Update Avira AntiVir Rescue System (to new version)

[Bandit]

I made a tutorial yesterday about fixing up the AntiVir Rescue System already on the UBCD, but what I really wanted was the latest version. If you ONLY want to update the VDF files and/or fix the DEMO MODE error, please see my tutorial here.

NOTE: This tutorial is meant for flash drives and would have to be slightly modified for CD.

Here is the tutorial for outfitting your UBCD with the latest AntiVir Rescue System.
1. Download a copy of the AntiVir Rescue System (.iso version) - Direct Link
2. Extract the files to a folder where you can easily access them (using i.e. WinRAR)
3. Go to your flash drive and delete the folders "antivir" and "ubcd/boot/antivir"
4. Go into the extracted antivir iso folder and copy "antivir" and "system" over to the root folder of your flash drive
5. Go to "ubcd/boot/" and create a folder called "antivir"
6. Copy boot.cat, initrd.gz, isolinux.cfg, vmlinuz, and welcome.msg to "ubcd/boot/antivir"
7. Rename isolinux.cfg to syslinux.cfg (OR change "ubcd/menus/syslinux/others.cfg" to reflect new cfg name)
8. Boot into UBCD on a computer to see if it works!


Additional Note: If you get "Self Check Failed," it means you didn't follow the tutorial closely enough and you messed something up.

You can update the virus definitions by going to http://www.avira.com/en/support-vdf-update-info and selecting "Download VDF (multiple VDF)". You can then drop the new .vdf files into "antivir" on the root of your flash drive.

[ady]

@Bandit,

Thank you for sharing. Can you post a link to the original topic at Avira's forum?

Is the "system" folder/directory really needed? Is there any way to avoid it? Or maybe at least reduce its size? Maybe not ALL the subfolders under "system" are needed?

TIA.

[Bandit]

@Bandit,

Thank you for sharing. Can you post a link to the original topic at Avira's forum?

Is the "system" folder/directory really needed? Is there any way to avoid it? Or maybe at least reduce its size? Maybe not ALL the subfolders under "system" are needed?

TIA.

What original topic at Avira's forum?

The system folder is required or you'll get a "Self Check" failure.

[ady]

What original topic at Avira's forum?

Can you post a link here to the original discussion/topic at Avira's forum where they comment about customizing Avira Rescue System?

The system folder is required or you'll get a "Self Check" failure.

Well, before you, there were other reports here stating that the "update" folder (or similar, I currently don't remember exactly the name) should also be included, and now we know it is not really necessary (in the sense that there is not "Self-check" error).

My point is that most of the "system" folder is dedicated for fonts. Isn't there anything that can be left out, and still avoid the "Self-check" error?

In addition, having to add almost all those folders (about 90% of the total original size of Avira) and customizing UBCD like that is not so time-effective. The method should work, and it would avoid the "self-check" error, but adding the complete Avira's ISO image "as-is" takes only about 20MB more than your method, and the user doesn't need "so much" customization.

Please don't get me wrong. Your method should work, and I think that users appreciate your contribution. My intention is to try to find out if it is possible to make it work without adding so many MBs to UBCD.

Just for a general reference, UBCD 5.0.3 is about 300MB (which includes the old Avira), and Avira is about 220. With your customization, Avira would be about 200MB, and more than half of those is used under the "system" folder . The total combination should be less than a complete CD, but still, adding more than 110MB for "extra" (the "system" folder) seems, IMHO, too much in relation to the original 300MB of UBCD (about 255MB with no Avira at all).

So, your method is welcome. Is there anything that can be improved? (That's why I ask for a link to the original topic, wherever the discussion was resolved, or if you yourself could provide here with an improvement, even better .)

[StopSpazzing]

NOTE: This tutorial is meant for flash drives and would have to be slightly modified for CD.

I don't think it was planned to be for a CD ady, hence why he posted this. Im sure it can be modified.

[ady]

NOTE: This tutorial is meant for flash drives and would have to be slightly modified for CD.

I don't think it was planned to be for a CD ady, hence why he posted this. Im sure it can be modified.

StopSpazzing, I *DID*. I indeed modified it for CD and tested it under a VM. Still, the "problem" I described is still relevant. I don't post my modification, because if the "system" folder can't be reduced (or better yet, eliminated), the method is almost irrelevant.

I hope Bandit can share some light on this "system" folder.

[Bandit]

I haven't tried to play around with the system folder too much, but it may be possible to integrate it into the compressed filesystem. As for not booting straight from the iso, I couldn't get the iso to boot correctly. I would get the "self check error" and I decided it may be easier to just integrate it into ubcd.

As far as I know, there is no topic on Avira's forum. All I did was take their latest iso and move the new folders onto the ubcd into the proper places.

Since you guys seem interested, I'll try to integrate the system folder into the main compressed filesystem so that it will decrease it's size. I'll let you know what I find out.

[ady]

I couldn't get the iso to boot correctly. I would get the "self check error" and I decided it may be easier to just integrate it into ubcd.

I'm not sure I understood this. You download the Avira iso, and "as-is" it gave you a "self-check" error? Including the complete iso, "as-is", into UBCD shouldn't give you an error. This is different from expanding the Avira iso and copying the complete tree into UBCD. The complete ISO image, as an iso image (not expanded) should NOT give an error. Of course, the syslinux/grub4dos menu to be added to UBCD is different for this case.

As far as I know, there is no topic on Avira's forum. All I did was take their latest iso and move the new folders onto the ubcd into the proper places.

Since you guys seem interested, I'll try to integrate the system folder into the main compressed filesystem so that it will decrease it's size. I'll let you know what I find out.

Or maybe there is a way to avoid duplicated packages. Since UBCD already has PartedMagic, maybe there is a way to use it, instead of adding the complete "system" folder.

Still, the "problem" of the "system" folder is its size, which is mostly "fonts".

Anything that makes Avira smaller, but with no "self check" errors, would be useful.

Just for comparison, AVG rescue CD is less than 90MB, against the 220MB of Avira (in both cases, those sizes include their respective antivirus databases).

[Bandit]

Ok, here's the lowdown on the system folder. It is a folder containing large files that were left out of the compressed filesystem. Why? Well, it is faster and more memory efficient to keep the large files uncompressed. Those large files are just symlinked so they stay on disk and never get loaded into RAM.

However, it IS possible to compress the system folder to get it around half the size. My Mac is reporting 118.6 MB uncompressed and 52.3 MB compressed (tar + gunzip). Would that be sufficient enough?

Let me know if that'll work for you and I'll post the steps on how to get it all working.

EDIT: Also note that my method involves loading the whole system directory into RAM which adds on a little time to the startup (not much) and takes up around 120 MB of RAM (so it'll prevent you from running it on old hardware)

From my calculations, AntiVir goes from around 75MB to 144MB (w/ compressed system folder) which is about double the size... I wonder what all changes they made to warrant the extra 69MB.

[ady]

However, it IS possible to compress the system folder to get it around half the size. My Mac is reporting 118.6 MB uncompressed and 52.3 MB compressed (tar + gunzip). Would that be sufficient enough?

Let me know if that'll work for you and I'll post the steps on how to get it all working.

I just want to understand. Are you asking me to simply transform "system" to "system.tar.gz" ? Then what? How Avira is going to know that "system" is now "system.tar.gz"? Should I change something in the syslinux/grub4dos files?

About the size, each user can have an "acceptable" size. Most of the files in "system" are several fonts; that's why you can compress them to about 50%. This would make Avira about 150 MB, without the "update" function. I am not the developer of UBCD (Victor is), but my guess is that UBCD won't include by default a 150MB to 170MB Antivirus, being UBCD's size 255MB without Avira. It still could be a valid customization for some users.

With the "update" function included, Avira is 15 to 20 MB bigger, which means 220MB originally, and 170MB if "system" is compressed (against less than 90MB of AVG).

Now, "system" also contains network "drivers", and without the "upgrade" function (as you presented it in your first post of this topic), those "drivers" have no use.

About the changes between the previous Avira and the current one, there are several points.

The new one uses the "new" database (32 files) instead of the old one (4 files). This is not actually changing so much the total size anyway.

The previous Avira used a more "simple" Linux. Now it seems to require those fonts (which are using most of the "system" folder size). The "system" folder (without compression) is about half of the total 220MB.

Avira now includes more languages, while previously there were only German and English.

The new Avira includes some additional tools (not really needed when merging it with UBCD ).

The previous Avira was "merge-able" with PartedMagic, already included. The new one has the "self-check" protection, which is a good safety feature, but probably prevents it from being "merge-able".

Let me know if I understood correctly about simply compressing "system" to "system.tar.gz", and what to do after compressing it. If no other change is needed (including its location), I'll give it a try as an ISO image booting a VM. Just let me know.

[Bandit]

If you want to change system/ to system.tgz, then you have to edit /etc/init.d/rescue/boot in the compressed filesystem (initrd.gz) and have system.tgz extracted to memory (I used /tmp).

Sample /etc/init.d/rescue/boot file (whole file not included)

Code: Select all

#!/bin/ash

umask 022
DBGTTY=/var/log/boot_log.txt
FILE_SELFCHECK_PASSED="/tmp/boot_selfcheck_passed"
SYSTEMINFO_FILE="/tmp/sysinfo.txt"
export PATH="/bin:/AntiVir:/usr/bin:/lib"
export TERM="linux"
SYSTEM_FOUND="0"
FILE_FILECHECKERROR=""

mount -t proc none /proc       >> ${DBGTTY} 2>&1
mount -n -t sysfs sysfs /sys   >> ${DBGTTY} 2>&1
mount -t tmpfs tmpfs /tmp      >> ${DBGTTY} 2>&1
mount -t tmpfs tmpfs /AntiVir  >> ${DBGTTY} 2>&1
cp /etc/init.d/rescue/resources/hbedv.key /AntiVir >> ${DBGTTY} 2>&1
echo /bin/mdev >/proc/sys/kernel/hotplug

selfcheck ()
{
        #echo "-------------------------Starting self check!-----------------" #>> /tmp/myOwnDBG.txt
        #look for system/usr
        echo "XXX"
        echo "Performing self check..."
        echo "XXX"
        echo "0"
        #echo "-------------------------Starting self check!-----------------"#>> /tmp/myOwnDBG.txt

        PERCENT=$( cat /etc/system.md5 | wc -l)
        CURRCOUNT=0
        STATE=0

        for i in $(ls /media/Devices); do
                #echo "Strting loop for device ${i}" >> /tmp/myOwnDBG.txt

                if [ ! -f /media/Devices/${i}/system.tgz ]; then continue; fi

                cd /tmp
                cp /media/Devices/${i}/system.tgz /tmp/
                tar -zxf system.tgz
                rm system.tgz
                cd /tmp/system

                MD5_ERR="0"
                CURRCOUNT=0
                STATE=0
                cat /etc/system.md5 | while read MD5_SUM FILENAME; do

                        STATE=$(expr ${CURRCOUNT} / ${PERCENT})
                        CURRCOUNT=$(expr ${CURRCOUNT} \+ 80) # we just go up to 80%
                        echo "${STATE}"

                        MD5_SUM_REALLY=$( md5sum ${FILENAME} | cut -f1 -d' ' )

                        echo "XXX"
                        echo "Performing self check for $(basename ${FILENAME} )"
                        echo "XXX"

                        [ "${MD5_SUM_REALLY}" = "${MD5_SUM}" ] && continue

                        # md5 does not match
                        MD5_ERR="1"
                        FILE_FILECHECKERROR=${FILENAME}
                        touch /tmp/md5err.txt
                        echo "MD5 Error for file < ${filename} >" >> /tmp/md5err.txt
                        break
                done

                [ "${MD5_ERR}" -ne "0" ] && continue
                touch "${FILE_SELFCHECK_PASSED}"
                echo "${i}" > /var/run/system_device

                CURRCOUNT=0
                STATE=80
                cat /etc/system.md5 | while read MD5_SUM FILENAME; do

                        STATE=$(expr ${CURRCOUNT} / ${PERCENT} \+ 80)
                        CURRCOUNT=$(expr ${CURRCOUNT} \+ 20) # no we go from 80 up to 100%
                        echo "${STATE}"

                        mkdir -p $(dirname /${FILENAME} )                         >/dev/null 2>&1
                        ln -s /tmp/system/${FILENAME} /${FILENAME} >/dev/null 2>&1
                        echo "XXX"
                        echo "Creating symlink for $(basename ${FILENAME} )"
                        echo "XXX"
                done

                /bin/sh /etc/init.d/create_system_links.sh /tmp/system/

                break;
        done
}

As you can also see, this file (above) contains the self check code and is modified to extract system.tgz to /tmp



EDIT: I was browsing around and saw this:

The fact that you need \system and \avupdate in the UBCD root directory sucks, and I haven't found a way to move it elsewhere (you'll get self-check failed). If anyone knows the trick, pray tell.

"avupdate" is optional AFAIK. I didn't include it on my USB and everything works. As for system, you CAN move it to a different directory if you edit the file (quoted above) to reflect the new path. Also, if you guys tell me what you want modified, I'd be more than happy to help out to get the new AntiVir running for the next version of UBCD.

[ady]

EDIT: I was browsing around and saw this:

The fact that you need \system and \avupdate in the UBCD root directory sucks, and I haven't found a way to move it elsewhere (you'll get self-check failed). If anyone knows the trick, pray tell.

"avupdate" is optional AFAIK. I didn't include it on my USB and everything works. As for system, you CAN move it to a different directory if you edit the file (quoted above) to reflect the new path. Also, if you guys tell me what you want modified, I'd be more than happy to help out to get the new AntiVir running for the next version of UBCD.

Yes, as I mentioned in this same topic, "avupdate" is optional. I tested both possibilities (with and without it). But let's think about the whole procedure for a moment.

A user would have to download Avira, expand it, modified it, transfer the folders to an expanded UBCD, modified several configuration files of UBCD, and remaster the customized UBCD.

If the user doesn't add "avupdate", this customized UBCD is not even update-able (in regards to Avira). And in the best case scenario, is still bigger (in size) than other simpler solutions.

So, my personal conclusion, up to this point, is that Avira Rescue CD (or UFD) is not the best choice for customizing UBCD. This is NOT because the "self-check error", which is a valid safety feature. This is because the "bloatware" of the "system" folder.

It is still possible to use them together, either by this method presented by Bandit (with or without "avupdate"), by adding the whole Avira ISO to UBCD with the correct syslinux/grub4dos configuration files, or using a third party tool (like SARDU for example).

Of course, this is my personal opinion, and if the "system" folder can be (almost) avoided (reducing more than 115MB from the 220MB of Avira) with very simple reliable steps, then Avira could/may be again added to UBCD in future releases. Again, IMHO, which is not the one that really counts in this matter.

In any case, thanks to Bandit.

[Bandit]

Just wanted to let you guys know, I'm going to work on reducing Avira's size. Once I get the free time, and eventually figure it out, I'll be sure to post here so it can be added to the next UBCD.

[Victor Chew]

In the next alpha release that I am currently working on, I am thinking of removing both Avira and AVG and make them customization options.

Recently, many antivirus/anti-malware liveCDs have been introduced (see SARDU) and it doesn't make sense to include one and not the others.

Plus we already have ClamAV and FProt on Parted Magic...

[ady]

In the next alpha release that I am currently working on, I am thinking of removing both Avira and AVG and make them customization options.

Recently, many antivirus/anti-malware liveCDs have been introduced (see SARDU) and it doesn't make sense to include one and not the others.

Plus we already have ClamAV and FProt on Parted Magic...

In general, I agree with Victor about this. If a user wants to use UBCD and some security tool together, there are relatively "simple" ways to merge them, either as Bandit proposed for Avira, or with 2 ISOs.

Using UBCD with a security tool in an optical media is not "so" useful. UBCD is updated much less frequently than a security tool needs to be. It is much useful in a UFD, and as mentioned, this is "easy" merge-able with whichever security tool each user would prefer.

Particularly, in the case of Avira, previous versions were "acceptable" in size, but 220MB "just" for a Linux-based security tool (while there are other Linux-based security tools that are less than half that size) seems "too much" in relation to the total size of UBCD.

I would like to suggest, if anyone is interested , to add some tutorials to the UBCD Wiki, with the latest Avira and AVG as first examples. They would need different tutorials, because they are too different in the "merging" process.

About F-prot (and xfprot) and ClamAV, they also need to be updated/upgraded to their respective latest stable versions in PartedMagic (in the modules, actually). To be clear, I am talking about their respective versions; not the antivirus' databases which are update-able with the included scripts in UBCD.