ClamAV
- You need to choose a distribution you like (not that hard, but make sure the distro has access to ClamAV).
If you're not sure, I recommend Ubuntu (whatever the current Long Term Service version is) LTS
- Install the distro onto a USB External Hard Drive (USB3 is obviously the best option as it will run faster on systems that support it).
ClamAV uses definition files for viruses on multiple platforms including (and mostly from) Windows. In fact, they use the same definition files as all the other AV solutions out there.
To install just do the following commands in terminal (at least for Ubuntu based distros).
sudo apt-get install clamav -y
You’ll be prompted for your password for super user access.
Next you’ll want to get the latest virus and malware definition files for ClamAV. To do this enter the command
sudo freshclam
You need to find and mount the main Windows partition of the installed / infected disk.
To find the partition do
sudo fdisk -l
(That’s a lowercase L at the end).
Once you find the partition(s) you need / want to scan, you’ll need to mount it (them), so create a directory called Windows in the /mnt directory.
cd /mnt
sudo mkdir Windows
Then you’ll mount the drive to the directory you just created.
sudo mount -t ntfs -o nls=utf8, umask=0222 /dev/<drive from fdisk> /mnt/Windows
You’ll want to replace the with the actual drive info you found in the fdisk stop.
Now you’ll want to set a temporary location to store any infected files you find.
cd /tmp
sudo mkdir virus
Now you can give the command to scan with ClamAV and have it move any infected files to the /tmp/virus directory.
The nice thing about this is that on reboot, the directory is wiped out.
sudo clamscan -r --move=/tmp/virus /mnt/Windows
When complete you can amount the drive, and mount another if you need to scan more than one.