biueditor
Posts: 2
Joined: Mon Apr 22, 2013 11:53 am

using a Pi as virus scanner for other systems

Mon Apr 22, 2013 12:12 pm

Based on a recent case of infection of my machine, I wonder if a R Pi could be turned into a virus scanner to scan an infected hard drive.

Of course, that would mean that the virus scanner is proficient in dealing with other OS viruses / trojans / rootkits /malware.

Any ideas?

User avatar
joan
Posts: 12958
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: using a Pi as virus scanner for other systems

Mon Apr 22, 2013 12:27 pm

As far as I'm aware the only Virus checkers on Linux machines are used to check for Window's viruses and related problems. They tend to be installed on Linux fileservers intended to serve Window's files to Window's machines.

So yes, you could use the Pi to check for Window's problems.

MarkR
Posts: 119
Joined: Fri Jan 25, 2013 1:55 pm

Re: using a Pi as virus scanner for other systems

Mon Apr 22, 2013 12:36 pm

Most commercial antivirus engines are closed-source and aren't available for Linux/ARM. Even if you could get one working, it would certainly not be supported on Linux/ARM.

Most antivirus engines have some element of emulation embedded in them and do behavioural analysis on unknown executables. As the executables are usually win32, doing this on an ARM processor would be tricky (but not of course, impossible).

You might get clamav working, and you could scan files on removable drives, network drives etc, which could be of some use. Signature-based analysis should work as well on ARM as it does on Intel (except of course, that the Pi is very slow! You would need to be prepared to wait.)

biueditor
Posts: 2
Joined: Mon Apr 22, 2013 11:53 am

Re: using a Pi as virus scanner for other systems

Tue Apr 23, 2013 9:13 am

joan wrote:As far as I'm aware the only Virus checkers on Linux machines are used to check for Window's viruses and related problems. They tend to be installed on Linux fileservers intended to serve Window's files to Window's machines.

So yes, you could use the Pi to check for Window's problems.
thanks Joan. I was wondering which software they are using, would you know any examples?

User avatar
PMaff
Posts: 25
Joined: Sun Jan 05, 2014 2:54 pm

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 12:06 pm

biueditor wrote:
joan wrote:As far as I'm aware the only Virus checkers on Linux machines are used to check for Window's viruses and related problems. They tend to be installed on Linux fileservers intended to serve Window's files to Window's machines.

So yes, you could use the Pi to check for Window's problems.
thanks Joan. I was wondering which software they are using, would you know any examples?
Hello,

I was able to compile clamav 0.98 (http://www.clamav.net/lang/en/ ) from sources on the Raspberry Pi.
I'll post that in a separate posting.

Tried a scan of my ~pi.
This took 42min for 750MB on my SD card.
So it is probably not the fastest method. ;-)

Pete

User avatar
redhawk
Posts: 3465
Joined: Sun Mar 04, 2012 2:13 pm
Location: ::1

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 12:32 pm

I'm not sure if this is a good idea removing and reconnecting hard drives would be time consuming not to mention the slow USB transfer speeds of the Pi vs native Ultra DMA IDE/SATA mode.
A better solution would be to use a boot CD like Live Linux, BartPE, Hirens Mini XP, MSDaRT f.k.a Diskinternals ERD Commander, or any number of bootable anti-virus programs - http://www.itechtics.com/rescue-disc-virus-scan/
With that said there is nothing wrong in using the Pi as a virus cleaner it's simply not practical to do so.

Richard S.

User avatar
PMaff
Posts: 25
Joined: Sun Jan 05, 2014 2:54 pm

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 12:43 pm

redhawk wrote:...
With that said there is nothing wrong in using the Pi as a virus cleaner it's simply not practical to do so.

Richard S.
That's what I meant. ;-)

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 1:22 pm

Hi,
redhawk wrote:With that said there is nothing wrong in using the Pi as a virus cleaner it's simply not practical to do so.
This could be practical when we're talking about network drives (NAS)... or if we delegate the RasPi also to permanently "convert" USB drives into networked ones. (Just imagine a blog title: "Raspberry Pi as a smart NAS controller with embedded virus detection".. ;-) )


Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

User avatar
Richard-TX
Posts: 1545
Joined: Tue May 28, 2013 3:24 pm
Location: North Texas

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 1:26 pm

It would be better to apply measure(s) of prevention to the incoming data than to react to an infected file.

I would do the following first:

Install a Linux based firewall with a good blacklist
Configure the firewall to block port 80 inbound on all internal interfaces.
Install on the firewall an authenticating proxy.
Configure all browsers to use that proxy.
If hosting a website that is facing the internet, a reverse proxy is paramount.

Once that is accomplished, then moving to content filtering is the next step.
Richard
Doing Unix since 1985.
The 9-25-2013 image of Wheezy can be found at:
http://downloads.raspberrypi.org/raspbian/images/raspbian-2013-09-27/2013-09-25-wheezy-raspbian.zip

User avatar
Richard-TX
Posts: 1545
Joined: Tue May 28, 2013 3:24 pm
Location: North Texas

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 1:33 pm

FLYFISH TECHNOLOGIES wrote:Hi,
redhawk wrote:With that said there is nothing wrong in using the Pi as a virus cleaner it's simply not practical to do so.
This could be practical when we're talking about network drives (NAS)... or if we delegate the RasPi also to permanently "convert" USB drives into networked ones. (Just imagine a blog title: "Raspberry Pi as a smart NAS controller with embedded virus detection".. ;-) )


Best wishes, Ivan Zilic.
I agree with redhawk. The Rpi is not practical. There just isn't enough bandwidth or CPU power to do what you want. The Rpi is limited to a single 10/100 network interface of questionable bandwidth. A USB based interface is also limited. It would be far better to develop a real NAS that has active file scanning on a Dell 690 for example.

Richard
Richard
Doing Unix since 1985.
The 9-25-2013 image of Wheezy can be found at:
http://downloads.raspberrypi.org/raspbian/images/raspbian-2013-09-27/2013-09-25-wheezy-raspbian.zip

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 1:36 pm

Hi,
Richard-TX wrote:It would be better to apply measure(s) of prevention to the incoming data than to react to an infected file.
Intruders detection & prevention is also something what we could discuss about, but I believe that it is totaly different area...
Therefore, it would be a big mistake to spread the information that by proper firewall & co. you can prevent virus infections.


Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 1:52 pm

Hi Richard,
Richard-TX wrote:I agree with redhawk. The Rpi is not practical. There just isn't enough bandwidth or CPU power to do what you want.
I don't want to be mean... but how do you know what I want... ;-)

Let me write you my personal use case, where RasPi fits perfectly - I have a dedicated network drive which stores one copy of my (almost permanent) archive files and daily backups of my important data (emails and development work). My efficiency (= amount of data created) is far below the ability of RasPi (processing power, network bandwidth) to handle it successfully...

I'm aware that everybody wants to store his/her life on digital media with all personal pictures, favourite movies and music, etc...but this is not the only possible usage of NAS devices...


Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

User avatar
PMaff
Posts: 25
Joined: Sun Jan 05, 2014 2:54 pm

Re: using a Pi as virus scanner for other systems

Thu Jan 09, 2014 4:31 pm

FLYFISH TECHNOLOGIES wrote: ...
Intruders detection & prevention is also something what we could discuss about
...
Best wishes, Ivan Zilic.
Why not simply take the md5sum of all files on the Raspberry Pi before connecting to the internet.
Of course this does not handle permissions and other things.
Hmm, maybe I'll give aide ( http://aide.sourceforge.net/ ) a try? ;-)

Pete

erictan88
Posts: 1
Joined: Tue Jun 17, 2014 2:06 am

Re: using a Pi as virus scanner for other systems

Tue Jun 17, 2014 2:17 am

by FLYFISH TECHNOLOGIES » Thu Jan 09, 2014 1:22 pm
Hi,
redhawk wrote:
With that said there is nothing wrong in using the Pi as a virus cleaner it's simply not practical to do so.

This could be practical when we're talking about network drives (NAS)... or if we delegate the RasPi also to permanently "convert" USB drives into networked ones. (Just imagine a blog title: "Raspberry Pi as a smart NAS controller with embedded virus detection".. ;-) )


Best wishes, Ivan Zilic.
I managed to build a simple Raspberry Pi NAS sharing out any USB devices that is plugged in, for other machines on the network to access. Lets call this box, the USB Passthrough.

You can read about my simple How-To at this link (http://dumbpcs.blogspot.com/2014/06/set ... media.html).

I have also tried installing ClamAV to scan the USB devices (on demand) when you need to scan and remove any viruses. However from my tests using test EICAR file on the USB Drive, the scan took 1 minute 47 seconds, to scan a 1 file with the size of 64 characters....

I don't think the Pi has enough RAM to load the AV definitions to be an efficient scanner, or maybe the CPU just doesn't have enough cycles to do it efficiently.

From my tests, I am able to push through 20 photos (sized about 2~3MB) through the network with about a ~2.5MB/sec throughput. I didn't try big files (~100MB+ size), but I am sure that is about the throughput you'll get with a Pi, as I have been reading lots of the Pi network throughput.

Return to “Other projects”

Who is online

Users browsing this forum: No registered users and 7 guests