Statistics

On 30/05/2020 02:49
Repositories 3
Followers 5
Commits 130
Watchers 4

News

First article about Decontamine_Linux

Me first article about Decontamine_Linux adapted from the original post from dev.to

Decontamine_Linux, your usb devices cleaning station

You are an IT security specialist in your firm and you are always wondering "How the heck can I limit virus spreading from USB devices in this damn information system ?"

Your boss won't let you buy this very expensive USB kiosk you saw during your last trip in a cyber security trade show ?

The tool I'm going to present you might be the solution !

Decontamine_Linux, a Python script I have been working on, aims to scan and clean your USB devices (keys, hard drives) from viruses. It can also scan CD/DVD in read only mode.
It automatically detects your devices, lets you choose the one you want to scan then runs scanning tools in multiple threads.

It asks you if you want to delete viruses and eventually generates a report you can read and save on your device.

Currently its compatible with 3 antivirus:
    Clamav
    Sophos
    F-Secure
I have been planning to add more and also add other (open source) scanning tools targeting specific files.

Use case
    Setup an hardening Debian system on a computer with antivirus and Decontamine_Linux
    Enable persistence of the script
    Kindly ask your colleagues, with the blessing of your boss, to systematically scan their USB devices before plugging in their computer
    Marvel about the decreased of security incidents related to USB devices in your company
Demo virus scan Interested ? : visit Decontamine_Linux project page !

You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !

If you like this project, please share it and star it !
You can also buy me a coffee ;) !

PS : Why this name ? At the beginning, I created Decontamine to run on Windows (there are still running Windows Decontamine stations at the organization I originally developed it between 2015 and 2018), one day I realize it would be better to run it on Linux.
So, after this former employer had accepted this software to go open source, I have been rewriting everything especially for Linux.

PS2 : As a cybersecurity specialist, you should sensitize your colleagues to the hazardousness of USB devices !

Major update for Decontamine_Linux

Major update for Decontamine_Linux.
I made some improvements since January.

Here are the big changes :
  • multithreading scans (all tools scan at the same time)
  • viruses found will be displayed in a table at the end of the scan
  • user will be prompt to remove viruses at the end of the scan
  • rename modules, functions, variables, etc. according PEP8 convention
  • code cleaning
  • fully unmount and eject/power-off all type of devices at the end of the scan
Example of scanning result :
virus_numvirus_namevirus_type['ClamAV', 'F-Secure', 'Sophos']
1/media/dev/testkey/eicartestfileClamav.Test.File-7['X', 'X', 'X']
2/media/dev/testkey/virusTestClamav.Test.File-7['X', 'X', 'X']
3/media/dev/testkey/boot/zerrgzzazfbClamav.Test.File-7['X', 'X', 'X']
4/media/dev/testkey/boot/gfdFFezfClamav.Test.File-7['X', 'X', 'X']
This example shows that all the tools have detected 4 viruses.

Major update for ScanPC

Major update for ScanPC.
It now generates HTML report with CSV files resulting of the various scans.

Several scans are now displayed in HTML tables :
  • the users details
  • the share folders
  • the Windows updates (KB)
  • the network interfaces
  • the drives
  • the processes
  • the services
  • the network connections
  • the installed softwares
Example of output from installed software table :
NameVersionPublisherLocation
7-Zip 16.02 (X64)16.02Igor PavlovC:\Program Files\7-Zip\
Android Studio1.0Google Inc.
Audacity 2.1.22.1.2Audacity TeamC:\Program Files (x86)\Audacity\
Cisco Packet Tracer 6.3Cisco Systems, Inc.C:\Program Files (x86)\Cisco Packet Tracer 6.3\
Cpuid Cpu-Z 1.861.86CPUID, Inc.C:\Program Files\CPUID\CPU-Z\
Dev-C++5.11Bloodshed Software
Freeplane1.6.15Open sourceC:\Program Files\Freeplane\
Hex Workshop V6.86.8.0.5419BreakPoint SoftwareC:\Program Files\BreakPoint Software\Hex Workshop v6.8\
Ida Freeware V7.0Hex-Rays SAC:\Program Files\IDA Freeware 7.0\
Intel(R) Processor Graphics10.18.14.4414Intel CorporationC:\Program Files (x86)\Intel\Intel(R) Processor Graphics
Intel® Hardware Accelerated Execution Manager6.0.4Intel Corporation
Java 8 Update 2118.0.2110.12Oracle CorporationC:\Program Files (x86)\Java\jre1.8.0_211\
Java Auto Updater2.8.211.12Oracle Corporation
Java Se Development Kit 7 Update 79 (64-Bit)1.7.0.790OracleC:\Program Files\Java\jdk1.7.0_79\
Libreoffice 5.3.6.15.3.6.1The Document FoundationC:\Program Files (x86)\LibreOffice 5\
[ 1 ] 2 3