First article about Decontamine_Linux
Me first article about Decontamine_Linux
adapted from the original post from dev.to
Your boss won't let you buy this very expensive USB kiosk you saw during your last trip in a cyber security trade show ?
The tool I'm going to present you might be the solution !
Decontamine_Linux, a Python script I have been working on, aims to scan and clean your USB devices (keys, hard drives) from viruses. It can also scan CD/DVD in read only mode.
It automatically detects your devices, lets you choose the one you want to scan then runs scanning tools in multiple threads.
It asks you if you want to delete viruses and eventually generates a report you can read and save on your device.
Currently its compatible with 3 antivirus:
Use case
Interested ? : visit Decontamine_Linux project page !
You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !
If you like this project, please share it and star it !
You can also buy me a coffee ;) !
PS : Why this name ? At the beginning, I created Decontamine to run on Windows (there are still running Windows Decontamine stations at the organization I originally developed it between 2015 and 2018), one day I realize it would be better to run it on Linux.
So, after this former employer had accepted this software to go open source, I have been rewriting everything especially for Linux.
PS2 : As a cybersecurity specialist, you should sensitize your colleagues to the hazardousness of USB devices !
[ 1 ] 2 3
Decontamine_Linux, your usb devices cleaning station
You are an IT security specialist in your firm and you are always wondering "How the heck can I limit virus spreading from USB devices in this damn information system ?"Your boss won't let you buy this very expensive USB kiosk you saw during your last trip in a cyber security trade show ?
The tool I'm going to present you might be the solution !
Decontamine_Linux, a Python script I have been working on, aims to scan and clean your USB devices (keys, hard drives) from viruses. It can also scan CD/DVD in read only mode.
It automatically detects your devices, lets you choose the one you want to scan then runs scanning tools in multiple threads.
It asks you if you want to delete viruses and eventually generates a report you can read and save on your device.
Currently its compatible with 3 antivirus:
- Clamav
- Sophos
- F-Secure
Use case
- Setup an hardening Debian system on a computer with antivirus and Decontamine_Linux
- Enable persistence of the script
- Kindly ask your colleagues, with the blessing of your boss, to systematically scan their USB devices before plugging in their computer
- Marvel about the decreased of security incidents related to USB devices in your company
Interested ? : visit Decontamine_Linux project page !
You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !
If you like this project, please share it and star it !
You can also buy me a coffee ;) !
PS : Why this name ? At the beginning, I created Decontamine to run on Windows (there are still running Windows Decontamine stations at the organization I originally developed it between 2015 and 2018), one day I realize it would be better to run it on Linux.
So, after this former employer had accepted this software to go open source, I have been rewriting everything especially for Linux.
PS2 : As a cybersecurity specialist, you should sensitize your colleagues to the hazardousness of USB devices !
Major update for Decontamine_Linux
Major update for Decontamine_Linux.
I made some improvements since January.
Here are the big changes :
This example shows that all the tools have detected 4 viruses.
I made some improvements since January.
Here are the big changes :
- multithreading scans (all tools scan at the same time)
- viruses found will be displayed in a table at the end of the scan
- user will be prompt to remove viruses at the end of the scan
- rename modules, functions, variables, etc. according PEP8 convention
- code cleaning
- fully unmount and eject/power-off all type of devices at the end of the scan
| virus_num | virus_name | virus_type | ['ClamAV', 'F-Secure', 'Sophos'] |
|---|---|---|---|
| 1 | /media/dev/testkey/eicartestfile | Clamav.Test.File-7 | ['X', 'X', 'X'] |
| 2 | /media/dev/testkey/virusTest | Clamav.Test.File-7 | ['X', 'X', 'X'] |
| 3 | /media/dev/testkey/boot/zerrgzzazfb | Clamav.Test.File-7 | ['X', 'X', 'X'] |
| 4 | /media/dev/testkey/boot/gfdFFezf | Clamav.Test.File-7 | ['X', 'X', 'X'] |
Major update for ScanPC
Major update for ScanPC.
It now generates HTML report with CSV files resulting of the various scans.
Several scans are now displayed in HTML tables :
It now generates HTML report with CSV files resulting of the various scans.
Several scans are now displayed in HTML tables :
- the users details
- the share folders
- the Windows updates (KB)
- the network interfaces
- the drives
- the processes
- the services
- the network connections
- the installed softwares
| Name | Version | Publisher | Location |
|---|---|---|---|
| 7-Zip 16.02 (X64) | 16.02 | Igor Pavlov | C:\Program Files\7-Zip\ |
| Android Studio | 1.0 | Google Inc. | |
| Audacity 2.1.2 | 2.1.2 | Audacity Team | C:\Program Files (x86)\Audacity\ |
| Cisco Packet Tracer 6.3 | Cisco Systems, Inc. | C:\Program Files (x86)\Cisco Packet Tracer 6.3\ | |
| Cpuid Cpu-Z 1.86 | 1.86 | CPUID, Inc. | C:\Program Files\CPUID\CPU-Z\ |
| Dev-C++ | 5.11 | Bloodshed Software | |
| Freeplane | 1.6.15 | Open source | C:\Program Files\Freeplane\ |
| Hex Workshop V6.8 | 6.8.0.5419 | BreakPoint Software | C:\Program Files\BreakPoint Software\Hex Workshop v6.8\ |
| Ida Freeware V7.0 | Hex-Rays SA | C:\Program Files\IDA Freeware 7.0\ | |
| Intel(R) Processor Graphics | 10.18.14.4414 | Intel Corporation | C:\Program Files (x86)\Intel\Intel(R) Processor Graphics |
| Intel® Hardware Accelerated Execution Manager | 6.0.4 | Intel Corporation | |
| Java 8 Update 211 | 8.0.2110.12 | Oracle Corporation | C:\Program Files (x86)\Java\jre1.8.0_211\ |
| Java Auto Updater | 2.8.211.12 | Oracle Corporation | |
| Java Se Development Kit 7 Update 79 (64-Bit) | 1.7.0.790 | Oracle | C:\Program Files\Java\jdk1.7.0_79\ |
| Libreoffice 5.3.6.1 | 5.3.6.1 | The Document Foundation | C:\Program Files (x86)\LibreOffice 5\ |