WUGNET, the Windows User Group Network
Your Complete Resource Center for "The Best" in Shareware, Computing Tips and Support, Windows Industry News... and much more!
Home Forums Shareware Windows Tips Hot Offers FREE Newsletters Arcade Contact Us About Partners
Search WUGNET: RSS Feeds RSS Feeds Advertise with WUGNET    |    Shareware eBooks
HomeHome FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

F-PROT for Linux - Trying to check bootsector

  
   Home -> Security -> F-PROT RSS
Next:  modifying memory usage of a program (F-Prot)?  
Author Message
Georg Peters

External


Since: Aug 19, 2005
Posts: 2



(Msg. 1) Posted: Fri Aug 19, 2005 8:38 am
Post subject: F-PROT for Linux - Trying to check bootsector
Archived from groups: alt>comp>anti-virus, others (more info?)
F'up to alt.comp.anti-virus

I'm using F-PROT for Linux 4.5.4 from a non-root userid.
This is working fine on checking files and archives in read-only
mounted file systems (WIN-VFAT, FLOPPY-MINIX and CDROM-ISO9660).

How to check for bootsectors ? I tried following...

/dev/hda owned by root -> chmod 644 /dev/hda
giving read access on the raw disk device to the scanning userid,

similar -> chmod 644 /dev/fd0

ln -s /dev/hda /home/userid/scantest/hda
ln -s /dev/fd0 /home/userid/scantest/fd0

f-prot -follow /home/userid/scantest ...seems to have no effect,
is f-prot unable to read the device "file"? (option -follow should
at least follow the link).

Next try...

dd if=/dev/hda of=/home/userid/scantest/hda bs=4096 count=1
dd if=/dev/fd0 of=/home/userid/scantest/fd0 bs=4096 count=1

f-prot -collect /home/userid/scantest

(-collect
Scan a virus collection. This option is intended for advanced
users. When this option is used it will, e.g. scan for bootsector
viruses within files, even though the virus resides within a file
instead of a bootsector. *** from the f-prot.1-manpage ***)

The files containing dumped first blocks from the devices now are
scanned but nothing is reported, obviously I didn't expect infection.

Has anybody verified this procedure? Are there test cases available?

Regards Georg
Back to top
Login to vote
Georg Peters

External


Since: Aug 19, 2005
Posts: 2



(Msg. 2) Posted: Wed Sep 14, 2005 2:53 am
Post subject: Re: F-PROT for Linux - Trying to check bootsector [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Georg Peters wrote:
>
> dd if=/dev/hda of=/home/userid/scantest/hda bs=4096 count=1
> dd if=/dev/fd0 of=/home/userid/scantest/fd0 bs=4096 count=1
>
> f-prot -collect /home/userid/scantest
>
> (-collect
> Scan a virus collection. This option is intended for advanced
> users. When this option is used it will, e.g. scan for bootsector
> viruses within files, even though the virus resides within a file
> instead of a bootsector. *** from the f-prot.1-manpage ***)
>
> The files containing dumped first blocks from the devices now are
> scanned but nothing is reported, obviously I didn't expect infection.

Got a reply from FRISK, this procedure will find a bootsector virus.
Good news, record closed.

Regards Georg
Back to top
Login to vote
Display posts from previous:   
       Home -> Security -> F-PROT All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Categories:
 Windows XP
 Windows Vista
 Windows Other
 Office
 Office Other
  Security
 WinRAR
  • Home |
  • Shareware |
  • Windows Tips |
  • Hot Offers |
  • FREE Newsletters |
  • Arcade |
  • Forums |
  • eBooks |
  • About WUGNET |
  • Partners |
  • Contact

  • WUGNET Privacy Policy |
  • Link to WUGNET