Slashdot Mirror

← Back to Stories (view on slashdot.org)

CDROM-Based Virus Scanners?

Posted by Cliff on from the hands-off-bug-hunting dept.

cheros asks: "Pretty much every virus checker I've seen requires installation of a couple of MB worth of data on the HD. However, in a controlled or accredited environment (say, a hospital) installation of external software can invalidate the build, and the checking process can adversely affect timing (in, say, plant control systems), so I'm looking for a virus checker that works from a CD. This obviously means the CD needs updating when new signatures come out, but at least it's a 'hands off' sweep of the system that can be done during maintenance down-time (and assures me that the virus software itself can't compromised). The only workaround I have at the moment is that critical system files can be checksummed to prove integrity (MD5 is your friend ;] ). That's OK for the systems that are fairly static (no, not blue screened, less data changes on the disk =] ), but systems where config data changes (say, a DDNS) are less easy to check. It's mostly a Windows problem (with &^$$& locked files being a pain), but the same situation can arise on any platform. Got any ideas?"

5 of 48 comments (clear)

  1. Norton Systemworks 2001 by karnal · · Score: 3, Informative

    I've got a copy of Norton Systemworks 2001 at work that states on install, that you should boot to the cd-rom and have it do a virus check before you install the software (Norton Antivirus is included in this suite...)

    I've not used it yet; the only risk I would say you'd run is if you have a virus that is not detected with the CD build of the virusscan... Pretty hard to do updates to read-only media.... but for a general sweep of the machine, you'd be good to go.

    Maybe there's a way to "repackage" the bootable portion of the cd / virus definitions, and go that route? I'm sure Norton has had requests for this before, and it wouldn't take much time talking with their support (never had to contact them myself) to see if this is the case...

    We're in the same boat, though... Validated systems; since I work in Network Architecture, one of the problems we run into is we can't put ANYTHING on servers that isn't validated (i.e. packet sniffing/analyzing agents, etc.) I see their point, so in the end we just mirror ports :) (slightly ot, I know)

    --
    Karnal
  2. F-PROT by reynaert · · Score: 3, Informative

    You could probably use the DOS or Linux version of F-Prot. It doesn't need to write anything, and it has some nice command-line options for automated scanning etc.

    With a little effort, you can even fit the DOS version on a single floppy. You'll need to store it compressed, and uncompress it to a ramdisk when booting.

    1. Re:F-PROT by Tux2000 · · Score: 2, Informative

      The guys and girls of the german c't magazine combined toms rescue boot disk with F-Prot for Linux and pressed it onto a CDROM shipped with the issue 13/2002. You can order this issue for 3 EUR + shipping (1 EUR is round about 1 US $).

      If you can get internet access with that CDROM, you can even update the scanner and the data files. (And as a nice bonus, you get 600 MBytes Freeware and Shareware.)

      Tux2000

      --
      Denken hilft.
  3. A bit of research first ... by Blkdeath · · Score: 1, Informative
    Would have led to Symantec who ship their Norton Antivirus CDROMs as bootable CDs that can automatically check the filesystem(s) of the hard drive(s) with as little as one or two carriage returns.

    Since the scanner can also be run manually, you could install updated definitions on a floppy disk with the tab set.

    That's just off the top of my head; I'm sure The Best Friend Of The WWW could render gallons more assistance.

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

  4. You have not seen Vexira Antivirus Rescue Disk CD? by VexAdmin · · Score: 2, Informative
    I work for Central Command the company that produces Vexira Antivirus so be careful you might find a few biased statements here :-) We have Vexira Antivirus Rescue Disk (VARD) which is a bootable CD-ROM and diskette virus scanner that runs entirely in RAM. It's based on a debian micro kernel and includes a easy to follow menu. It can update the latest virus database and virus scanning engine also! Yes, even if you are using the CD-ROM version. You just need to download updates onto a floppy and select the update option on the main menu. VARD will pull them into RAM.

    It will boot and mount most any file system: Microsoft FAT 16, FAT 32, VFAT, NTFS, Linux ext2, ReiserFS and UMSDOS, IBM OS/2 HPFS, FreeBSD, OpenBSD, Solaris, and Unix UFS, CD-ROM ISO9660, Minix, FreeVxFS, Veritas VxFS, System V, Xenix, V7, and UDF.

    Vexira Antivirus Rescue Risk

    The VARD is free BTW.