Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got a partition that holds a knoppix.iso that I rebuild now and again, also use it as a backup for my usb stick. Last night I ran clamav against my complete machine and it reported -
//spare2/knoppix/3.6/KNOPPIX/KNOPPIX: Trojan.URLspoof.gen FOUND
//spare2/knoppix/knoppix36.iso: Trojan.URLspoof.gen FOUND
This morning I ran clamav against -
my latest knoppix CD;
just the /spare2 directory
the complete machine
in none of the above did clamav find the URLspoof
I also ran Norton against the CD and again nothing!
Thanks for the quick response. Should have looked at the error logs first.
In clamav-update error log started to get the following some time between 15/10/2004 and 31/10/2004 -
ClamAV update process started at Tue Nov 23 11:45:01 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3, builder: tomek)
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
daily.cvd is up to date (version: 601, sigs: 782, f-level: 3, builder: trog)
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
Updated from 0.71 to 0.80 so that clamav-update is ok now. Will be running another scan this evening.
The clamav-update log looks like this now -
ClamAV update process started at Tue Nov 23 12:29:49 2004
main.cvd updated (version: 28, sigs: 26630, f-level: 3, builder: tomek)
daily.cvd updated (version: 601, sigs: 782, f-level: 3, builder: trog)
Database updated (27412 signatures) from database.clamav.net (147.229.3.16).
which looks ok to me. Still don't understand where URLspoof came from or went! One of life's mysteries I suppose. Until the next scan!
Given the fact that a false-positive bug was found (i.e. a bug that reports a virus even though it isn't there), I suspect that you never had a urlspoof in the first place.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.