Add Bitdefender to live linux (not a remaster or pesistence)

Share your how-tos and guides with other users

Moderators: ChrisThornett, LXF moderators

Add Bitdefender to live linux (not a remaster or pesistence)

Postby RichardKweskin » Thu Apr 12, 2012 1:40 pm

The principle is the same with most live distros that use either an rpm package manager or a deb package manager. As an example to illustrate the method any recent Ubuntu live will do. A live setup will require using memory to operate and any additional software installing will "eat into" this memory.

The method proposed here is to arrange access to the Internet and "install" Bitdefender to the live system. Any such alteration does not survive a reboot so the key is to do this as light and as simply as possible because it will need to be done all over again every time the live system is booted.

"Not very practical" one should think. Other methods exist. One could remaster a live system and simply ensure that it contains Bitdefender or any other malware scanner for Linux that is desirable. A live usb stick with persistence could also be used in which there would be space for both installation and updating. However, this howto will only cover how to add Bitdefender to a live system which does not contain it initially.

A stumbling block could be the memory (or rather the lack of it!) Practically, I found that over 1.5 GB of ram will do without "extra" preparations. For a system with less (say with only 512 MB of ram) it can still be done.

Choose a distro that the pc can boot from and from which the windows partition(s) can be mounted read/write. The latest Ubuntu will do nicely.

Trick 1 - Either fire up the live without the graphical environment or close it down from the console (press Ctrl+Alt+F1.) Ubuntu can be manipulated not to fire up the graphical environment at all. On some versions a quick jab at the F6-key jolts the initial booting to offer a choice of language where otherwise it would simply go ahead to the desktop. Other versions will offer the language without user intervention. Just choose one but then press the F6-key when the menu of live or install comes up. This produces a popup so close it with the Esc-key. Revealed before us is a command line. Don't press the Enter-key yet, but go to the end of this command and using the backspace-key erase the end bits up to and including "quiet splash" leaving the mention of the initrd. With a single space after what is left type either "single" or "text" and press Enter. In the case of "single" the next step is choose "netroot" from the Recovery Menu so that dhcp will push the router to provide an ip and route to the Internet. The user at the commandline is root. In the case of "text" the ip bit should be fine but the user at the commandline is ubuntu so type sudo -s and Enter to turn it into root. The two cases are now identical except that five other virtual consoles exist in the second case where they do not in the first.

Trick 2 -Commandeer the windows swap file for a live linux swap to make up for the relatively little ram. This is not harmful to the windows system because it simply recreates a new swap file on its next bootup. This proposed method uses the existing swap file and then and erases it. The file in question most likely lies in the first "large" ntfs partition (in the case of more than one being found.) So the next command to type is fdisk -l (that is a lowercase L) to show the partitions, their sizes and types. In the case where sda1 was smaller try the command mount /dev/sda2 /mnt (thus givng access to the C directory.) Check with (again a lowercase L)
ls /mnt/pagefile.sys (and if found) mv -v /mnt/pagefile.sys /mnt/pagefile.kwe (the kwe file extension is unique, hopefully.)
Now the commands mkswap -f /mnt/pagefile.kwe (then) swapon -fv /mnt/pagefile.kwe will hopefully create enough swap memory so the rest of this method can be done.

If ram is more that 1.5GB to start with both above tricks can be skipped but open up a terminal and become root with sudo -s then use fdisk -l and mount the C partition and rename the swap file with mv -v as above.

All of these steps are needed:

A - Edit the file in the live linux /etc/apt/sources.list to add a line
deb http://download.bitdefender.com/repos/deb bitdefender non-free

If the distro used works with rpm there is an rpm repository at
http://download.bitdefender.com/repos/rpm

B - Update the package manager

apt-get update

C - Install Bitdefender's commandline scanner

apt-get install bitdefender-scanner

D - Update the signature files

bdscan --update

This will invoke displaying the terms of usage so press q to scroll to end and type accept (only then the updating will start.)

E - Scan each partition needing scanning with the command

(The partition is still mounted at /mnt) so all one line

bdscan --action=delete --log=/mnt/vir.kwe --exclude-ext=kwe /mnt

man bdscan to see all the options if desired

F - Check the log for what was discovered if desired

cat /mnt/vir.kwe | grep infected

this can redirected to a second file using >

G - Unmount and remount for other partitions and repeat E and F

H - Release the swap, delete swap and log files and unmount

swapoff /mnt/pagefile.kwe
rm -iv /mnt/pagefile.kwe
rm -iv /mnt/vir.kwe
umount /mnt

I - Not strictly needed but recommended if the distro has the tool

ntfsfix /dev/sdan (where n is each partition number of ntfs)

This only sets a flag for windows to check the file system.

Richard

P.S. note: use the 32bit version of the linux distro or search the web for a fix that enables the 64bit version to work.
RichardKweskin
 
Posts: 13
Joined: Thu Jun 28, 2007 12:08 pm

Postby RichardKweskin » Thu Apr 12, 2012 1:49 pm

In the above post the quick reference in Trick 1, press Ctrl+Alt+F1
does not in itself eliminate the graphical environment from the memory. It is just the first step to get to a virtual console outside so that a command like

sudo stop gdm
or
sudo stop kdm
or
sudo stop lightdm
or
sudo stop lxdm

will close it. Check with Ctrl+Alt+F7

Richard
RichardKweskin
 
Posts: 13
Joined: Thu Jun 28, 2007 12:08 pm


Return to Hints and tips

Who is online

Users browsing this forum: No registered users and 1 guest

cron