Update Clam Anti Virus Definition Offline

Not everyone has good internet access or have problem with restriction such proxy password, port blocking etc.

That thing also happen  to our division, when we must doing regular maintenance including latest standar operating procedure that implement Clam Anti Virus in System Rescue CD we don’t have internet access due to security policy during attack of clicker worm.

That means no virus definition!

But Anti virus without latest defintion is not good, I took offline solution for update clam anti virus.

Here’ s the steps :

1. Checking clamav version :

clamd -V

ClamAV 0.94.2/8970/Tue Feb 10 02:52:04 2009

2. Clamav provide offline method, we just need to download latest version from here :

http://www.clamav.org/download/cvd

clamav

3. Download main.cvd and daily.cvd from computer that has internet access and save it to usb flash disk.

4. Run system rescue cd on computer target.

5. Put USB flash disk on computer target.

6. Run these commands :

Checking flash disk location

fdisk -l

Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x6f656f65

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        1043     8377866    7  HPFS/NTFS

Disk /dev/sdb: 4043 MB, 4043309056 bytes
255 heads, 63 sectors/track, 491 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x04dd5721

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *           1         492     3948512+   b  W95 FAT32
Partition 1 has different physical/logical endings:
phys=(490, 254, 63) logical=(491, 145, 38)

Well, its located in /dev/sdb1

Mount the flash disk :

mkdir /mnt/flashdisk
mount -t vfat /dev/sdb1 /mnt/flashdisk
cp /mnt/flashdisk/daily.cvd /var/lib/clamav

Done, I use latest main.cvd so I don’t have to update it.

Run clamscan to scan as previous post.

Identify on server as : Internet Explorer

Yes, I just realized that things when I got decreased speed of my download. From 32k to 1k.

I think its normal situation since I never see that before. But my download almost over.

gos

After thinking a while I think I must change my identification agent as browser.

To do that I click Download properties.

gos2

Click on ‘Protocol’, there is a few option available:

  • Microsoft Internet Explorer 5.0
  • Netscape Communicator 4.0
  • Opera 3.6

Pick anything other than ‘Free Download Manager 2.x’.

gos3

Click ‘Apply’ and try to resume my download.

As I see, I got 34.3 KB/s speed for my download.

gos4

Hohohoho, robot versus defined robot.

Give me my download please :-)

Standard operating procedure for clicker, downadup etc

I don’t know what kind of things that entering our network that behave strangely.
Fill up all communication line and make Internet connection plus print sharing don’t work as usually.

After looking around solution out there, I came up with my standard operating procedure :

1. Install Removal tools (f-downadup.zip)

This tool will clean all variant : clicker, downadup, recycler that might already stay in your computer.

2. Install USB Firewall (USB_FW.zip)

This tool will deactivate autorun.inf . Source of this problem.

3. Patch your windows, check your windows first:

– For Windows XP SP2 or SP3, install WindowsXP-KB958644-x86-ENU.exe
– For Windows Vista 32 bit, install Windows6.0-KB958644-x86.msu
– For Vista 64 bit, install Windows6.0-KB958644-x64.msu

I’ll update this post if I have found other interesting solution :-)