Web Hosting Forum | Lunarpages

Author Topic: Is there an external Virus/trojan scanner (not from inside our system) ?  (Read 6731 times)

Offline pstein

  • Intergalactic Cowboy
  • *****
  • Posts: 56
When I log into WHM on our ded server there is a trojan scanner - ok.

But this scanner runs within the system which he should verify.

So the probability that root kits manipulate the results of this embedded scanner are high.

Is there something like an external virsu scanner ?

That means our target ded server shout be shutdown temporarily at first and a virus scanner running from a second, clean system should investigate the hard disc and files of our ded Server.

Is this possible ?

Peter

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: Is there an external Virus/trojan scanner (not from inside our system) ?
« Reply #1 on: October 13, 2007, 10:57:00 AM »
Hi,

To manipulate the scanner the attacker must know where it is located and where it stores its databases which is difficult to determine.

Of course you can boot the server up with a bootable CD ROM with a scanner and check the OS using it. It is possible even to mount the / of the server to another machine by NFS and scan all files via network. You need to keep the scanner databases with binary signatures outside the server in the both cases or else the scanning can't be full.
Kind Regards,
Vlad Artamonov

 

Share |