F'up to alt.comp.anti-virus
I'm using F-PROT for Linux 4.5.4 from a non-root userid.
This is working fine on checking files and archives in read-only
mounted file systems (WIN-VFAT, FLOPPY-MINIX and CDROM-ISO9660).
How to check for bootsectors ? I tried following...
/dev/hda owned by root -> chmod 644 /dev/hda
giving read access on the raw disk device to the scanning userid,
similar -> chmod 644 /dev/fd0
ln -s /dev/hda /home/userid/scantest/hda
ln -s /dev/fd0 /home/userid/scantest/fd0
f-prot -follow /home/userid/scantest ...seems to have no effect,
is f-prot unable to read the device "file"? (option -follow should
at least follow the link).
Next try...
dd if=/dev/hda of=/home/userid/scantest/hda bs=4096 count=1
dd if=/dev/fd0 of=/home/userid/scantest/fd0 bs=4096 count=1
f-prot -collect /home/userid/scantest
(-collect
Scan a virus collection. This option is intended for advanced
users. When this option is used it will, e.g. scan for bootsector
viruses within files, even though the virus resides within a file
instead of a bootsector. *** from the f-prot.1-manpage ***)
The files containing dumped first blocks from the devices now are
scanned but nothing is reported, obviously I didn't expect infection.
Has anybody verified this procedure? Are there test cases available?
Regards Georg
FAQ
Search
Profile
Private Messages
Log in
