[clamav-users] Scanning Win32 Volumes
shane at virusbusters.co.nz
Tue Aug 18 18:00:49 EDT 2015
Further to that - you don't need to remove stuff by hand - your two
|Removal of viruses: clamscan -r -i --remove /mnt/WinXP <- removes all
files found as infected permanently - dont use that with detect-pua
options as that sometimes throws false positives. Quarantine of viruses: |||clamscan -r -i --move=~/VIRUSEDFILES /mnt/WinXP <-- this will remove
files to a folder in your home folder called VIRUSEDFILES. It would be
worth creating that folder befroe scanning ( mkdir ~/VIRUSEDFILES ) | |
Another possibility is to move the infected files to another folder with
the option |--move=FOLDER|, so you can later check which files of them
maybe not infected or a virus.
On 19/08/2015 9:56 a.m., Shane Hollis wrote:
> The process to do that is:
> I'm assuming your Windows XP folder / partition is /dev/sdb1 if it
> is different substitute the location in the examples below.
> to find its location try sudo fdisk -l <--- thats an L - lowercase
> Also if the WinXP partition was unmounted uncleanly you might need
> to use a -o force option in the end of the mount command
> Create a mount point ( sudo mkdir /mnt/WinXP )
> Mount the Windows XP drives. ( mount -g /dev/sdb1 /mnt/WinXP )
> Run clam on it /sudo clamscan -r -i --detect-pua //mnt/WinXP
> Ta dahh!! all done.
> There is a remotve option in clam which if you use it will work as
> long as the partition is mounted RW.
> On 19/08/2015 9:44 a.m., Benny Pedersen wrote:
>> J skrev den 2015-08-18 21:18:
>>> I haven't been able to find this answer in the archives.
>>> Can I scan WinXP archive drives for malware with ClamAV running on my
>>> Ubuntu laptop and find any viruses, bots, or whatever?
>>> With ClamAV, I'll just have to delete the infected files, correct?
>>> No cleaning?
>> clamwin can use clamav signatures
>> Help us build a comprehensive ClamAV guide:
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users