Our system is a bit of a hack that I developed to solve the same problem. It's essentially Ubuntu with a highly modified front-end interface and some custom back-end bash scripts.
It's most useful in an active-directory environment that uses folder-redirection. Also, you really need to use group-policy to block access to USB mass storage devices. I really need to upgrade and refine the system a bit, but here's the current feature-set: 1) A button on the screen connects users to their windows My Documents network share (folder-redirection location) using A/D authentication. Once connected, they get two icons on the desktop. One represents their My Documents folder (read only mode) and the other represents an auto-generated folder inside their My Documents called UPLOAD (read/write). The user, therefore, cannot accidentally or maliciously delete anything in their My Documents from this workstation. They can only read/write in the UPLOAD directory within their My Documents. 2) There is a second button which disconnects the users My Documents share after scanning the UPLOAD folder for viruses using ClamAV. The process is a bit backwards here at the moment as files should be scanned before being placed in upload, but whatever, it works for now :) 3) There is a third button which initiates a ClamAV instance that automatically scans and cleans all attached removable USB media for viruses. Any infected files are moved to a temporary store on the kiosk and stay there until that store is later cleaned/deleted. 4) A Firefox button for web-browsing -- the kiosk has permanent access to the Internet (it bypasses our captive-portal) 5) A button for the "Downloads" folder -- everything that gets downloaded in Firefox ends up here. 6) It's hooked up to network printers, has a copy of Microsoft Office AND Open Office, so people can work on their presentations, documents, etc before e-mailing them or printing them from this workstation. 7) The system has a CD/DVD burner for whatever purpose. 8) Multiple users can connect to their My Documents shares simultaneously, allowing drag-drop transfers of files between users. It's a hard-hack at the moment, but could be configured to work in your environment with a few slight modifications. Let me know if you want a Remastersys ISO copy, I'll be glad to upload one to our website for you to download. Regards, Kyle Spencer, Head of Information Technology, International Medical Group On Wed, 2010-03-24 at 10:19 +0300, Simon Vass wrote: > Yes Kyle has implemented such a system at his office, that main this is you > also need to block all USB devices on the clients to prevent circumvention, > and yes you still need good AV software. I think it has done a lot to help > clean the companies USB sticks prior to them copying any data to and from the > network. In addition to the added bonus of being able to control data > security. as it is all logged. > > > > > > Simon Vass > Technical Manager > E-Tech Uganda Ltd > > http://www.etech.ug > Tel: +256 (0) 312260620 or (0) 312260621 > email: [email protected] > skype: e-techservicedesk > > > ----- Original Message ----- > From: "Gipukan" <[email protected]> > To: "Linux Users Group Uganda" <[email protected]> > Sent: Tuesday, March 23, 2010 11:49:41 PM GMT +03:00 Iraq > Subject: [LUG] A linux virus cleaning machine for the windows environment > > Hey good lugers, > > Does anyone use a linux eg ubuntu box to clean usb stick's of viruses > before the stick is used in a windows machine? > > There is an office that needs to use windows sadly to do their work and > about every day a new infection get's in via usb. All machines run > avg/f-secure/norton that still let through some e.g. new viruses. I'm > hoping that a linux solution would work with avast or equal. > _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
