Sunday 17 August 2014

Add Desinfect+Persistent Virus Updates to your Easy2Boot USB drive

Here are the steps to add the Desinfect 2014 (and 2015/2016/2017/2018/201819) ISO to you E2B USB drive and have persistent virus definition updates too ...


As well as your E2B USB drive, you will need a spare 4GB or larger USB Flash drive that can be wiped - otherwise you will need a previously-made desinfect bootable Flash drive. This spare drive is not needed once the E2B installation has been completed.

I also had an internet connection (via Ethernet) connected to the system so that I could get the latest updates.

Direct link to .mnu file for persistent updates here and also the .mnu file is in the E2B's \_ISO\docs\Sample mnu Files folder.

If you are new to Easy2Boot, the instructions here may help too.
You can, of course, add 100's of different  linux LiveCD ISO files or Windows Installer ISOs or 100's of other files to the E2B drive as well as Desinfect! See here for a list of tested payload files.

Tip: Before you begin, I suggest you just first use a spare USB Flash drive to install Desinfect onto. You will need this anyway, so it is best to create one now and check it works!

If you have more than one Desinfect (e.g. 2016 and 2017) on the same E2B USB drive, you will need to change the name of the \desinfect-rw file in one of the .mnu files (e.g. use \desinf2016-rw for the 2016 .mnu file and create a new \desinf2017-rw ext file using RMPrepUSB).

Tip: If you want English+USA keyboard, when at the linux boot menu when booting from the ISO, press TAB and edit the kernel parameters to change 'de' to 'en' (in two places).

Instructions (2014-2016)

On your E2B USB drive...

1. Make an ext2 file -  the Volume Name of the ext2 file must be desinfSIGS - create a 1000-2000 MB ext2 file using RMPrepUSB - Create Ext2 FS as follows:

File Name       = desinfect-rw  (must match the filename specified in the .mnu file)
Volume Name = desinfSIGS    (do not change!)
Size                 = 2000 MB        (1000MB minimum but I suggest larger to allow for more updates)

Note: ext3 is less prone to file corruption than ext2. You may wish to use ext3 or ext4 instead of ext2 (untested).

2. Add the .ISO to your E2B drive (name must be ct_desinfect_2014.iso) as well as the .mnu file - e.g. you should now have added to your E2B USB drive:
  • \desinfect-rw
  • \_ISO\MAINMENU\MNU\ct_desinfect_2014.iso
  • \_ISO\MAINMENU\MNU\Desinfect_2014_with_Updates.mnu (find it in the \_ISO\docs\Sample mnu Files folder)
Or for Desinfect 2015:
  • \desinfect-rw
  • \_ISO\MAINMENU\MNU\desinfect-2015.iso  (extracted from original ISO file)
  • \_ISO\MAINMENU\MNU\Desinfect_2015_with_Updates.mnu (download from the E2B Alternate Download Area if not in the \_ISO\docs\Sample mnu Files folder)
Don't forget to run WinContig (RMPrepUSB - Ctrl+F2) to make all files contiguous! You can use any of the \_ISO\XXX\MNU folders depending on what menu you want desinfect to be listed in.

3. Boot from the E2B drive to desinfect - this must be done on a real system, NOT a VM.

4. We now need to copy the signature files from a Desinfect bootable USB Flash drive that has been made by the Desinfect 'Create USB' utility. If you don't already have one, then make one now...

Insert a spare 4GB or larger USB Flash drive into the system and click on the Desktop icon to 'Create bootable USB drive with desinfect' - follow the prompts to create a Bootable USB drive - untick the  'Kompatibilitat' box or else your will get a GPT disk!

After the USB drive has been made, you should be asked if you want to copy the latest updates - I chose Yes at this point. If you choose No then there will be no new updates and you will have to update the E2B ext partition later anyway. The update download can take quite a while (e.g. 40 minutes to 2 hours!). If you just want to get the E2B USB drive working without waiting an hour or more then choose No.

5. Shutdown desinfect.

6. Remove the spare USB Flash drive (important!) and reboot from the E2B drive to desinfect again (English or default German language).

7. Insert the spare USB Flash drive again - Ubuntu should now mount all the 3 partitions on that drive including the desinfSIGS partition that is on the spare USB Flash drive and which contains the virus signatures.

Note: if you have both a desinfSIGS and desinfSIGS_ volume - you did not correctly follow these instructions! One will be the E2B ext volume and the other will be the spare Flash drive volume you just created! Shutdown and try again from step 6 or step 1!

8. The spare flash drive 'signatures' volume should be mounted at /media/desinfSIGS - we now need to copy the contents to our ext filesystem as follows:

For 2015: the signatures are at /media/desinfect/desinfSIGS

Open a command console window and type the blue text below:

df                          (find the E2B ext partition - e.g. /dev/sdb3)

sudo fdisk -l           (looks at all disks - see screenshot below)

ls /media/desinfSIGS/ (2014 only)
    OR
ls /media/desinfect/desinfSIGS/  (2015 - check you have the desinfect-signatures persistent  lost+found logs config folders and several other files present)

mkdir ss

sudo mount /dev/sdb3 ss     (assumes sdb3 is your E2B ext partitition made from desinfect-rw)

ls ss -la                       (should list lost+found only)

sudo cp -pur /media/desinfSIGS/.   ss   (many files will be copied - note the /. is important do NOT use /* - for 2015 use /media/desinfect/desinfSIGS/.)
                                   instead of the cp command you can try   rsync -avHP (source) (target)

ls ss -la                (check all files/folders have been copied)
   Note: For Desinfect 2015, the empty, hidden file .desinfect2015 MUST be present)

sudo umount ss

Example of sudo fdisk -l  command:
In this example sda3 is the correct device (sda4 is the ISO).

For the 2015 version, make sure  .desinfect2015 is present (for 2015 version)!

9. Shutdown Desinfect - and now remove the spare USB Flash drive - we won't need this again.

10. Now boot to Desinfect from the E2B drive and click on the 'Viren-Signaturen aktualisieren' shortcut - it should report that you have all the latest updates.

in RAM = did not work!                       on USB = it worked!

Desinfect shows the signatures in RAM or they are now on the USB drive

Tip: Make a backup of the \desinfect-rw file, zip it up and keep it in a safe place. If you ever need to reformat your E2B drive or if the ext file on the E2B drive gets corrupted, you can easily restore it!


UEFI booting with persistence

Once you have normal MBR booting working as detailed above, you can convert the image to UEFI-boot as follows:

1. Drag-and-Drop the ct_Desinfect_2014.iso file onto the MPI ToolKit  MPI_FAT32  MakePartImage Desktop shortcut on your Windows Desktop to make a ct_Desinfect_2014.imgPTN file. See here for details.

2. Copy the ct_Desinfect_2014.imgPTN file to the \_ISO\MAINMENU folder

3. Move the \desinfect-rw file to the \_ISO\MAINMENU folder

Note: If you wish, you can put both files in a different menu folder - e.g. \_ISO\ANTIVIRUS.

4. Rename the desinfect-rw file to \_ISO\MAINMENU\ct_Desinfect_2014   (i.e. the file name must be identical to the .imgPTN file name but have no file extension)

e.g. we now have:
\_ISO\MAINMENU\ct_Desinfect_2014                  - was desinfect-rw
\_ISO\MAINMENU\ct_Desinfect_2014.imgPTN   - image partition file

5. The ct_Desinfect_2014.iso file and .mnu file in \_ISO\MAINMENU\MNU are no longer required and can be deleted.

6. (optional) - create a \_ISO\MAINMENU\ct_Desinfect_2014.txt file with whatever menu title you require - e.g.

title Desinfect with Signature updates (MBR+UEFI)\n Normal BIOS MBR mode or UEFI mode

7. Finally, don't forget to run WinContig on the E2B USB drive (RMPrepUSB - Ctrl+F2)

You can now select the ct_Desinfect_2014.imgPTN menu entry and it will switch in the new FAT32 partition and display the CSM boot menu.


Tip: E2B v.1.60+ supports the .imgPTNauto file extension to go straight to the CSM menu without a user prompt to switch partitions. So when it is all working, just rename the .imgPTN file to .imgPTNauto.

From the CSM menu you can boot in UEFI-mode using Clover (64-bit systems only) or boot in normal MBR-mode. You can also reboot the computer and then boot from the E2B USB drive in UEFI-mode by selecting the BIOS UEFI USB boot option.

Note: Desinfect does not support 32-bit UEFI booting.

You may need to rename the \unused.EFI folder back to \EFI if there is no \EFI folder present.

If you want to UEFI-boot from a system that does not support CSM/MBR booting, you can run RMPrepUSB - QEMU or  VirtualBox+VMUB or MobaLiveCD or the QEMU Test boot.cmd file in the root of the E2B USB drive or \_ISO\SWITCH_E2B.exe, to boot from the E2B USB drive first under Windows - then you can select the .imgPTN menu entry to switch to the CSM menu before you connect the E2B USB drive to the target UEFI system.

Desinfect 2017/2018/201819 ISO

You will need a spare 8GB+ USB Flash drive to create a Desinfect USB drive.

I used ct_desinfect_2017_18.iso This is available on the DVD insert of the c't wissen Desinfec't 2017/18 special issue at https://shop.heise.de/katalog/ct-wissen-desinfect-2017.

1. Add the .ISO file to your E2B USB drive at \_ISO\ANTIVIRUS

2. Boot to the ISO and create a Desinfect USB Flash drive using the icon on the Desktop.

Untick the 'Compat' checkbox before making a USB drive so we get an MBR-type flash drive (the \EFI folder is renamed).

Ensure you can boot from the desinfect Flash drive (on a REAL system)  twice. The first time will create additional partitions and files. If you start a scan and add in all the AV definitions, you can determine what size of ext3 file you will need in step 4 by using the terminal  sudo df command and looking at the /opt/desinfect/signatures mount point usage ('Used' column).

3. Add the Desinfect_2017_Updates.mnu file to \_ISO\ANTIVIRUS and edit it so it has the exact name of your ISO file (two edits).

4. Use RMPrepUSB or \_ISO\docs\Make_Ext\Make_Ext.exe to create a 2GB (or larger) persistent file:

Make an ext3 file -  the Volume Name of the ext3 file must be desinfSIGS - create a 2000-4200 MB ext3 file using RMPrepUSB - Create Ext2/3/4 FS as follows:

File Name       = desinfect-rw  (must match the filename specified in the .mnu file)
Volume Name = desinfSIGS    (do not change!)
Size                 = 2000 MB        (2000MB minimum but I suggest larger to allow for more updates)

I suggest 2500MB, currently 1.4GB seems to be used.

For the 201819 version, you must use ext3 or ext4 and a size of at least 3700MB (I suggest 4200MB at least!). For 2019_12, 3.5GB should be plenty.

Note: Make_Ext.exe v1.0.0 had a bug and did not make properly formatted files, use Make_Ext.exe v1.1.0 (in E2B v1,A4+).


5. Boot to E2B and select the desinfect menu (not the ISO file).

Allow Desinfect to boot and then you must ShutDown. 

IMPORTANT: Do NOT reboot to E2B after doing this or the next step will not work.

REMOVE THE E2B USB DRIVE FROM THE SYSTEM NOW.

The 3rd partition entry on the E2B drive will now contain the ext3 file.


5. On a real system (not a VM), connect the Desinfect USB flash drive (only) and boot from it.

Tip: If you want English+USA keyboard, then at the linux boot menu, press TAB and edit the kernel parameters to change 'de' to 'en' (in two places).

Ensure the status table at the top right of the desinfect Desktop says 'Signaturen auf USB'.

Click on the Update Download icon to get the latest updates, so we can copy them later on.

6. Now connect E2B USB drive to the same system whilst it is running Desinfect. We now need to copy the signature files from the Desinfect flash drive to our E2B ext3 file:

X in my case was c (e.g. /dev/sdc3)...

sudo fdisk -l  - ensure sdX3 is present and the correct size - e.g. 1.9GB
sudo mkdir ss
sudo mount /dev/sdX3 ss
sudo rsync -avHP /opt/desinfect/signatures/ ss/ --exclude swap.img    - note / at end of paths!
sudo umount ss

If the copy process goes wrong, you can delete the files from ss/ using sudo rm -rf ss/

7. Now shutdown Desinfect and try booting from the E2B menu entry (make sure the Desinfect flash drive is not connected).

You may see a 'Trouble' pop-up, if so, just close it and continue to the Desktop.

Check that the update status box shows the latest updates in 'Signaturen auf USB' and try to re-update it.

A df command should list /dev/sdX3 as being mounted on /opt/desinfect/signatures.

8. Finally, you can move the ISO file and the .mnu file to the \_ISO\ANTIVIRUS\MNU folder, so that you will not see a menu entry for the ISO file in the Antivirus menu.

Desinfect_2017_18_with_Updates.mnu

# Make a \desinfect-rw ext3 file using RMPrepUSB in the root of the drive using RMPrepUSB
# File Name=desinfect-rw  Volume Name=desinfectSIGS size=2000MB to 3000MB
# Place this .mnu file and the ISO in either \_ISO\ANTIVIRUS or \_ISO\ANTIVIRUS\MNU
# This menu will work even on an NTFS USB boot drive
# IMPORTANT: you MUST run WinContig (Ctrl+F2) before booting E2B.

# You MUST follow the instructions at...
# http://rmprepusb.blogspot.co.uk/2014/08/add-desinfect-2014-persistent-virus.html and use sudo rsync -avHP /opt/desinfect/signatures/ ss/ --exclude swap.img   to copy the signatures


iftitle [if exist $HOME$/ct_desinfect_2017_18.iso] Desinfect 2017 + Updates\n Boot using .mnu file with persistent updates
set ISO=ct_desinfect_2017_18.iso

if exist CD echo WARNING: Cannot use partnew command! && pause && configfile (bd)/menu.lst
if "%E2BDEV%"=="" set E2BDEV=hd0 && pause E2BDEV forced to hd0!
set PER=/desinfect-rw
#enable parttype output
debug 1
parttype (%E2BDEV%,2) | set check=
debug off
set check=%check:~-5,4%
# make empty table entry in 3rd position in ptn table
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0 0 0
if not "%check%"=="0x00" echo WARNING: PTN TABLE 3 IS ALREADY IN USE - PERSISTENCE MAY NOT WORK! && pause
debug 1
if not exist %PER% echo WARNING: %PER% persistence file not found! Press a key to continue... && pause
errorcheck off
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0x0 %PER% && echo -e PERSISTENCE FOR UPDATES IS ENABLED\n\n
errorcheck on

#Language
set L=debian-installer/language=de console-setup/layoutcode?=de
echo
set ask=
set /p:3 ask=Press E and [Enter] for English (within 3 seconds)... 
echo
if /i "%ask%"=="E" set L=

#Set language by uncommenting line below and changing it as required
#set L=debian-installer/language=en console-setup/layoutcode?=en

#map ptn 4 to ISO
partnew (%E2BDEV%,3) 0x0 $HOME$/%ISO% > nul
map $HOME$/%ISO% (0xff) > nul
map --hook > nul
root (0xff) > nul

set A=file=/cdrom/preseed/ubuntu.seed boot=casper 

if exist /software/desinfect.iso set B=iso-scan/filename=
if exist /software/desinfect.iso set INTISO=/software/desinfect.iso
if exist INTISO if not exist %INTISO% echo ERROR: INTISO is set to %INTISO% but it is not present inside %ISO% && pause
echo

set C=quiet splash memtest=4 

#mode = native=nonet xfce easymode or none = unity or nomodeset
#options are: nonet xfce easymode nomodeset
echo N = Native (no net)
echo X = xfce
echo S = Safe (nomodeset)
echo E = Easymode
echo U = Unity Desktop
echo 
set ask=X
set /p ask=Choose mode ([X],N,S,E,U) : 
echo
if /i "%ask%"=="X" set mode=xfce
if /i "%ask%"=="S" set mode=nomodeset
if /i "%ask%"=="E" set mode=easymode
if /i "%ask%"=="U" set mode=
if /i "%ask%"=="N" kernel /casper/vmlinuz nonet && initrd /casper/initrd.str && boot

#pause kernel /casper/vmlinuz %A% %B%%INTISO% %C% %mode% -- %L%

kernel /casper/vmlinuz %A% %B%%INTISO% %C% %mode% -- %L% > nul
initrd /casper/initrd.lz > nul
boot

Desinfect 2018/2019

Note: The first release from c't magazine issue 2018_12 is buggy. It does not make a working USB flash drive when using the linux desktop icon. It can be fixed by:
Boot from USB flash drive made using linux desinfect2018 (not WinImage).
cd /media/desinfect/desinfSIGS ls -a sudo chmod 666 .desinfect2017 sudo mv .desinfect2017 .desinfect2018
then reboot
Once you have a working USB Flash drive with  'Signaturen auf USB' showing, you can follow the instructions for 2017 version, but you will need at least 4200MB for the desinfect-rw file!

Use the Desinfect_2018.mnu file in E2B v1.99g or later.

Version 2018 has 32-bit and 64-bit linux versions and a 64-bit UEFI version.

The .mnu file will allow you to MBR-boot 32 or 64-bit.

Desinfect 201819/2019_12


This later version uses a marker file of .desinfect201819 and the internal ISO files are also named *201819*.

The process is the same as described above but you must use the new desinfect_201819_with_Updates.mnu file in E2B v1.A4 and later (which can also be used for the older 2018 desinfect ISO and the 2019_12 May\June 2019 ISO).

When you prepare the ext file the size must be larger than 3700 MB (I used 4200 MB but that was just a guess).  2019_12 seems to use about 2.8GB of the persistence file so 3.5GB should be enough.

MBR and UEFI-booting from 2018/2019 versions

I did have this working (after doing step 6) but now I cannot get it to work! I am not sure why it stopped working but I include it here in case you want to try it!

The Desinfect flash drive must contain a \EFI folder and you should check that it UEFI-boots OK first.

1. Make a new FAT32 .imgPTN file from the Desinfect flash drive (not the E2B drive) - e.g. Desinf2019_12.imgPTN.
2. Copy the new Desinf2019_12.imgPTN file to the E2B \_ISO\ANTIVIRUS folder.
3. Move the ext file desinfect-rw to the E2B \_ISO\ANTIVIRUS folder and rename it to Desinfect2019_12  (not dot in name or extension).
4. Make all files contiguous.
5. Use Switch_E2B to switch in the images - say Yes to re-order the two files if prompted. For UEFI, the two files need to be in the correct order. A partition type of 0x83 can be used for the second partition. Once the images are in the correct order, you can use the E2B menu to select the .imgPTN file or use SWITCH_E2B.exe.
6. Now use a utility such as EaseUS Home Partition Master to change the volume label of the E2B drive to desinfDATA  - note that this has lower- and upper-case letters! Do NOT use Windows Properties to change this because it will change the letters to all upper-case. DESINFDATA will not work (?) and you will get a "(initramfs) unable to find a medium containing a live file system" boot error.

You should now be able to MBR and UEFI64 boot with persistence (except it is no longer working for me again!).


Note: Booting to Desinfect seems very hit and miss! Here is a log of my attempts at booting in VBox which either worked or just showed endless dots using exactly the same boot method each time.

X = fail, g=good:

XXXXgXXgXXXgX


So the bottom line is, don't just try it once - repeat each test 6 or more times!




Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.

No comments:

Post a Comment