I attempted to run AVG, Avast, Malwarebytes – but all for naught. The machine was so slow it seemed as if installing a simple anti-virus tool was going to take me an entire 40 hour work week. So I opted for a different approach. Instead of allowing Windows to boot, I decided it was time take advantage of my good old friend, Linux! That’s right, Linux can scan a Windows machine for viruses, and it does it quite well. And in this article I am going to show you a quick way to achieve this.

What you need

Amidst all the simplicity you will enjoy with the Linux scanning, there are a few things you will need. First you need to remove that drive from the Windows machine. That’s right, we’re going to attach it to the Linux machine and do a scan of this now “external” drive. I prefer to use a tool that allows me to attach the drive such that the drive is attached to the machine via USB.

You will also want to have a modern instance of Linux up and running. The machine can already be on. In fact, it’s better if it is.

You will also need to install an anti-virus on Linux. http://www.f-prot.com/download/home_user/ is an outstanding choice.

The “how to”

The first thing you need to do is connect the infected drive to the Linux machine. Depending upon your distribution, an icon should appear on your desktop. If it does, double click that icon so to ensure the drive mounts. Now check to where that drive mounted (most likely in /media). What you will now do is use your Linux scanning tool to scan that mounted drive.

Let’s say you are using F-Prot. To run this scan you would issue the command:

fpscan –disinfect /media/DISK

Where DISK is the mount point of your disk.

This will scan that drive and disinfect it. Understand that if one scanner doesn’t locate the infected files you might want to run a different scan. You can use ClamAV for email-based viruses (Check out my article “Scan your Linux machine for viruses with ClamTK” for using a GUI front end for ClamAV). NOTE: I will be doing an article on installing and using Avira Antivir on Linux this week.

Hopefully one of your anti-virus tools will have caught the culprit and either quarantined or removed the virus. Once you are done with the scan, make sure you unmount the “external” drive before you remove the hardware.

After the hard drive is off the Linux machine, re-install it to the Windows machine, and boot up. Hopefully you are good to go.

Final thoughts

You probably never thought you would need any anti-virus on a Linux machine. Well, if your Windows machine has become unusable you have found the perfect use for such a combination. And  remember, if you are using Linux for your mail server, you should certainly have anti-virus installed.

For Linux, ClamAV is one of the best virus scanners. And not only is ClamAV one of the best, it also has a great front-end for users who prefer to not have to deal with command line tools. That front-end? ClamTk. In this article you will learn how to install and use ClamTk to keep your Linux box virus free. Your friends and co-workers might thank you in the end.

Installation

First and foremost, ClamAV is required (You can read more about ClamAV in my article “Add antivirus to Postfix with ClamAV“) so you will need to have that installed and updated (might even be wise to make sure ClamAV is the latest version and run the freshclam command to update your virus signatures before you begin the installation of ClamTk).

If you’re unsure how to update ClamAV you can do so fairly easily. Let me show you how to update ClamAV in Debian. Follow these steps:

1. Open up a terminal window.
2. Gain super-user access (either with the su command or using sudo – depending upon how you use/administer your system).
3. Open up the /etc/apt/sources.list file in your favorite editor.
4. Add the line deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free to the bottom of the file.
5. Save and close the sources.list file.
6. Issue the command apt-get update.
7. Issue the command apt-get install clamav clamav-base clam-freshclam.

Your ClamAV should be up to date. Now let’s install ClamTk.

From the same terminal window, issue the command apt-get install clamtk which will install the latest version of ClamTk. You are ready to scan.

Using ClamTk

Figure 1

To open the ClamTk window (see Figure 1) you can either click Applications > System Tools > Virus Scanner or from either the run dialog (<Alt>F2) or a terminal window issue the command clamtk. One of the first things you should do is click Help > Update Signatures which effectively runs the freshclam command.

You can take care of scanning a few different ways:

• Click Home button (the Home icon) to do a quick scan of your ~/ directory.
• Click the Binoculars icon to scan a single file.
• Click the magnifying glass to scan a directory.
• Click Scan > Recursive Scan to scan a parent directory and it’s children.
• Click Scan > Home (thorough) to do a more thorough scan of your home directory.

Since I use Claws Mail, I would want to do a recursive scan on the ~/Mail directory. I will warn you, a thorough, recursive scan can be somewhat resource intensive. So if you need to do this type of scan, you might want to do it when you’re not busy, otherwise your machine might become a bit less responsive.

Final thoughts

I am happy to say that I have yet to come across an infected file on any of my Linux machines. Does that mean I will stop scanning? No. I get a ton of email, and I prefer to do my part to ensure that no email that might leave my inbox (especially forwards) contains a virus. You should do this as well, even when Linux is your main operating system.

Unlike ClamAV, KlamAV is a GUI tool. So there’s no need for opening up a terminal window and learning commands in order to scan either KMail or Evolution for viruses. And KlamAV is full of user-friendly features. Let’s take a look at how this gui tool can give you and your users even more of a security edge than they already have thanks to the Linux operating system.

Getting and installing

More than likely KlamAV and its requisite ClamAV are in your distributions repositories. So if you open up your Add/Remove Applications tool you can install KlamAV using the following steps:

1. Do a search for “klamav” (no quotes).
2. Select the resulting KlamAV listing.
3. Click Apply.
4. OK the dependencies.
5. Sit back and watch the installation happen.

When the install completes, you are ready for your first KlamAV run.

First run

When you run KlamAV for the first time you have to walk through an easy-to-use setup wizard. This wizard will have you locate your signature database and quarantine locations (the defaults will work) and that’s it. When the wizard completes you will more than likely be told your installation (or signatures) is out of date.

Figure 1

As soon as KlamAV is running for the first time you will see the Update tab of the KlamAV window (see Figure 1). Automatically a new virus definition will begin downloading. Once that is finished you are ready to start scanning.

The first thing you want to do is go to the Email Protection tab and select your email client. As stated earlier, KlamAV can protect both Kmail and Evolution. If you use Kmail KlamAV can set it up automatically. If you use Evolution you have to set up a filter in Evolution to pipe incoming and outgoing mail through klammail. Once that filter is set up you have to create a second filter to send any email with “virus-found” in the header to a quarantine folder.

If you click on the Scan tab you will notice a directory tree. From here you can scan files with the help of the kernel module Dazuko. So you can manually scan your directories for viruses.

Auto update

You can also set KlamAV to automatically update your virus database (definitions).  To do this go to the Update tab and then click on the “Update Virus Database Automatically” and then select how often you want it to be automatically updated. You can also manually update the database by clicking the Update Now button.

But why?

You may be asking yourself “why employ a virus scanner on Linux when the vast majority of viruses can’t harm my machine?” That is true, but those viruses can harm all of those people you might forward an email to who use Windows. To protect them why not scan all of your outgoing email. Better safe than sorry in that regard.

Final thoughts

Even if you are running the Linux operating system, you would do well to employ some form of anti-virus, even if only to protect users you forward email to. And if you do look for a Linux anti-virus, KlamAV is one of the best.