INSERT linux

[cbrookerd]

alright.....i heard about this little live cd that supposedly has some useful recovery tools built in called INSERT.......the main interest i had in this was it's built in antivirus (Clam Antivirus).....i would like to use this bootable cd to go in and scan a system for virus' on a windows machine.....how would i go about doing this?.....i read the documentation on there webpage (www.insert.cd), but it was not all that helpful.....i am fairly familiar w/linux but i'm no guru....thnx for any help

 

[Randabis]

If it supports it, you probably have to mount the windows partititon(s) and then have the scanner scan them.

 

[drag]

There are a few live linux cdrom-based distros like that.

Try out Knoppix STD


It's a 'security' version of the popular Knoppix live-linux desktop cdrom.

It has all the security assesment tools you could imagine that can fit on a cdrom.

features/programs

ClamAV
Password crackers
network sniffers
network scanners
traffic monitors
tcpdump
packet generators
encrypted tunnelling programs
wireless tools
forensic tools
limited ntfs support
tools to reset passwords on Windows OSes (even administrator passwords)
All sorts of other fun and usefull stuff.

Most everything should be detected and setup automaticly on boot time.

 

[drag]

if it ends up that you need to mount partitions to scan them it goes like this on teh command line.

Each harddrive and partition has a file name associated with it. No c: drives or anything like that.

The harddrive names go like this:
/dev/hda (primary master)
/dev/hdb (primary slave)
/dev/hdc (secondary master)
/dev/hdd (secondary slave)

then each partition has a number associated with it and it's name is it's number added onto the name of the harddrive.

For instance /dev/hdc2 would be the second partition on the secondary slave ide device.

If you have SATA devices it may mess up the naming a bit.
you can find out details about the setup thru the dmesg command, and you filter it thru the grep command to filter out stuff that your not looking for.
dmesg |grep hd

and that should tell you some stuff. Alternately you can go to /proc/ide and there are directories their that include details about your avaible drives, like model and media type (like disk vs cdrom).

In Linux there is no C drive or anything such thing. You have one directory tree, with a root. Root = /
Everything you have access to is part of that tree, all file systems either on a network, ramdisks, dvd disks, harddrives, or whatnot have to be mounted to a directory on that directory tree for you to access it.

knoppix should automaticly detect and mount partitions for your conveinence. You can see the currently mounted file systems with the /etc/mtab file.

The easy way to see the contents of files is with the cat command.

cat /etc/mtab

that will show you what is mounted.

knoppix (I think) will mount things to the /mnt directory. Like /mnt/hda1. Inside that directory will be the contents of your harddrive partitions.

to manually mount a file system you make a directory and then mount the partition to it.
mkdir /mnt/harddrive
mount /dev/hda1 /mnt/harddrive

to move to a directory you go:
cd /mnt/harddrive

to scan all file and directories go like this:
cd /mnt
freshclam
clamscan -ri

freshclam updates the virus definitions and clamscan will scan the directories.

The -ri is command options and the -r tells it to do it recursively (descend into directories, otherwise it only scans current directory) and the -i tells it to only print out infected files. If you want to see the progress as it runs just go:
clamscan -r

it can take a LONG time to finish scanning.

It will give you a summary when it's finished.

Hope that helps