Not everyone has good internet access or have problem with restriction such proxy password, port blocking etc.

That thing also happen  to our division, when we must doing regular maintenance including latest standar operating procedure that implement Clam Anti Virus in System Rescue CD we don’t have internet access due to security policy during attack of clicker worm.

That means no virus definition!

But Anti virus without latest defintion is not good, I took offline solution for update clam anti virus.

Here’ s the steps :

1. Checking clamav version :

clamd -V

ClamAV 0.94.2/8970/Tue Feb 10 02:52:04 2009

2. Clamav provide offline method, we just need to download latest version from here :

http://www.clamav.org/download/cvd

3. Download main.cvd and daily.cvd from computer that has internet access and save it to usb flash disk.

4. Run system rescue cd on computer target.

5. Put USB flash disk on computer target.

6. Run these commands :

Checking flash disk location

fdisk -l

Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x6f656f65

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        1043     8377866    7  HPFS/NTFS

Disk /dev/sdb: 4043 MB, 4043309056 bytes
255 heads, 63 sectors/track, 491 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x04dd5721

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *           1         492     3948512+   b  W95 FAT32
Partition 1 has different physical/logical endings:
phys=(490, 254, 63) logical=(491, 145, 38)

Well, its located in /dev/sdb1

Mount the flash disk :

mkdir /mnt/flashdisk
mount -t vfat /dev/sdb1 /mnt/flashdisk
cp /mnt/flashdisk/daily.cvd /var/lib/clamav

Done, I use latest main.cvd so I don’t have to update it.

Run clamscan to scan as previous post.