We use USBDLM for handling external drives. Please see this previous post for how the scan with macafee, would just need modifying for you av scanner
Total ban on removable media
I'd like to set up a machine that can be used to scan USB drives before they are plugged into a networked machine.
Now I could leave it disconneted from network and then once a week plug it back in and update its av engine but I wouldn't mind a more automatic solution.
1. Anyway of setting up a machine so its just get av and windows updates but prevents other traffic (Simple hosts files entries maybe?)
2. Auto scan USB Drive on insertion.
Anyone got such an arrangement or know how to set one up?
Panda have a good free one, doesnt scan it but auto deletes the autorun and creates its own. seeing as most usb virus are the autorun file its very good
What about microsoft security Essentials as this has an option for removable media
As mentioned use USBDLM to allocate a specific drive letter which then automatically starts (possible from command line) your AV software to start a full scan of the USB Pen Drive. (or simply insert USB Pen Drive, right click and select scan).
Easiest way to isolate network traffic would be to update the virus definitions on the computer every morning, then simply unplug the cat5 cable for the rest of the day whilst its being used as a standalone av scanner.
You could of course configure firewall, vlan etc etc whatever is easiest for you really.
I was thinking Vlan,
The auto scan is a nice to have but not essential as the computer can have the instructions stuck on it
Its just I'd like to setup and forget re MS and AV updating but not allow ANYTHING ELSE to get out onto the network.
E.g if the machine gets infected from a infected USB drive I don't want it going any further than that machine.
Could I run the machine in Linux and use its AV to scan for Windows virususii (Whatever ) or do linux AV scanners only scan for Linux vunerablities???.
- prob is I don't have control over the CLEO Switch/router which prob has VLAN capabilitiy - and none of my cheap and cheerful switches do VLAN
I could go down the USB 3G dongle route
With Sophos, for example, you can download an exe that downloads the latest av engine and definitions and creates a (bootable) linux based iso that you can simply burn to a CD-RW (so you can easily reuse and update the same CD-RW).
Now, not tried the next bit yet (so just a theory!) you would then just need a pc with a cd-rom drive (dont even need a hdd), insert the CD-RW and usb pen drive, switch on and select scan / disinfect etc. It may need rebooting after each new usb pen drive inserted so it is detected.
Better still burn the bootable linux image to an old 1gb usb pen drive, and boot from that if you old computer supports booting from usb!
Unless your machines are configured to not allow access to usb devices unless they have some form of signature on them from your scannig pc which is only valid for a specific amount of time what's the point?
They'll just not bother and plug them into machines as normal.
mm - but still means manual work for me every week to update it
I want setup and forget (just like my central sophos servers )
AVG can be configured to auto scan USB drive upon insertion.
SimpleSi (20th March 2010)
There are currently 1 users browsing this thread. (0 members and 1 guests)