ClamAV

About

ClamAV is free, open-source anti-virus software for Linux, Windows, and many other operating systems.

How To

To disinfect a Windows PC by running ClamAV from an Ubuntu liveCD:

• Boot the liveCD
• Install the "clamav" package
• Run "freshclam" (this may sit for a few minutes before showing any signs of life, and will take many minutes to finish downloading).
• Mount the infected drive (opening it from "Locations" in a file manager will do)
• run df to find out the drive's filesystem path. We'll assume it's /media/disk.
• Run clamscan in read-only mode to see if there are any detectable infections:
  • clamscan -v -r /media/disk
• To move infected files into a quarantine area (only partially tested):
  • sudo clamscan -v -r --move=/media/disk/quarantine /media/disk
  • real-world example -- this should quarantine the infections in addition to finding them:
    • sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD
• If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. Hopefully this basic scan will be enough to make a hopelessly virus-bound system usable again.

Notes

Additionally, there are some distributions which come with ClamAV already installed, and which may therefore simplify this process:

• http://distrowatch.com/weekly.php?issue=20100322
• http://distrowatch.com/?newsid=06435
• http://www.eugenemdavis.com/scanning-windows-folders-ubuntu-livecd
• AVLive CD distro

Windows

In Microsoft Windows, ClamAV is available in two varieties:

• ClamWin (home page)
• Immunet, formerly "ClamAV for Windows" and "ClamAV™ powered by Immunet"

Error Codes

• Failed to install runtime with error code 1601 - ClamAV for Windows can't be installed in "safe mode", despite the obvious advantage of being able to do this with an anti-virus program.

Links

Reference

• Wikipedia
• ArchLinux Wiki

Official

• ClamAV
• ClamWin