11/25/2023 0 Comments Kaspersky rescue disk 10 iso![]() We can see that the script looks in its designed folders, so lets try chroot the directory and see what we get. kav.exe: line 38: /usr/lib/kl/kav: No such file or directory kav.exe: line 37: source: /var/log/winsysdir: is a directory kav.exe: line 3: script_l10n.sh: No such file or directory If we try to run the script locally like this. I decided not to touch these scripts as it proved very difficult to modify. OK we are almost there, because the Kaspersky Antivirus Engine for Linux is compiled in such a way the it relies on a lot of custom libraries from Kaspersky Labs there are some scripts that load the GUI scanner and the are located in /home/user/KASPERSKY/disk/usr/bin The file we are interested in is kav.exe a shell script that does LD_LIBRARY_PATH stuff etc so proper libraries are used when the application is launched. Once finished chown the whole directory to your user so you can edit files. Next we copy the whole contents from the /mnt/disk to our home working dir KASPERSKY cp -rv /mnt/disk /home/user/KASPERSKY We can now mount this file using regular linux mount command like so. 474/474 100%Ĭreated 0 we end up with a directory squashfs-root containing LiveOS subdirectory which contains another compressed image file ext3fs.imgĮxt3fs.img: Linux rev 1.0 ext3 filesystem data, UUID=85dd4ebe-fd1b-420b-8d20-bef37149b4ec Now we can extract the squashfs.img file copied from the CD unsquashfs squashfs.img Now we do make and if the compilation was successful we can copy the unsquashfs binary to /usr/local/bin cp unsquashfs /usr/local/bin In order to compile with xz support we need some additional libs so on Debian I did apt-get install liblzma-dev Just download the sources from /projects/squashfs/files/, extract and modify the Makefile to enable xz compression support by uncommenting the following line XZ_SUPPORT = 1 We need quite recent squashfstools, and I would not recommend the version from Debian stable. Squashfs.img: Squashfs filesystem, little endian, version 4.0, 32095920895 bytes, 3 inodes, blocksize: 7 bytes, created: Thu May 18 03:10:24 2034 Next we check what the file squashfs.img actually is file squashfs.img Next we copy the following squashfs file from /mnt/iso/rescue/LiveOS/squashfs.img to some working directory home for example KASPERSKY cp /mnt/iso/rescue/LiveOS/squashfs.img /home/user/KASPERSKY Of course there is a question why doing all this when I can just run the LiveCD with GUI and do everything from there ? In some cases it was more convenient for me to do manual scans from my local machine and it was just too much of a hassle to do this via LiveCD and VirtualBox, so I decided to extract the needed files from the LiveCD and try to run this separately.įirst we download the Kaspersky Rescue Disk and mount the iso in our filesystem # mount -o loop kav_rescue_10.iso /mnt/iso Disassembling the ISO was a little more trickier than the one from F-Secure, for those interested I am posting a little howto on my progress. It is a powerful antivirus scanning engine with many interesting and useful tools, which I wanted to try running locally on my Debian amd64 host. * View statistics about applican's functioning.Another great LiveCD is one from Kaspersky Labs called Kaspersky Rescue Disk 10 downloadable from here : /rescuedisk/updatable/kav_rescue_10.iso * Create a report on scan and update tasks. O specify time of storing Quarantine and Backup objects O select detection of specific threat types O change actions to be performed on detected objects Kaspersky Rescue Disk 10 allows performing the following actions: In the emergency repair mode, you can only start objects scan tasks, update databases roll back updates and view statistics. In this case, disinfection is more efficient because malware programs do not gain control when the operating system is being loaded. The application should be used when the infection is so severe that it is impossible to disinfect the computer using anti-virus applications or malware removal utilities (such as Kaspersky Virus Removal Tool) running under the operating system. Kaspersky Rescue Disk 10 is designed to scan and disinfect x86 and 圆4-compatible computers that have been infected.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |