System rescue cd from http://www.sysresccd.org/ include clam anti virus, during our standard operating procedure process I use this cd as one of virus detector.
How I use it :
1. Download latest version from http://www.sysresccd.org/
2. Burn into CD
3. Start Computer and set BIOS to load CDROM as first loader :
4. Enter default menu by hit Enter, after everything loaded you’ll see this screen :
5. Setting Ip, gateway and dns for resolving address.
ifconfig eth0 inet 192.168.12.107/24
route add default gw 192.168.12.1
echo ‘nameserver 192.168.12.1’ > /etc/resolv.conf
6. Try network connection using ping
ping yahoo.com
PING yahoo.com (206.190.60.37) 56(84) bytes of data.
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=1 ttl=47 time=373 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=4 ttl=47 time=356 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=6 ttl=47 time=414 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=7 ttl=47 time=408 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=8 ttl=47 time=353 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=9 ttl=47 time=363 ms
^C
— yahoo.com ping statistics —
10 packets transmitted, 6 received, 40% packet loss, time 9457ms
rtt min/avg/max/mdev = 353.667/378.221/414.335/24.191 ms
7. Checking windows partition
fdisk -l
Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x6f656f65
Device Boot     Start        End     Blocks  Id System
/dev/sda1Â Â *Â Â Â Â Â Â Â Â Â Â 1Â Â Â Â Â Â Â 1043Â Â Â Â 8377866Â Â Â 7Â HPFS/NTFS
as you see windows partition in ‘/dev/sda1’
8. Mounting windows partition to /mnt/winc
mkdir /mnt/winc
ntfs-3g /dev/sda1 /mnt/winc
9. Update clam anti virus to latest virus definition
freshclam
ClamAV update process started at Sun Feb 8 10:17:27 2009
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven)
Reading CVD header (daily.cvd): OK
WARNING: getfile: daily-8684.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can’t download daily-8684.cdiff from database.clamav.net
WARNING: getfile: daily-8684.cdiff not found on remote server (IP: 222.124.18.20Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 1)
WARNING: getpatch: Can’t download daily-8684.cdiff from database.clamav.net
WARNING: getfile: daily-8684.cdiff not found on remote server (IP: 222.124.18.20Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 1)
WARNING: getpatch: Can’t download daily-8684.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 8963, sigs: 75625, f-level: 38, builder: guitar)
Database updated (513597 signatures) from database.clamav.net (IP: 222.124.18.201
10. Scan windows partition using clamscan
clamscan -vri /mnt/winc
v = verbose, see the process
r = recursive
i = print infected file
The process will take some time depend on how big your windows partition and computer speed.
11. See the summary
———– SCAN SUMMARY ———–
Known viruses: 513111
Engine version: 0.94.2
Scanned directories: 603
Scanned files: 4592
Infected files: 1
Data scanned: 772.54 MB
Time: 657.436 sec (10 m 57 s)
As you see infected files, 1 file.
To delete that file use :
clamscan -vri –remove /mnt/winc
Yes, –remove will remove the file.