Saturday, June 21, 2008

USB dongle auto malwares scanning with clamav





How many of you folks use a USB dongle for his daily tasks? I think most of you, but since this blog is about security & malwares. Today, I’m going to show you a trick using a windows batch file and the portable version of clamav for arming your dongle when you have to copy/move files in a non-secure environment. For me personally, when I need to get a new/additional USB dongle, I prefer the ones that have read-write protection. This is a very effective way to protect your USB when you need to transfer files between you laptop for instance, and other machines. But suppose yours doesn’t support this feature. You need to create some kind of armor around it.

Let’s work:

1) Get the latest copy of ClamAv_Portable for Windows. Download Here (install and rename the folder to ClamWinPortable)

2) Copy the following batch and call it (scan.cmd):

@echo off
set @1=%cd%
echo Updating ClamAV definitions ...
.\ClamWinPortable\App\clamwin\bin\freshclam -v --config-file=".\ClamWinPortable\App\clamwin\bin\freshclam.conf" --datadir="\..\ClamWinPortable\Data\db"
echo Scaning USB for Malwares ...
.\ClamWinPortable\App\clamwin\bin\clamscan.exe --database=".\ClamWinPortable\Data\db" -v --show-progress -u -k --bell --remove -i --detect-broken -l scan-resultes.txt %cd%
explorer.exe %cd%
exit

3) Copy the following auto run instructions and save it as (autorun.inf):

[autorun]
shell\Open\Command=scan.cmd
ShellExecute=scan.cmd


Copy all of these files to the root of your USB dongle, then close the windows, reopen it again and see the magic.