chinny22 wrote on 2024-01-09, 23:43:So you have something like a PXE server setup to do AV scans, I've never thought of that and is a pretty good idea!
I mean I'm n […]
Show full quote
progman.exe wrote on 2024-01-06, 00:32:
I also use AV rescue CDs, and those I could get network booting are offered off my boot server. Kaspersky's one still updates virus definitions, some do not update and others
So you have something like a PXE server setup to do AV scans, I've never thought of that and is a pretty good idea!
I mean I'm never going to do it as I don't see the need for AV on offline machines (and still haven't set up PXE for OS rollouts yet which I do want to do)
but can appreciate the elegance of the setup.
Yes, the PXE server (the three services of DHCP, TFTP and HTTP) has turned out to be useful.
One thing I have done is made a custom version of Debian live, a minimal OS for system recovery with the tools I'd want and pre-configured for my LAN/servers. All the PCs on the LAN that have hard drives are set to boot off the LAN, 2nd. So if an HDD fails in a PC and the machine reboots, it will boot into the recovery system and be present on the LAN for troubleshooting.
I don't think I ever aimed to put AV on the boot server. I think I realised it might be possible because I had got to the point of getting near arbitrary distros network booting, and things like Kaspersky AV are just Gentoo underneath. Maybe I saw some something about how to netboot AV CDs, and thought I'd try it because I have a PXE system, can't remember.
That link you posted had a few more live AV products, thanks for that. I've tried a few of them in a virtual machine, ISO booting, and likely will try and cram a couple more onto my boot server.
OS installs from the LAN are very convenient, too. Combined with ISO auto-mounting you barely need much more space for the boot system (generally only the kernel and initrd need copying out of an ISO. And mostly copy the boot options from the ISO's bootloader config, with something to tell it to get the rootfs off the LAN (that detail usually will need some reading of The Fine Manual)).