AntiVirus boot CD

Discussion in 'Computer Information' started by RedBack, Nov 16, 2003.

  1. RedBack

    RedBack Guest

    I've been called out a lot lately to clean up infected systems :)

    I'm experimenting with making different AntiVirus boot CD to find
    which will work the best with Windows FAT32 & NTFS systems. And is
    easy to keep the signatures updated.
    Basically I make a DOS Boot CD with the AntiVirus command line
    scanners....with a menu for FAT32 & NTFS
    The NTFS option loads NTFSPRO then runs the scanner.
    F-Prot works OK in both systems.
    Norton's NAVDX.EXE works great on FAT32 but halfway through NTFS it
    dies with errors.
    I'm downloading AntiVir now to try their command line scanner
    AVE32.EXE.
    Any other command line scanners you can suggest, or help & advice will
    be appreciated.

    RedBack
     
    RedBack, Nov 16, 2003
    #1
    1. Advertisements

  2. RedBack

    Plato Guest

    Good to know. What does ntfspro run these days?
     
    Plato, Nov 18, 2003
    #2
    1. Advertisements

  3. RedBack

    Thor Guest

    my question would be as to whether Redback has used F-prot to actually fix,
    or remove a virus in this fashion. Scanning for a virus using an NTFS-aware
    boot disk is one thing, but removal is another, because that requires
    writing to the NTFS partition using the DOS NTFS driver. Something I'm a
    little leery about doing to a customer's system.



    ...
     
    Thor, Nov 18, 2003
    #3
  4. RedBack

    RedBack Guest

    As my original post said, I'm only experimenting at this stage to try
    and create a boot AntiVirus CD that will work.
    Tested with the EICAR test virus
    I normally remove the worm manually
    The aim is if someone has a problem I can boot from a CD in front of
    them to test it before attempting to load windows to make sure they
    haven't just stuffed up something and waste time by taking their word
    that they haven't done anything :)
    To be honest I don't have a lot of faith in running it from DOS on
    NTFS at this stage as a poster told me in another group that there's a
    problem if the user has a path statement longer than 64 characters in
    NTFS.
    I'm open to any ideas.


    RedBack
     
    RedBack, Nov 18, 2003
    #4
  5. RedBack

    RedBack Guest

    From a reply post at aus.computers

    On Sun, 16 Nov 2003 10:54:33 GMT, "Justin Thyme"

    I've done similar with FProt - have a boot CD then put the latest
    definitions on my thumb drive. Pretty easy to load dos drivers for a
    thumb
    drive, then unzip the latest definitions from there to a ramdisk.
    Then I
    load NTFSDOS to give me access to NTFS partitions. BUT...
    big problems with WXP/W2000 based systems. Basically what causes it
    is
    this - old Dos only supported a maximum of 64 characters in the
    complete
    path name. This limitation carries over into W98 Dos, PCDos 7, WME Dos
    etc.
    WXP/2000 however allow much longer pathnames, and in practice systems
    with
    these OS's will have many paths that are longer - this will be the
    case
    whether you use NTFS or FAT32. My system for example has:
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRA~1\ACCESS~1\ACCESS~1
    which is 71 characters long (only counting the short names). So what
    happens
    is when you boot in DOS mode, the system can only scan until it
    encounters a
    path of longer than 64 characters. Norton's will bomb out with an
    error
    message, but FProt will just stop scanning there and say it has
    finished,
    with no error messages whatsoever. I was starting to think FProt was
    not
    capable of detecting some viruses, because it would say systems that I
    knew
    had certain viruses were clean. Took me ages to trace what was really
    happening. I believe the correct behaviour should be that it gives a
    warning
    that it can't scan any deeper into the directory tree, but continue
    scanning
    what it can access.

    So far I haven't worked out a satisfactory solution to the problem.
    The
    other alternative would be a windows based scanner that can run off a
    CD/thumbdrive without requiring installation, and can have updated
    definitions simply by copying the relevant files to a disk


    RedBack
     
    RedBack, Nov 18, 2003
    #5
  6. RedBack

    Plato Guest

    In other words, if you use a ntfs third party dos driver, f-prot _has_
    to use it to write to the fat. On the other hand, if you boot to safe
    mode in XP, f-prot just calls XP to write to the fat. Correct?
     
    Plato, Nov 19, 2003
    #6
  7. RedBack

    Thor Guest

    correct.
     
    Thor, Nov 20, 2003
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.