Re: A virus scanner on linux for windows partition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2010-07-04 at 09:22 -0700, JD wrote:
> So far, clamav has not found anything in the mounted windows partition.
> That could be good news or bad news :) :)

Systems running windows from an infected disk are often unable to find
the infection, as the infection often installs a root kit that hides the
infection from the virus scanner.

When you boot linux and scan the disk using clamav you have a good
chance of finding infections that even expensive anti virus apps running
on the infected windows system couldn't find.

I have several times found infections on running windows systems by
remotely mounting their C: drive (the C$ share) on my linux box and
running clamav on them. That way I can check them without downtime.

How does the infection get past the windows anti-virus? It could either
be something new that wasn't detected yet when you got infected. Or (as
in my case) systems that need to have anti-virus disabled for certain
data directories and applications because of performance problems.
Combine that with a need to allow connections to that same app from the
internet... Recipe for infections.

I usually find 3 different 'hits' on infected systems, and when looking
up the signatures on the web I usually find that one is the component
that initially infected the system. That one then downloads and installs
a root kit to hide itself, and then a backdoor to offer services.

-- 
birger

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux