Hi all, it's worth noting here that if the PC is infected with a Kernel-Mode
rootkit, the chances of even detecting it whilst windows is running is very
poor regardless of the method used. This is another good reason why scanning
all incoming data is the safest approach.
Cheers
Darren
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
Sent: Wednesday, 15 November 2006 11:59 PM
To: Quark IT - Hilton Travis
Cc: focus-virus@securityfocus.com
Subject: Re: How to - Scan a Windows machine for virus from a Linux
machine
2006/11/14, Quark IT - Hilton Travis <Hilton@quarkit.com.au>:
Hi Ivan,
There simply is no OSS AV product capable of doing what you are wanting to
achieve. Besides, running scheduled scans is far, far from an effective way
to stop viruses and other malware - you are orders of magnitude better off by
running an on-access scanner that scans in realtime to stop infections
happening, not trying to clean up after an infection has occurred.
Hello Hilton,
Indeed my intention is not to run the AV from Linux on an special
schedule, my intention is to disinfect one machine (or two maybe :) )
due that they are already infected, and the AV installed on them is
not doing the job. Of course I am aware that an on-access scanner is
the best solution but in my actual scenario the machines are already
'compromised' (they are configured to do on-access scanning, though)
then it occur to me that doing a disinfection from a Linux machine
over the LAN could be a good idea instead reformatting the machines,
that's what I started this thread and yes is not a good idea in the
sense that it is not very straight forward and even in a 1Gbit LAN is
going to be slow, of course what you mention in another mail about
that using smbfs and ClamAV will possible not scan all the files due
to locks and etc. but still this can work in some cases, it is just
another tool/method against these kind of problems.
Thank you for sharing your thoughts.
--
Iván Alemán
----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
