Sunday, 17 August 2014

Add Desinfect+Persistent Virus Updates to your Easy2Boot USB drive

Here are the steps to add the Desinfect 2014 (and 2015/2016/2017) ISO to you E2B USB drive and have persistent virus definition updates too ...

As well as your E2B USB drive, you will need a spare 4GB or larger USB Flash drive that can be wiped - otherwise you will need a previously-made desinfect bootable Flash drive. This spare drive is not needed once the E2B installation has been completed.

I also had an internet connection (via Ethernet) connected to the system so that I could get the latest updates.

Direct link to .mnu file for persistent updates here and also the .mnu file is in the E2B's \_ISO\docs\Sample mnu Files folder.

If you are new to Easy2Boot, the instructions here may help too.
You can, of course, add 100's of different  linux LiveCD ISO files or Windows Installer ISOs or 100's of other files to the E2B drive as well as Desinfect! See here for a list of tested payload files.

Tip: Before you begin, I suggest you just first use a spare USB Flash drive to install Desinfect onto. You will need this anyway, so it is best to create one now and check it works!

If you have more than one Desinfect (e.g. 2016 and 2017) on the same E2B USB drive, you will need to change the name of the \desinfect-rw file in one of the .mnu files (e.g. use \desinf2016-rw for the 2016 .mnu file and create a new \desinf2017-rw ext2 file using RMPrepUSB).

Instructions (2014-2016)

On your E2B USB drive...

1. Make an ext2 file -  the Volume Name of the ext2 file must be desinfSIGS - create a 1000-2000 MB ext2 file using RMPrepUSB - Create Ext2 FS as follows:

File Name       = desinfect-rw  (must match the filename specified in the .mnu file)
Volume Name = desinfSIGS    (do not change!)
Size                 = 2000 MB        (1000MB minimum but I suggest larger to allow for more updates)

Note: ext3 is less prone to file corruption than ext2. You may wish to use ext3 instead of ext2 (untested).

2. Add the .ISO to your E2B drive (name must be ct_desinfect_2014.iso) as well as the .mnu file - e.g. you should now have added to your E2B USB drive:
  • \desinfect-rw
  • \_ISO\MAINMENU\MNU\ct_desinfect_2014.iso
  • \_ISO\MAINMENU\MNU\Desinfect_2014_with_Updates.mnu (find it in the \_ISO\docs\Sample mnu Files folder)
Or for Desinfect 2015:
  • \desinfect-rw
  • \_ISO\MAINMENU\MNU\desinfect-2015.iso  (extracted from original ISO file)
  • \_ISO\MAINMENU\MNU\Desinfect_2015_with_Updates.mnu (download from the E2B Alternate Download Area if not in the \_ISO\docs\Sample mnu Files folder)
Don't forget to run WinContig (RMPrepUSB - Ctrl+F2) to make all files contiguous! You can use any of the \_ISO\XXX\MNU folders depending on what menu you want desinfect to be listed in.

3. Boot from the E2B drive to desinfect - this must be done on a real system, NOT a VM.

4. We now need to copy the signature files from a Desinfect bootable USB Flash drive that has been made by the Desinfect 'Create USB' utility. If you don't already have one, then make one now...

Insert a spare 4GB or larger USB Flash drive into the system and click on the Desktop icon to 'Create bootable USB drive with desinfect' - follow the prompts to create a Bootable USB drive - untick the  'Kompatibilitat' box or else your will get a GPT disk!

After the USB drive has been made, you should be asked if you want to copy the latest updates - I chose Yes at this point. If you choose No then there will be no new updates and you will have to update the E2B ext2 partition later anyway. The update download can take quite a while (e.g. 40 minutes to 2 hours!). If you just want to get the E2B USB drive working without waiting an hour or more then choose No.

5. Shutdown desinfect.

6. Remove the spare USB Flash drive (important!) and reboot from the E2B drive to desinfect again (English or default German language).

7. Insert the spare USB Flash drive again - Ubuntu should now mount all the 3 partitions on that drive including the desinfSIGS partition that is on the spare USB Flash drive and which contains the virus signatures.

Note: if you have both a desinfSIGS and desinfSIGS_ volume - you did not correctly follow these instructions! One will be the E2B ext2 volume and the other will be the spare Flash drive volume you just created! Shutdown and try again from step 6 or step 1!

8. The spare flash drive 'signatures' volume should be mounted at /media/desinfSIGS - we now need to copy the contents to our ext2 filesystem as follows:

For 2015: the signatures are at /media/desinfect/desinfSIGS

Open a command console window and type the blue text below:

df                          (find the E2B ext2 partition - e.g. /dev/sdb3)

sudo fdisk -l           (looks at all disks - see screenshot below)

ls /media/desinfSIGS/ (2014 only)
    OR
ls /media/desinfect/desinfSIGS/  (2015 - check you have the desinfect-signatures persistent  lost+found logs config folders and several other files present)

mkdir ss

sudo mount /dev/sdb3 ss     (assumes sdb3 is your E2B ext2 partitition made from desinfect-rw)

ls ss -la                       (should list lost+found only)

sudo cp -pur /media/desinfSIGS/.   ss   (many files will be copied - note the /. is important do NOT use /* - for 2015 use /media/desinfect/desinfSIGS/.)
                                   instead of the cp command you can try   rsync -avHP (source) (target)

ls ss -la                (check all files/folders have been copied)
   Note: For Desinfect 2015, the empty, hidden file .desinfect2015 MUST be present)

sudo umount ss

Example of sudo fdisk -l  command:
In this example sda3 is the correct device (sda4 is the ISO).

For the 2015 version, make sure  .desinfect2015 is present (for 2015 version)!

9. Shutdown Desinfect - and now remove the spare USB Flash drive - we won't need this again.

10. Now boot to Desinfect from the E2B drive and click on the 'Viren-Signaturen aktualisieren' shortcut - it should report that you have all the latest updates.

in RAM = did not work!                       on USB = it worked!

Desinfect shows the signatures in RAM or they are now on the USB drive

Tip: Make a backup of the \desinfect-rw file, zip it up and keep it in a safe place. If you ever need to reformat your E2B drive or if the ext2 file on the E2B drive gets corrupted, you can easily restore it!


UEFI booting with persistence

Once you have normal MBR booting working as detailed above, you can convert the image to UEFI-boot as follows:

1. Drag-and-Drop the ct_Desinfect_2014.iso file onto the MPI ToolKit  MPI_FAT32  MakePartImage Desktop shortcut on your Windows Desktop to make a ct_Desinfect_2014.imgPTN file. See here for details.

2. Copy the ct_Desinfect_2014.imgPTN file to the \_ISO\MAINMENU folder

3. Move the \desinfect-rw file to the \_ISO\MAINMENU folder

Note: If you wish, you can put both files in a different menu folder - e.g. \_ISO\ANTIVIRUS.

4. Rename the desinfect-rw file to \_ISO\MAINMENU\ct_Desinfect_2014   (i.e. the file name must be identical to the .imgPTN file name but have no file extension)

e.g. we now have:
\_ISO\MAINMENU\ct_Desinfect_2014                  - was desinfect-rw
\_ISO\MAINMENU\ct_Desinfect_2014.imgPTN   - image partition file

5. The ct_Desinfect_2014.iso file and .mnu file in \_ISO\MAINMENU\MNU are no longer required and can be deleted.

6. (optional) - create a \_ISO\MAINMENU\ct_Desinfect_2014.txt file with whatever menu title you require - e.g.

title Desinfect with Signature updates (MBR+UEFI)\n Normal BIOS MBR mode or UEFI mode

7. Finally, don't forget to run WinContig on the E2B USB drive (RMPrepUSB - Ctrl+F2)

You can now select the ct_Desinfect_2014.imgPTN menu entry and it will switch in the new FAT32 partition and display the CSM boot menu.


Tip: E2B v.1.60+ supports the .imgPTNauto file extension to go straight to the CSM menu without a user prompt to switch partitions. So when it is all working, just rename the .imgPTN file to .imgPTNauto.

From the CSM menu you can boot in UEFI-mode using Clover (64-bit systems only) or boot in normal MBR-mode. You can also reboot the computer and then boot from the E2B USB drive in UEFI-mode by selecting the BIOS UEFI USB boot option.

Note: Desinfect does not support 32-bit UEFI booting.

If you want to UEFI-boot from a system that does not support CSM/MBR booting, you can run RMPrepUSB - QEMU or  VirtualBox+VMUB or MobaLiveCD or the QEMU Test boot.cmd file in the root of the E2B USB drive or \_ISO\SWITCH_E2B.exe, to boot from the E2B USB drive first under Windows - then you can select the .imgPTN menu entry to switch to the CSM menu before you connect the E2B USB drive to the target UEFI system.

Desinfect 2017 ISO

You will need a spare 8GB+ USB Flash drive to create a Desinfect USB drive.

I used ct_desinfect_2017_18.iso This is available on the DVD insert of the c't wissen Desinfec't 2017/18 special issue at https://shop.heise.de/katalog/ct-wissen-desinfect-2017.
1. Add the .ISO file to your E2B USB drive at \_ISO\ANTIVIRUS

2. Boot to the ISO and create a Desinfect USB Flash drive using the icon on the Desktop.

I unticked the 'Compat' checkbox before making a USB drive, but I don't think it is necessary for these instructions (?).

3. Add the Desinfect_2017_Updates.mnu file to \_ISO\ANTIVIRUS and edit it so it has the exact name of your ISO file (two edits).

4. Use RMPrepUSB to create a 2GB (or larger) persistent file:

Make an ext3 file -  the Volume Name of the ext2 file must be desinfSIGS - create a 2000-3000 MB ext3 file using RMPrepUSB - Create Ext2 FS as follows:

File Name       = desinfect-rw  (must match the filename specified in the .mnu file)
Volume Name = desinfSIGS    (do not change!)
Size                 = 2000 MB        (2000MB minimum but I suggest larger to allow for more updates)

I suggest 2500MB, currently 1.4GB seems to be used.

5. Boot to E2B and select the desinfect menu (not the ISO file).
Allow Desinfect to boot and then you must ShutDown. 

IMPORTANT: Do NOT reboot to E2B after doing this or the next step will not work.


REMOVE THE E2B USB DRIVE FROM THE SYSTEM NOW.

The 3rd partition entry on the E2B drive will now contain the ext3 file.


5. On a real system (not a VM), connect the Desinfect USB flash drive (only) and boot.

Ensure the status table at the top right of the desinfect Desktop says 'Signaturen auf USB'.

Click on the Update Download icon to get the latest updates, so we can copy them later on.

6. Now connect E2B USB drive to the same system whilst it is running Desinfect. We now need to copy the signature files from the Desinfect flash drive to our E2B ext3 file:

X in my case was c (e.g. /dev/sdc3)...

sudo fdisk -l  - ensure sdX3 is present and the correct size - e.g. 1.9GB
sudo mkdir ss
sudo mount /dev/sdX3 ss
sudo rsync -avHP /opt/desinfect/signatures/ ss/ --exclude swap.img    - note / at end of paths!
sudo umount ss

If the copy process goes wrong, you can delete the files from ss/ using sudo rm -rf ss/

7. Now shutdown Desinfect and try booting from the E2B menu entry.

You may see a 'Trouble' pop-up, if so, just close it and continue to the Desktop.

Check that the update status box shows the latest updates and try to re-update it.

A df command should list /dev/sdX3 as being mounted on /opt/desinfect/signatures.

8. Finally, you can move the ISO file and the .mnu file to the \_ISO\ANTIVIRUS\MNU folder, so that you will not see a menu entry for the ISO file in the Antivirus menu.

Desinfect_2017_18_with_Updates.mnu

# Make a \desinfect-rw ext3 file using RMPrepUSB in the root of the drive using RMPrepUSB
# File Name=desinfect-rw  Volume Name=desinfectSIGS size=2000MB to 3000MB
# Place this .mnu file and the ISO in either \_ISO\ANTIVIRUS or \_ISO\ANTIVIRUS\MNU
# This menu will work even on an NTFS USB boot drive
# IMPORTANT: you MUST run WinContig (Ctrl+F2) before booting E2B.

# You MUST follow the instructions at...
# http://rmprepusb.blogspot.co.uk/2014/08/add-desinfect-2014-persistent-virus.html and use sudo rsync -avHP /opt/desinfect/signatures/ ss/ --exclude swap.img   to copy the signatures


iftitle [if exist $HOME$/ct_desinfect_2017_18.iso] Desinfect 2017 + Updates\n Boot using .mnu file with persistent updates
set ISO=ct_desinfect_2017_18.iso

if exist CD echo WARNING: Cannot use partnew command! && pause && configfile (bd)/menu.lst
if "%E2BDEV%"=="" set E2BDEV=hd0 && pause E2BDEV forced to hd0!
set PER=/desinfect-rw
#enable parttype output
debug 1
parttype (%E2BDEV%,2) | set check=
debug off
set check=%check:~-5,4%
# make empty table entry in 3rd position in ptn table
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0 0 0
if not "%check%"=="0x00" echo WARNING: PTN TABLE 3 IS ALREADY IN USE - PERSISTENCE MAY NOT WORK! && pause
debug 1
if not exist %PER% echo WARNING: %PER% persistence file not found! Press a key to continue... && pause
errorcheck off
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0x0 %PER% && echo -e PERSISTENCE FOR UPDATES IS ENABLED\n\n
errorcheck on

#Language
set L=debian-installer/language=de console-setup/layoutcode?=de
echo
set ask=
set /p:3 ask=Press E and [Enter] for English (within 3 seconds)... 
echo
if /i "%ask%"=="E" set L=

#Set language by uncommenting line below and changing it as required
#set L=debian-installer/language=en console-setup/layoutcode?=en

#map ptn 4 to ISO
partnew (%E2BDEV%,3) 0x0 $HOME$/%ISO% > nul
map $HOME$/%ISO% (0xff) > nul
map --hook > nul
root (0xff) > nul

set A=file=/cdrom/preseed/ubuntu.seed boot=casper 

if exist /software/desinfect.iso set B=iso-scan/filename=
if exist /software/desinfect.iso set INTISO=/software/desinfect.iso
if exist INTISO if not exist %INTISO% echo ERROR: INTISO is set to %INTISO% but it is not present inside %ISO% && pause
echo

set C=quiet splash memtest=4 

#mode = native=nonet xfce easymode or none = unity or nomodeset
#options are: nonet xfce easymode nomodeset
echo N = Native (no net)
echo X = xfce
echo S = Safe (nomodeset)
echo E = Easymode
echo U = Unity Desktop
echo 
set ask=X
set /p ask=Choose mode ([X],N,S,E,U) : 
echo
if /i "%ask%"=="X" set mode=xfce
if /i "%ask%"=="S" set mode=nomodeset
if /i "%ask%"=="E" set mode=easymode
if /i "%ask%"=="U" set mode=
if /i "%ask%"=="N" kernel /casper/vmlinuz nonet && initrd /casper/initrd.str && boot

#pause kernel /casper/vmlinuz %A% %B%%INTISO% %C% %mode% -- %L%

kernel /casper/vmlinuz %A% %B%%INTISO% %C% %mode% -- %L% > nul
initrd /casper/initrd.lz > nul
boot


Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.