How The Raspberry Pi USB Malware Scanner Works
How the Raspberry Pi USB Malware Scanner Works
A Raspberry Pi USB malware scanner is a device that uses a Raspberry Pi, which is a low-cost, credit-card-sized computer, and an open source anti-virus software called ClamAV, to perform AV scan on USB drives once they are plugged into the device. This can help prevent the spread of malware from infected USB drives to other computers or devices.
What You Need to Build a Raspberry Pi USB Malware Scanner
To build your own Raspberry Pi USB malware scanner, you will need the following components:
A Raspberry Pi board (any model will do, but we recommend the Raspberry Pi 4B for better performance)
A microSD card (at least 8GB) with Raspbian OS installed
A power supply for the Raspberry Pi
A USB hub (preferably powered) with at least two ports
A USB flash drive (to store the scanned files)
An LED (optional, for indicating the scan status)
A resistor (optional, for limiting the current to the LED)
Some jumper wires and a breadboard (optional, for connecting the LED and the resistor)
How to Set Up the Raspberry Pi USB Malware Scanner
Once you have all the components ready, you can follow these steps to set up your Raspberry Pi USB malware scanner:
Connect the USB hub to one of the USB ports on the Raspberry Pi.
Connect the USB flash drive to one of the ports on the USB hub. This will be used to store the scanned files.
If you want to use an LED to indicate the scan status, connect it to a GPIO pin on the Raspberry Pi using a resistor and some jumper wires. For example, you can connect the anode (longer leg) of the LED to GPIO 18 and the cathode (shorter leg) to GND using a 330 ohm resistor. You can use any other GPIO pin as long as you modify the code accordingly.
Power up the Raspberry Pi and log in using SSH or a keyboard and monitor.
Update and upgrade your system using the following commands:
```bash sudo apt update sudo apt upgrade ```
Install ClamAV and its dependencies using the following commands:
```bash sudo apt install clamav clamav-daemon clamav-freshclam sudo freshclam ```
Create a folder on your USB flash drive to store the scanned files. For example, you can create a folder called "scanned" using this command:
```bash sudo mkdir /media/pi/USB/scanned ```
Create a Python script that will scan any USB drive that is plugged into the USB hub and copy the scanned files to the folder on your USB flash drive. You can use any text editor or IDE to write your code. Here is an example of how your script might look like:
```python import os import subprocess import time import RPi.GPIO as GPIO # Set up GPIO pin for LED (change this according to your wiring) LED_PIN = 18 GPIO.setmode(GPIO.BCM) GPIO.setup(LED_PIN, GPIO.OUT) # Set up paths for ClamAV and scanned folder (change these according to your setup) CLAMAV_PATH = "/usr/bin/clamscan" SCANNED_PATH = "/media/pi/USB/scanned" # Define a function that will scan a given path and copy the scanned files to the scanned folder def scan_and_copy(path): # Turn on LED to indicate scanning GPIO.output(LED_PIN, True) # Run ClamAV scan on the given path and save the output to a variable output = subprocess.check_output([CLAMAV_PATH, "-r", path]) # Print the output to the console print(output.decode()) # Copy all files from the given path to the scanned folder, preserving attributes and permissions subprocess.call(["cp", "-rp", path + "/*", SCANNED_PATH]) # Turn off LED to indicate scanning is done GPIO.output(LED_PIN, False) # Define a function that will check if a USB drive is plugged in and return its path def check_usb(): # List all mounted devices and save the output to a variable output = subprocess.check_output(["lsblk"]) # Split the output by lines and loop through them for line in output.splitlines(): # Decode the line and split it by spaces line = line.decode().split() # Check if the line contains "sd" (indicating a USB drive) and "media" (indicating it is mounted) if "sd" in line and "media" in line: # Return the path of the USB drive return "/media/pi/" + line # Return None if no USB drive is found return None # Main loop while True: # Check if a USB drive is plugged in usb_path = check_usb() # If a USB drive is found, scan it and copy the scanned files if usb_path: scan_and_copy(usb_path) # Wait for 1 second before checking again time.sleep(1) ```
Save your script as "usb_scanner.py" or any name you like.
Make your script executable using this command:
```bash chmod +x usb_scanner.py ```
Run your script using this command:
```bash sudo ./usb_scanner.py ```
Now you can plug any USB drive into the USB hub and wait for the LED to turn on and off. The scanned files will be copied to the folder on your USB flash drive. You can also check the console output for any malware detection or errors.
Congratulations, you have successfully built your own Raspberry Pi USB malware scanner!
The following sources were used to create this article:
[Raspberry Pi can now detect malware without any software]
[CIRCL CIRCLean - USB key sanitizer]
[How the Raspberry Pi USB Malware Scanner Works]