Free or trial anti-virus software needed

[Tripredacus]

We have a file server that we learned is possible that it may be infected with a virus. This server is on a private LAN that does not have internet access. It is not connected to our domain, but we plan on putting a domain controller on it in the future. It runs Server 2003 Standard 64bit. Because it is not a part of our corporate domain, nor does it have access to it, we are unable (and at this time unwilling) to install our managed Anti-virus client (Trend Micro) on it.

So I am in search for a freeware/trialware Anti-virus program that will install on this OS. I know AVGFree will not install. The ability to update it is not a concern right now as we just need something to hold us over until we put the domain controller in. Our future domain controller will run its own Trend Management Console.

Also, I am interested in any Anti-virus server software (not an appliance, and can work with the above OS) that is capable of scanning network computers for viruses without installing any client software on them. This software does not require to be free, but should not involve purchasing a crazy amount of software, for example I know that Altiris has/had this capability.

Thanks.

[bj-kaiser]

if you already suspect the computer to be infected, wouldn't it be better to run a AV software from another CD booted operating system? Not to mention a re-installation.

Avira has a boot disk for free, as far as I understand it, the download should be mostly up to date.

http://www.free-av.de/en/tools/12/avira_an...cue_system.html

Then there is the SystemRescueCD with ClamAV, not the best choice, but a) its free and B) you also have a clean system here. However, you would need to update the definition files.

http://www.sysresccd.org/

[jaclaz]

Yes, if the infection is "smart" enough, it won't let you install a scanning engine without attempting to modify it, and if the Anti-virus is "smart" enough won't let anything modify it's own files and will fail the install.

A good CATCH 22 situation.

Scanning the system off-line using a dos, linux or PE based bootdick/CD/DVD is the way to go.

jaclaz

[Tripredacus]

The first part has been taken care of... now to just handle client machines. We can't take the time to put a CD into every machine. We move between 500-1000 machines a week. Using CDs is not an acceptable solution, as it not only takes time, but also keeps machines sitting in one place too long. Active monitoring is required. Also scanning offline hard-disks are not acceptable either since that doesn't take into account anything running in active-memory or at the start of the OS.

But regarding the server itself... another thing we can't just take the drive out and scan it... It runs a 1.7TB RAID6

[bj-kaiser]

Active monitoring is required. Also scanning offline hard-disks are not acceptable either since that doesn't take into account anything running in active-memory or at the start of the OS.

Active monitoring makes sense on a CLEAN system. If you already suspect an infection, nowadays malware can hide from the AV or manipulate it (especially when the malware is running), as jaclaz already said. It is pretty much pointless to install AV on a compromised system.

Yes, I get the idea that malware authors could be clever enough to wrap up their crap on shutdown to avoid detection by offline scanners. But to manipulate the file/memory access and whatnot of another OS, that just accesses the disk for scanning and doesnt execute files, should be pretty unlikely.

However, IMO offline system scan is your best bet. and even after cleaning, good practice would be to reinstall/restore the system to a clean state.

[Tripredacus]

For the client machines, it is more of a preventative measure. The client machines will be CLEAN machines, so that may be an option for them. The server, however, isn't. Offline servicing would be very difficult, and we just can't revert it to a clean state, as it has over 1TB of data on it!

[hj_fr]

Some Free antivirus software x64 compatible exist:

- Avast

- Antivir