Avast Raid 1 Ubuntu 710

Avast Business Avast Business for Linux
1

I have never had virus problems as serious as the ones I am facing right now.

My personal OS is Ubuntu 710. I am trying to clean up viruses on a few of my family WinXP boxes on a home network. All four machines have been disconnected from the network/internet except when I am checking them. I use Ubuntu 710 Live CD on the XP boxes and install Avast after booting up.

The problem I have is related to an XP Pro SP2 box that had two NTFS drives set up as Raid 1. The Raid 1 is used for storage only. The C:\ drive with th XP OS on it is infected and has been removed for now. I do not keep data on the same drives as the OS. After taking out the XP HDD, I disconnected the Raid and did a fresh install of Ubuntu 710 on a spare HDD and did all the upgrades. After installing Avast Linux I reconnected the Raid and began looking for infected files.

It appears to me that both drives on the Raid need to be scanned separately. Is this correct?

Assuming this to be true and I am currently scanning each of the two Raid 1 NTFS drives by itself with both connected. During the scan one of the drives shows:
“Current Scanner Status” is listed as “Infected”
Just what does this mean? How many files are infected? Do I wait till the end to find out how many files are infected? And when I find out which files are infected do I delete the identical files on each drive in the Raid?

Thanks for the help.
Jaybob

2
The problem I have is related to an XP Pro SP2 box that had two NTFS drives set up as Raid 1....

The problem I have is related to an XP Pro SP2 box that had two NTFS drives set up as Raid 1.

There are potentially two issues here:

  1. You should check to determine whether your Ubuntu Live CD supports full read/write access to NTFS volumes. If not, scanning in that way is not going to do you much good.

  2. If your RAID 1 mirror set was installed as “software RAID” under Windows, then yes, you’ll need to scan both drives independently. If it was set up as “hardware RAID”, then you should only need to scan/repair the one volume as changes to the master drive are automatically copied to the mirror drive. The OS should really only see one drive volume.

I’m not sure what the “infected” status means in your case. Are using the GUI or the command line? If the latter, have you passed the proper flag for managing the scan action? (I haven’t used the GUI, yet.)

From the ‘avast’ man page:

-p, --continue=NUMBER allows setting of an action to be automatically performed: delete file - 1, repair file - 3, user input - 4