Checking Windows Virusses from Linux using Wine + Stinger
You might ask why check Windows Virusses from Linux if you can do it from Windows? There are several reason why you might do that:
- You are affraid that the virus payload might get activated somehow (the virus wont be active in memory when you are in Linux)
- Some virusses are just to hard to clean when Windows is active
- You also wanted to check if you have copied infected files from Windows to your Linux partition (Windows virus scanner can only check Windows mounted partition)
Wine + Stinger
You can also run a specific virus scanner, such as stinger (from Symantec) under Linux using Wine. I have tried this, and it works well. My Windows 2000 has been infected with Win32/Pate and i have been able to clean the virus from the infected files (or at least most of them). To double check it, i try to run Stinger from Linux using Wine, and it works, surprisingly, i have copied some infected file to my Linux box, and without my knowledge, i have run the infected files.
Thankfully this virus works by injecting files to Explorer Process which Wine doesn't have yet, and i get some temporary virus files on my Wine temporary directory. I also found a temporary virus file on my Windows filesystem (and i deleted it using captive-ntfs because my Windows partition is using NTFS)
How to do it
First you must obtain and install Wine from http://www.winehq.org, follow the installation procedure for your Linux distribution. Download stinger, and from the directori where stinger resides, type
wine ./stinger.exe
Some warning might appear, you can safely ignore it. Select the folder you would like to scan, if you wanted to scan Windows partition, you must mount the partition and you must have right to access the partition.
Free Software alternative: ClamAV
This is free (as in speech) program that can scan for virusses and deletes them (current version can't fix your files). A Windows version also exists if you wanted to scan your virus from Windows.