Mailinglist Archive: opensuse (686 mails)

< Previous Next >
[opensuse] Malware on Disks
Hi Folks,

I occasionally have to certify that brand new SATA disks
don't contain any malware. The concern is of course for
MS Windows threats, but policy doesn't care about subtle
distinctions, it wants a "scan" to be done on the disks.

Of course one test would be to use fdisk to make sure there's
no disk partition label, the presumption being that no label ==
no filesystem == no malware. You need a filesystem to run a
"scan". But is this strictly true?

Could the "raw" device contain a filesystem that Windows would
see? For example, instead of doing mkfs /dev/sda1, do mkfs /dev/sda.
We can then "mount /dev/sda" in Linux, but what about Windows?

Also, could there be something bad in the MBR that could point
to a filesystem not present in the partition table?

Maybe the safest course is to zero both the MBR and the label
with dd?

If it matters, the target disks are all SSD's.


To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >