To all: The script works, but has issues and the instructions are incomplete. It’s not recommended to use it at this time. Use at your own risk. This a beta1 release under creative common license. http://creativecommons.org/licenses/by-nc-nd/4.0/legalcode
This new version has all you need to use it. The mswin scan finds all vfat and ntfs drives (included flash drives) and scans them. It traps control-c to exit without any problems.
After I ran the script in superuser mode, I launched dolphin and there were two of each mswin drives. Is there a way to fix it? Mount it in ‘/media/’?
‘.snapshots’ is filtered out since it makes scans takes much longer. What is it?
Thanks.
#!/bin/bash
#: Title : scanvirus
#: Date Created: Thu Sep 2 19:27:00 PST 2010
#: Last Edit : Mon July 7 3:00:00 PST 2015
#: Author : Lord Valarian #: Version : Beta1 v2.0.0
#: Description : Run virus scanning application
#: License : http://creativecommons.org/licenses/by-nc-nd/4.0/legalcode
#: Options : p1: -w -l --setup --kdeicons
#Open bin folder
#Place this file inside "/home/bin/"
#
#Right-click on scanvirus
#Click on properties
#Click on permissions
#Check executable and click ok
#
#Click Control -> Tools -> Open Terminal
#Enter termal command: scanvirus --setup
#Enter admin password, wait for it to finish. Don't close terminal.
#Enter termal command: scanvirus --kdeicons
#close terminal windows
#
#Click on either desktop icon to scan
Create_KDE_linux_scan_icon() {
cat > ScanVirus_KDE_Linux_Scan.desktop <<EOF
#!/usr/bin/env xdg-open
[Desktop Entry]
Comment[en_US]=
Comment=
Exec=sh scanvirus -linux
GenericName[en_US]=
GenericName=
Icon=kde
MimeType=
Name[en_US]=ScanVirus - linux anti-virus scan
Name=ScanVirus - linux anti-virus scan
Path=$PATH
StartupNotify=true
Terminal=true
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=
X-KDE-SubstituteUID=false
X-KDE-Username=
X-SuSE-translate=trueEOF
EOF
#set file permissions
chmod 744 ScanVirus_KDE_Linux_Scan.desktop
}
Create_KDE_windows_scan_icon() {
cat > ScanVirus_KDE_Windows_Scan.desktop <<EOF
#!/usr/bin/env xdg-open
[Desktop Entry]
Comment[en_US]=
Comment=
Exec=sh scanvirus -mswin
GenericName[en_US]=
GenericName=
Icon=kde
MimeType=
Name[en_US]=ScanVirus - windows anti-virus scan
Name=ScanVirus - windows anti-virus scan
Path=$PATH
StartupNotify=true
Terminal=true
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=
X-KDE-SubstituteUID=false
X-KDE-Username=
X-SuSE-translate=true
EOF
#set file permissions
chmod 744 ScanVirus_KDE_Windows_Scan.desktop
}
#####################
# shortcut code for clamscan #
#####################
control_c()
# run if user hits control-c
{
printf 'Exiting...
'
scanvirus_trap_flag='true'
}
# trap keyboard interrupt (control-c)
scanvirus_trap_flag='false'
trap control_c 2
#commands
if "$1" = "-mswin" ] || "$1" = "-w" ]; then
printf ""
printf ".....scanvirus mswin.....
"
#blkid -o list
scanvirus_flag="false"
while read -ra line; do
if "$scanvirus_flag" = 'false' ]; then
scanvirus_flag="true"
read -ra line
read -ra line
#break
fi
#Device= ${line[0]}
#FS_type= ${line[1]}
#Label= ${line[2]}
#Mount_Point= ${line[3]}
#if file system vfat or ntfs
if "${line[1]}" = 'ntfs' ] || "${line[1]}" = 'vfat' ]; then
#printf "%s %s %s
" ${line[0]} ${line[1]} ${line[2]}
#if device not mounted
if "${line[3]}" = '(not' ]; then
#if root/mnt/label exists
if ! -d "/mnt/${line[2]}" ]]; then
printf "__________________________________________________
"
while read -ra line_error; do
printf "error: %s
" ${line_error}
break
done < <(mkdir "/mnt/${line[2]}")
printf "mkdir %s
" ${line[2]}
while read -ra line_error; do
printf "error: %s
" ${line_error}
break
done < <(mount "${line[0]}" "/mnt/${line[2]}")
printf "%s mounted
" ${line[2]}
printf "scanning %s
" ${line[2]}
clamscan -r -i "/mnt/${line[2]}"
while read -ra line_error; do
printf "error: %s
" ${line_error}
break
done < <(umount "${line[0]}" "/mnt/${line[2]}")
printf "%s unmounted
" ${line[2]}
while read -ra line_error; do
printf "error: %s
" ${line_error}
break
done < <(rmdir "/mnt/${line[2]}")
printf "rmdir %s
" ${line[2]}
if "$scanvirus_trap_flag" = 'true' ]; then
break
fi
printf "__________________________________________________
"
#break
else
printf "Error: /mnt/%s exists
" ${line[2]}
break
fi
elif "${line[3]}" = '(in' ]; then
printf "(in use)
"
else
printf "__________________________________________________
"
printf "scanning %s
" ${line[2]}
clamscan -r -i "${line[3]}"
printf "__________________________________________________
"
fi
fi
done < <(blkid -o list)
elif "$1" = "-linux" ] || "$1" = "-l" ]; then
printf "Scanning linux...
";
#which scans linux only. Both?
#clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --cross-fs=no
su -c "freshclam;clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0"
#clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --follow-dir-symlinks=0 --follow-file-symlinks=0
#clamscan -r / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --follow-dir-symlinks=0 --follow-file-symlinks=0 --log=scan.log
elif "$1" = "-help" ] || "$1" = "-h" ]; then
printf "
Scan Virus
help commands
-------------
-linux or -l: virus scan linux files
-mswin or -w: virus scan windows files
--setup: setup scanvirus
--kdeicons: setup icons
"
elif "$1" = "--setup" ]; then
printf "
"
printf "ScanVirus Setup
"
su -c "zypper --non-interactive install clamav;chkconfig freshclam on;freshclam;exit"
printf "
"
elif "$1" = "--kdeicons" ]; then
Create_KDE_linux_scan_icon;
Create_KDE_windows_scan_icon;
printf "KDE Icons Created
";
else
printf "
Scan Virus
help commands
-------------
-linux or -l: virus scan linux files
-mswin or -w: virus scan windows files
--setup: setup scanvirus
--kdeicons: setup icons
"
fi
exit 0
# End Of Script
As Carlos wrote, you cannot put them onto another drive/partition/filesystem.
I do not fully agree with the sentence that you shouldn’t use btrfs if you don’t want snapshots. The two are not really related, and snapshots are not at all a btrfs feature anyway.
E.g. btrfs detects an SSD by itself and changes its behaviour accordingly to optimize things.
But snapshots are probably the most user noticable feature. As mentioned, they are not really a “btrfs thing”, but done by snapper. Actually, snapper should also support ext4, but certain “advanced” features of btrfs make them more efficient (“Copy-On-Write” in particular), and btrfs also allows to boot from them, so that’s only enabled by default with btrfs.
If you ask because you want to minimize writes to your SSD, I’d say no need to turn them off.
The files in the snapshots are not copies. They are more like symlinks, but they get “detached” automatically by the filesystem when the actual files are changed.
So they shouldn’t “stress” your SSD at all I think.
PS: If you use udisksctl, you don’t have to run the script as root either (for the mounting part at least).
The user will be promped for the root password if necessary. Just like when you click on a drive/partition in dolphin…
Well, my virus scanner did what I designed to do. FYI, I changed the scan right after to move all files to a virus folder and rescanned. (’–move=directory’)
My windows anti-virus wouldn’t work. The system crashed when I unplugged the lan cable. I rebooted to suse and found these and scan and found these.
/mnt/MSWIN764/Program Files/Common Files/Microsoft Shared/ink/InkWatson.exe: Win.Trojan.Win64-129 FOUND
LibClamAV Warning: cli_scanicon: found 1 invalid icon entries of 1 total
LibClamAV Warning: cli_scanicon: found 1 invalid icon entries of 1 total
/mnt/MSWIN764/Windows/SysWOW64/AtBroker.exe: Win.Trojan.Graftor-2702 FOUND
/mnt/MSWIN764/Windows/SysWOW64/cleanmgr.exe: Win.Trojan.Symmi-1190 FOUND
/mnt/MSWIN764/Windows/SysWOW64/printui.exe: Win.Trojan.Symmi-1187 FOUND
LibClamAV Warning: cli_scanicon: found 1 invalid icon entries of 1 total
LibClamAV Warning: cli_scanicon: found 1 invalid icon entries of 1 total
/mnt/MSWIN764/Windows/winsxs/amd64_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.1.7600.16385_none_644c1a991aac9ffb/InkWatson.exe: Win.Trojan.Win64-129 FOUND
/mnt/MSWIN764/Windows/winsxs/amd64_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.1.7600.16385_none_644c1a991aac9ffb/InkWatson.exe: moved to ‘/home/alexr1984/VirusVault//InkWatson.exe’
/mnt/MSWIN764/Windows/winsxs/Backup/wow64_microsoft-windows-p…installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728_printui.exe_bb673fff: Win.Trojan.Symmi-1187 FOUND
/mnt/MSWIN764/Windows/winsxs/Backup/wow64_microsoft-windows-p…installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728_printui.exe_bb673fff: moved to ‘/home/alexr1984/VirusVault//wow64_microsoft-windows-p…installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728_printui.exe_bb673fff’
/mnt/MSWIN764/Windows/winsxs/wow64_microsoft-windows-p…installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728/printui.exe: Win.Trojan.Symmi-1187 FOUND
/mnt/MSWIN764/Windows/winsxs/wow64_microsoft-windows-p…installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728/printui.exe: moved to ‘/home/alexr1984/VirusVault//printui.exe’
/mnt/MSWIN764/Windows/winsxs/wow64_microsoft-windows-w…for-management-core_31bf3856ad364e35_6.1.7601.17514_none_32e02520f8081891/WSManHTTPConfig.exe: Win.Trojan.Graftor-2696 FOUND
/mnt/MSWIN764/Windows/winsxs/wow64_microsoft-windows-w…for-management-core_31bf3856ad364e35_6.1.7601.17514_none_32e02520f8081891/WSManHTTPConfig.exe: moved to ‘/home/alexr1984/VirusVault//WSManHTTPConfig.exe’
/mnt/MSWIN764/Windows/winsxs/x86_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_cf7705f47fa8cd65/AtBroker.exe: Win.Trojan.Graftor-2702 FOUND
/mnt/MSWIN764/Windows/winsxs/x86_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_cf7705f47fa8cd65/AtBroker.exe: moved to ‘/home/alexr1984/VirusVault//AtBroker.exe’
/mnt/MSWIN764/Windows/winsxs/x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_6d1a8c84bedf66a4/cleanmgr.exe: Win.Trojan.Symmi-1190 FOUND
/mnt/MSWIN764/Windows/winsxs/x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_6d1a8c84bedf66a4/cleanmgr.exe: moved to ‘/home/alexr1984/VirusVault//cleanmgr.exe’
Now to see if windows is clean now and refine the script more. When I change the mount function, i’ll post again.
> My windows anti-virus wouldn’t work. The system crashed when I unplugged
> the lan cable. I rebooted to suse and found these and scan and found
> these.
Well, don’t know enough to know if those Windows virii are real or not
(false positives), or how dangerous. However, I just remembered that
there are some antivirii software in Windows that you can download a
bootable CD to do the testing locally. And I think one I tried was
actually a Linux live.
Thanks for the info about SSD’s. The whole scan on an ssd without ‘.snapshots’ takes about 15 mins. With ‘.snapshots’, it takes 2hrs+ to do the full scan, do I need to scan them? 178+ snapshots
I made a partition copy of the older windoze system to my backup drive. Note: the virus wiped out all my data files, all but dll files. Then reinstalled windows on my main drive. I reinstalled linux to get grub working again. I scanned again and found The virus on the backup and main drive. Dam hacker was at it again! When the scan complete, it moved all the virus files into my new vault. I deleted all virus files. It was that new security hole that microsoft, just discovered. I ran disk and register cleaners. I still have to rescan with -----scanvirus for linux----- TM. It’s more fun when your creation, does what’s designed for and does it well. Enough on windoze…
My motherboard died. So, had to get a different one. Once, i’m done with system recovery. I’ll work on scanvirus more.
> Thanks for the info about SSD’s. The whole scan on an ssd without
> ‘.snapshots’ takes about 15 mins. With ‘.snapshots’, it takes 2hrs+ to
> do the full scan, do I need to scan them? 178+ snapshots
Well, if you stored Windows virii there, then the answer is yes, scan it :-p
Windows can not store anything in a btrfs partition.
You did, on Linux.
[QUOTE=robin_listas;2720509]On 2015-07-21 23:16, lord valarian wrote:
> Thanks for the info about SSD’s. The whole scan on an ssd without
> ‘.snapshots’ takes about 15 mins. With ‘.snapshots’, it takes 2hrs+ to
> do the full scan, do I need to scan them? 178+ snapshots
Well, if you stored Windows virii there, then the answer is yes, scan it :-p
Windows can not store anything in a btrfs partition.
You did, on Linux.
–
Cheers / Saludos,
Let me restate:
(ssd1 drive) windows7 partition – boot failure – all files but ‘.dll’ deleted. virus attack
partition copy windows partition (ssd1 drive) mswin partition to (backup drive) old mswin system
windows reinstall and boot to windows – virus scanner fails. Possible virus.
opensuse reinstall and boot to opensuse. ScanVirus v2.0 scan of all vfat and ntfs drives. Detected virus on (ssd1 drive)-mswin partition and mswin partition(backup drive). Virus files moved to linux folder ‘virus vault’. Same virus detected. Old mswin install and new.
Deleted (backup drive) mswin partition.
Boot to mswin. Virus scanner working. MSWIN scanned and clean of viruses.
Next step: boot to opensuse and scan with scanvirus.
The virus most likely got in when I was reinstalling mswin. The second opensuse scan should tell me it’s gone for good. I need to get in the habit of using my own scanner to scan windows once a week.
Ok, it works. However, the command: udisksctl mount -b $devicename"
If windows is in hibernate mode, the drive fails to mount and command output reads “drive needs to be in read only mode.” Try to make line read only. I couldn’t get it to work. I had to disable hibernate mode to get the drive to mount. How do I get the mount command to work in if windows is in hibernate mode?
As the message would suggest it might be possible in read-only mode, try that.
According to:
wolfi@amiga:~> udisksctl mount --help
Usage:
udisksctl mount [OPTION...]
Mount a filesystem.
Application Options:
-p, --object-path Object to mount
-b, --block-device Block device to mount
-t, --filesystem-type Filesystem type to use
-o, --options Mount options
--no-user-interaction Do not authenticate the user if needed
, you can specify mount options via the ‘-o’ parameter, so this should mount it read-only:
udisksctl mount -b $devicename -o ro
No idea whether this works though, I never tried to mount a hibernated Windows partition.
On 2015-09-07 23:36, lord valarian wrote:
>
> Ok, it works. However, the command: udisksctl mount -b $devicename"
>
> If windows is in hibernate mode, the drive fails to mount and command
> output reads “drive needs to be in read only mode.” Try to make line
> read only. I couldn’t get it to work. I had to disable hibernate mode
> to get the drive to mount. How do I get the mount command to work in if
> windows is in hibernate mode?
Don’t even try. Forcing mount may result in corruption, and Windows will
crash later when it tries to restore from hibernation. Even it might
corrupt the disk further, beyond recognition.
On 2015-09-09 15:36, wolfi323 wrote:
>
> robin_listas;2727387 Wrote:
>> Don’t even try. Forcing mount may result in corruption, and Windows will
>> crash later when it tries to restore from hibernation. Even it might
>> corrupt the disk further, beyond recognition.
>>
> A read-only mount should not cause problems, I suppose.
Maybe, but it is pointless for an antivirus run, because you can not
delete or quarantine the found viruses, if it is mounted read only.
On 2015-09-09 19:26, wolfi323 wrote:
>
> robin_listas;2727523 Wrote:
>> On 2015-09-09 15:36, wolfi323 wrote:
>>> A read-only mount should not cause problems, I suppose.
>>
>> Maybe, but it is pointless for an antivirus run, because you can not
>> delete or quarantine the found viruses, if it is mounted read only.
>>
> Yeah, but you can tell the user that a file is infected, write it into a
> list of infected files, and so on.