[plug] Anti Virus LiveCD

Craig Ringer craig at postnewspapers.com.au
Wed Jun 22 10:39:02 WST 2005


On Wed, 2005-06-22 at 11:48 +0930, Onno Benschop wrote:

> Going on-site each day and needing to install AVG

I didn't think AVG's license permitted commercial use. I hope I
misundersood/misread, because then it's open-season here ;-) . Sadly,
their prices jump rather sharply once one looks at more than a couple of
workstations, otherwise I'd just buy it.

> I imagine there is a better way using a Linux LiveCD of some description.

NTFS will be a problem. There are scary hacks to work around it, but
IIRC they have performance limitations that might well be undesirable
for things like virus scanning a whole system.

> I've investigated ClamAV and I've been thinking about a Toms Boot Disk 
> with the command-line versions of AVG, but it all seems pretty clunky.

I'm very happy with ClamAV - works a treat. I use it as a second line of
defense in my mail server, with the first line being the quarantine of
files based on MIME type and/or file extension. Frankly, it mostly picks
up phishing messages ;-) but it does also nail the odd tricky virus.

I also use ClamAV to scan my Windows file shares and the mail spools.
I'm going to be putting ClamWin on the win32 boxes here soon, and
probably sending some cash to the ClamAV folks for rocking so much.

ClamAV does pick up more than just pure viruses/trojans/worms. I don't
know if or how far it goes into adware, though.

> I need to be able to boot the CD, use it on Win95 -> WinXP (fat, vfat & 
> ntfs), be able to keep it up to date - daily if necessary, preferably so 
> simple to use that I could mail it out to a distant client and have them 
> run the software.

Personally, I'd look for a commercial AV vendor that does a live CD for
their product. I know "rescue/scan CDs" are out there - some "consumer"
products will make them for you. The sole reaon I'd suggest this is
NTFS, though.

Alternately, I know it's possible to make win32 live CDs. I suspect it's
a scary black art that probably requires more access to Windows than
most folks have, though :S

Oh, how I wish MS or MainSoft would just sell an NTFS-for-Linux driver.
I'd buy a copy just for uses like this. Hmm.... *emails MainSoft*.

> Also, while I'm at it, can someone please explain why there is a need to 
> separate out scanners for Trojan Horses, Ad-Ware and Virus infestations, 
> because I completely fail to understand why it would be that these 
> things are different from each other in any way.

Most anti-virus software removes trojans, backdoors, etc. Ad-ware is a
special case, probably because (a) it's a much more recent pest, and (b)
commercial anti-virus outfits don't want to get sued.

--
Craig Ringer




More information about the plug mailing list