Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-30-2006, 11:17 PM
|
#1
|
|
Member
Registered: Nov 2004
Location: Portland, Oregon
Distribution: Ubuntu
Posts: 114
Rep: 
|
clamav detected Java.Downloader.OpenStream.A - what now?
Hello~
I'm running FC5 with Gnome. I ran clamav with the following results:
Code:
//home/chris/.java/deployment/cache/javapi/v1.0/jar/javainstaller.jar-5aa0b436-7d48e07f.zip: Java.Downloader.OpenStream.A FOUND
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: Ignoring empty field in " charset="
----------- SCAN SUMMARY -----------
Known viruses: 48836
Engine version: 0.88.1
Scanned directories: 18419
Scanned files: 157213
Infected files: 1
Data scanned: 6560.12 MB
Time: 4288.509 sec (71 m 28 s)
I googled the virus and found its a Windows virus (surprise?). This is the first virus I've gotten on Linux box. Can I just delete it? Where should I go from here? |
|
|
|
|
05-01-2006, 04:09 PM
|
#2
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
considering that you are sure it's a windows virus (you are sure, right?), and considering it's located in your home directory, i'd say you just need to clear your ~/.java directory and you'd be set...
how'd you get this, through firefox?? to prevent this kinda stuff from getting downloaded i recommend you either disable java in your firefox or install the noscript extension so that java only works on sites you trust... http://www.noscript.net/
just my  ...
PS: i did a quick google and this seems to be more like windows spyware than a virus...
Last edited by win32sux; 05-01-2006 at 04:49 PM.
|
|
|
|
|
05-01-2006, 04:10 PM
|
#3
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
considering that you are sure it's a windows virus (you are sure, right?), and considering it's located in your home directory, i'd say you just need to clear your ~/.java directory and you'd be set...
how'd you get this, through firefox?? to prevent this kinda stuff from getting downloaded i recommend you either disable java in your firefox or install the noscript extension so that java only works on sites you trust... http://www.noscript.net/
just my ...
PS: i did a quick google and this seems to be more like windows spyware than a virus...
EDIT: sorry about the double post - i hit the submit button and waited for like 15 seconds but nothing happened so i hit it again thinking i hadn't hit it right and well here's the result... i guess the website is under heavy load and stuff, cuz even this edit is taking a huge amount of time to get through...
Last edited by win32sux; 05-01-2006 at 04:50 PM.
|
|
|
|
|
05-01-2006, 04:25 PM
|
#4
|
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep: 
|
I'm pretty sure it is written for MS Java and harmless with Sun Java even under Windows.
|
|
|
|
|
05-01-2006, 04:53 PM
|
#5
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
also, it wouldn't hurt to check your ~/.bash_profile to make sure none of this is/was getting auto-loaded from there... this is in case the malware somehow found a way to break-out of the java sandbox or something like that - which is quite unlikely if you are running the latest stable version of java...
|
|
|
|
|
05-02-2006, 12:32 AM
|
#6
|
|
Member
Registered: Nov 2004
Location: Portland, Oregon
Distribution: Ubuntu
Posts: 114
Original Poster
Rep:
|
Thanks for all the responses. I've deleted ~/.java and my bash profile looks normal.
I use only firefox. Though, I admit I had been browsing some internet backwoods more than usual this week looking for some perl and php scripts and researching some political extremist groups. That was the only thing different in my usage... that could have been the issue.
Thanks for the noscripts extension tip. I had previously disabled that stuff, but a lot of browsing I do is for work and involves local government websites. They tend to be pretty poor and filled with poorly implemented junk. So I turned it back on.
As far as Java goes, after many unsuccessful attempts following the advice of others, I used Stan Finley's instructions http://stanton-finley.net/fedora_cor...otes.html#Java
That used jre 5 update 6.
Thanks again. |
|
|
|
All times are GMT -5. The time now is 08:32 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
