Yeah this is a bit of a headache so here's some aspirin pre-requisites
Infected Windows drive:
A bootable linux system either fully installed or from USB
If not already installed install clamav and any dependences.
Install a debian type distro for easy package management
apt-get update && apt-get upgrade -y && apt-get install clamav-freshclam clamav-dbg clamav-base clamav
you may have to set up the proxy
export http_proxy='<ip-address>:3128/'
or authenticate
export http_proxy=http://username:password@proxy.thing.com:8080/
#!/bin/sh
And a sample command is:
sudo clamscan -r /COSA_CAZZO_SCANSIONARE
Well, Once the scanning, Remove infected files with this command:
sudo clamscan -r --remove /COSA_CAZZO_SCANSIONARE
To start the GUI, type:
sudo clamtk
Hello and good scan :)
cd /tmp
1st attempt to run clamavscan -r --repair /dev/sda1
complained cannot find clamav "No supported database files"
clamav stores virus signatures in dBs in /var/lib/clamav
results
----------- SCAN SUMMARY -----------
05 Known viruses: 0
06 Engine version: 0.95.1
07 Scanned directories: 0
08 Scanned files: 0
09 Infected files: 0
10 Data scanned: 0.00 MB
11 Data read: 0.00 MB (ratio 0.00:1)
12 Time: 0.001 sec (0 m 0 s)
It means that you have no virus signatures stored in database files.
so let's get some dB scan files
wget http://database.clamav.net/daily.cvd
wget http://database.clamav.net/main.cvd
mv main.cvd /var/lib/clamav/
mv daily.cvd /var/lib/clamav/
I mounted the drive before running the scan not sure if that is necessary so
mount the drive
first make the destination
mkdir /media/sda1
mount
mount /dev/sda1 /media/sda1
run av
after mounting I run clamavscan -r --repair /media/sda1
4 hrs later results
----------- SCAN SUMMARY -----------
Known viruses: 953056
Engine version: 0.97
Scanned directories: 25256
Scanned files: 197630
Infected files: 22583
Data scanned: 55633.72 MB
Data read: 41429.39 MB (ratio 1.34:1)
Time: 10775.542 sec (179 m 35 s)
root@ubuntu:/var/lib/clamav#
clamscan -r --remove /media/sda1/
:)
