Linux based antivirus detecting windows viruses

[Spekkio]

in my job i often find myself remotely supporting computers in other states that are infected with nasties and other malware which render the computer unusable or are a nightmare to remove from windows. so i got the bright idea to create a live CD w/ UVNC that will autolaunch and phone home, letting me clean up their systems without having to try to fight with a poisoned OS.

i'm trying to figure out what key tools to include in the live CD (as it will be a PITA to install them on a live CD every time i restart the PC or work on a new computer) and i'm a tad stumped on finding a good antivirus product that will also tackle windows viruses and properly clean up an infected windows install. do any BGers have any suggestions of decent products to use? also, do you have any other key utilities you can think of that would be valuable in other situations? already planning on stuff like disk recovery software etc, but any insight on any "must have" utils you can think of that would still fit in the footprint of a CD (many of the computers don't have DVD drives)?

[Cephius]

I think McAfee can run in pre-boot mode without starting up the OS.

I'd include ComboFix and Malware Bytes on that CD as well.

[Spekkio]

both of the aforementioned products are windows only, no? the goal was to find something linux based i could run off my live CD when the windows install cooks itself. one thing i never tried was if housecall would work as it's browser based. that may be worth trying.

[Cephius]

I thought you were just making a rescue CD with a bunch of apps on it along with the linux bootloader, but ok. Why are you just using linux though? I get it, Linux is great and all, but it's not meant for the task you're talking about. I've never heard of people developing AV solutions for Linux because well.. people use Linux to get away from viruses.

If Windows is fucked that bad, use safe mode and run the programs to clear that stuff out. If you can't get into safe mode, the computer is fucked up beyond hope, and your best bet is to reformat. No linux-based AV scanner would be able to save you at that point anyway. Good idea in theory, but IMHO not really practical.

[Skjie]

Anyone who thinks that Linux doesn't have viruses is honestly looking for trouble.

Clam AntiVirus

is what you are looking for.

[Skjie]

If Windows is fucked that bad, use safe mode and run the programs to clear that stuff out. If you can't get into safe mode, the computer is fucked up beyond hope, and your best bet is to reformat.

Also, this is terrible advice, get a Bart PE disc if you can't get into safe mode.

[Cephius]

I didn't think I'd really have to spell this out, but okay.

Look, can you recover a computer that can't get into safe mode? Sure. Is it worth it, considering the time investment? No. It's much more time and cost effective to back up the data, wipe the computer, reinstall, and be done with it. That was my point, not that it's impossible to get into a system that can't get into safe mode. Did you even read the OP's post, where he clearly states that he "doesn't want to fight with poisoned OSs"?

Also, I never stated that Linux doesn't have viruses. It's obviously a LOT less susceptible to them, which is why I said that it's solution for users wishing to get away from viruses.

Finally, ClamAV was designed for scanning incoming and outgoing e-mail, it isn't meant for scanning and cleaning Windows machines from the Linux envoirnment, which is what the OP was looking for.

[Spekkio]

the problem with the "wipe it and restore it" policy (believe me, that's my strategy when it's an option) is that the computer is in another state. this requires them shipping me the computer, repairing it, shipping it back, then praying that they are not too dense to figure out that the blue plug goes to the blue socket. since my company seems to have a very backwards view of why spares/backups are necessary, the end result is about 3-4 days of a location with no functioning computers and a potential significant loss of data. as a result, solutions that were not cost/time efficient under 98% of circumstances suddenly sound a lot better. it's because i'm sitting in that 2% margin that i'm putting this thing together. if it made sense for more situations, there would already be a prehashed live CD designed like this.

the goal of this solution is to be able to go through a repair in place, even if messy, time consuming, and incredibly obnoxious in order to minimize downtime. i fully agree that if i had physical access to the computer, AVG with the bart PE extension for it shoved into the drive would get the job done nicely (though not as nicely as just wiping the damn thing), but again i'm running into the wall of not having physical access to the computer. i need to be able to run UVNC or something like that to be able to manage the cleanup process. once i've got the situation under control enough to get back into windows, i can then throw the relevant half of the tools in the technibble suite at the drive and hopefully get it working at least long enough to get a replacement down there and get their files off.

the only real reason i'm falling back on linux is that i can get a bootable environment i can staple on a CD that isn't handicapped to hell and back like bart PE has been when i played with it. i'm not using linux b/c it's "immune to viruses" or any other "i'm a mac, i'm a PC" caliber excuse. this just seems to be the only way i can think of to remotely access the computer if windows becomes unbootable and the computer is physically over 1,000 miles away from where i am with the highest degree of technological know how being "well i took a word class."

[Bardicrune]

Have you thought about taking an entirely different approach and virtualizing the PC? You could load ESXi on the PC and create a "read-only" virtual machine where none of the changes are saved when the virtual machine is shutdown, but have a second vdisk that allowed them to save documents and etc. across sessions. It takes a little training for the user to get used to saving things to the second drive instead of just to the default save location, but once done, there are hardly ever any problems.

[Spekkio]

i've actually been looking into trying something like deep freeze for these things since outside of windows/av updates and saved documents (which i assume can be designed to bypass the deep freeze block) very little of the system changes at any significant rate.

the problem with such a huge dogma shift is i work for a brain dead moron. he once started dinking around on my web/mail server and "didn't realize" that he'd moved /etc into /home by using X as root. when the machine behaved weirdly he rebooted it and guess what. he calls me asking what inittab is and why the system can't find it. or perhaps our still live novell netware 5 file server with 3 18 gig drives in RAID 5 being our primary network repository will give you a better idea of the environment i work in. as such, a quick and dirty tool for myself (so i'm not listening to him bitch about how it's too hard to use. like DHCP. yes. that's right. we don't even use DHCP here b/c my boss is THAT brain dead.) seems like the best way to get done what i need without having to get embroiled in another office politics game.