![]() Now we are ready to chroot to the extracted filesystem. Mkdir /home/user/KASPERSKY/disk/discs/disk3Īnd mount whatever directory you wish to scan with Kaspersky mount -o bind /directory/to/scan /home/user/KASPERSKY/disk/discs/disk0 ![]() Mkdir /home/user/KASPERSKY/disk/discs/disk2 Mkdir /home/user/KASPERSKY/disk/discs/disc1 Also an important note is to create custom mountpoints for the chroot environment in the /home/user/KASPERSKY/disk/discs directory mkdir /home/user/KASPERSKY/disk/discs/disk0 Before we run chroot, copy over the /etc/nf to /home/user/KASPERSKY/disk/etc so that the chrooted system can resolve DNS. We can see that the script looks in its designed folders, so lets try chroot the directory and see what we get. kav.exe: line 38: /usr/lib/kl/kav: No such file or directory kav.exe: line 37: source: /var/log/winsysdir: is a directory kav.exe: line 3: script_l10n.sh: No such file or directory If we try to run the script locally like this. I decided not to touch these scripts as it proved very difficult to modify. OK we are almost there, because the Kaspersky Antivirus Engine for Linux is compiled in such a way the it relies on a lot of custom libraries from Kaspersky Labs there are some scripts that load the GUI scanner and the are located in /home/user/KASPERSKY/disk/usr/bin The file we are interested in is kav.exe a shell script that does LD_LIBRARY_PATH stuff etc so proper libraries are used when the application is launched. Once finished chown the whole directory to your user so you can edit files. Next we copy the whole contents from the /mnt/disk to our home working dir KASPERSKY cp -rv /mnt/disk /home/user/KASPERSKY We can now mount this file using regular linux mount command like so. 474/474 100%Ĭreated 0 we end up with a directory squashfs-root containing LiveOS subdirectory which contains another compressed image file ext3fs.imgĮxt3fs.img: Linux rev 1.0 ext3 filesystem data, UUID=85dd4ebe-fd1b-420b-8d20-bef37149b4ec Now we can extract the squashfs.img file copied from the CD unsquashfs squashfs.img Now we do make and if the compilation was successful we can copy the unsquashfs binary to /usr/local/bin cp unsquashfs /usr/local/bin In order to compile with xz support we need some additional libs so on Debian I did apt-get install liblzma-dev Just download the sources from /projects/squashfs/files/, extract and modify the Makefile to enable xz compression support by uncommenting the following line XZ_SUPPORT = 1 We need quite recent squashfstools, and I would not recommend the version from Debian stable. Squashfs.img: Squashfs filesystem, little endian, version 4.0, 32095920895 bytes, 3 inodes, blocksize: 7 bytes, created: Thu May 18 03:10:24 2034 Next we check what the file squashfs.img actually is file squashfs.img Next we copy the following squashfs file from /mnt/iso/rescue/LiveOS/squashfs.img to some working directory home for example KASPERSKY cp /mnt/iso/rescue/LiveOS/squashfs.img /home/user/KASPERSKY Of course there is a question why doing all this when I can just run the LiveCD with GUI and do everything from there ? In some cases it was more convenient for me to do manual scans from my local machine and it was just too much of a hassle to do this via LiveCD and VirtualBox, so I decided to extract the needed files from the LiveCD and try to run this separately.įirst we download the Kaspersky Rescue Disk and mount the iso in our filesystem # mount -o loop kav_rescue_10.iso /mnt/iso Disassembling the ISO was a little more trickier than the one from F-Secure, for those interested I am posting a little howto on my progress. It is a powerful antivirus scanning engine with many interesting and useful tools, which I wanted to try running locally on my Debian amd64 host. File backup before disinfection and removal.Another great LiveCD is one from Kaspersky Labs called Kaspersky Rescue Disk 10 downloadable from here : /rescuedisk/updatable/kav_rescue_10.iso.Protection against system files deletion.Scanning of all detected operating systems. ![]() If you are using Windows OS, Use Rufus or Win32 Disk Imager for creating bootable drives to write an image in the ISO mode or DD mode. In order to create a bootable USB drive for Kaspersky Rescue Disk, you must use a USB drive that has more than 1 GB of available space. Kaspersky Rescue Disk ISO can be burned on a CD/DVD using your disc burner, or it can also be placed on a bootable USB device and launched from there. Kaspersky Rescue Disk was designed to be used in such cases, where the malware does not allow the operating system to start. There are times when malware can affect a computer so deep, that security suites or malware removal utilities (such as Kaspersky Virus Removal Tool) are not enough to remove them. Kaspersky Rescue Disk is a free emergency virus removal solution for Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |