is a project to reverse-engineer and recode the 3D role-playing/shooter games from Looking Glass 04/03 - Tuxánci are czechoslovak multiplatform action game inspired by game Bulánci 27/02 - VDR (Video Disk Recorder) can also operate as an mp3 player and DVD player using available plugin 22/02 - Screenshots Gtk Applications for Mono 21/02 - Element is designed to be run as a dedicated media PC in the lounge room, connected to a high definition television 17/02 - Mozilla, that the internet should be public, open and accessible 10/02 - White Dune is a low level VRML97 tool for Unix/Linuxs