Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey. That will be probably a newbie question, so I'm sorry for triviality.
I lately start taking care about my laptops health and scan it with clamav. Besides viruses witch are easy to get rid off ("rm" or "mv ), clamav is reporting total errors. And last time I scan there was 22923 total errors find!
That make me really worry, and thats probably the reason of loud radiator work. Anyways, I have no idea how to fix thous errors, is there any way to find out more about them by using clamav or some other tool? Do i need to fix them all by hand or is there some easy way to do this?
I been searching the web before for that but find nothing.
No, I don't use the GUI (I'm comfortable with the terminal, even if I seem not technical, I work witch terminal every day)
Yes, I did scan the "/"
No, I didn't use PUA, but I enabled UFW on that PC some days ago after I saw that rapport.
So you mean I should scan only "~/"? What about viruses that get into root directories? And why not using root privilege, are you sure no viruses and errors have them ?
After scanning only the $HOME directory I got no "Total Errors" summary. And only infected files are some test files from clamav download. So I guess it's fine. I will be grateful for someone who explains why do thous errors appear when I scan the system from the root directory.
Whole raport:
Quote:
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-yc.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-petite.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.tnef: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-fsg.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ea06.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-nsis.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.szdd: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.zip: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-mew.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-upack.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.d64.zip: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ole.doc: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.mbox.base64: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-aspack.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_ISmsi_ext.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.mail: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clam.isoaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clamjol.isoaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clam_IScab_ext.exeaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clam_IScab_int.exeaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ea05.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.sis: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.impl.zip: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.rtf: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_IScab_int.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-wwpack.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.cab: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_ISmsi_int.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.mbox.uu: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.tar.gz: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-upx.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.odc.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.iso: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.bin-le.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clamjol.iso: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.binhex: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.chm: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.7z: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_cache_emax.tgz: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_IScab_ext.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.bin-be.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.html: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.arj: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ppt: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.newc.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-pespin.exe: Win.Trojan.Sality-90234 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.pdf: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/unit_tests/clam-phish-exe: Clamav.Test.File-6 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 5663100
Engine version: 0.99.2
Scanned directories: 19346
Scanned files: 228216
Infected files: 49
Data scanned: 29909.13 MB
Data read: 150886.38 MB (ratio 0.20:1)
Time: 4801.750 sec (80 m 1 s)
Seriously, mono triggers clamav.
mintwifi.py triggers it.
It's useless as teats on a boar hog.
It's a Red-Herrring and you'll ire Linus.
Out of interest, why? I scan / recursively with clamtk and as long as I ignore /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1 (which exists even after a fresh install of Mint 18.1) and any PUA's related to Mono, Wine and LibreOffice, it works a treat (on the face of it, anyway ;-))
The fallacy of "anti-virus" software ... in addition to mis-appropriating a biological metaphor which does not apply at all to digital equipment ... is that software files will get tampered-with "on their own."
You should routinely be running your computer from a user-id that is not an Administrator ... is not a member of the wheel group ... "doesn't have the special ability to do jack squat!"
So, the only files that you can modify are ... yours. (And you're running continuous backups, right?)
If anything asks you to enter an administrative password, of course(!) you know not to do any such thing.
You have one user-id that is used only for system maintenance and for no other purpose. You log on to that user, perform maintenance, then log off.
Malware can't get a toe-hold. It can't modify anything of value.
Out of interest, why? I scan / recursively with clamtk and as long as I ignore /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1 (which exists even after a fresh install of Mint 18.1) and any PUA's related to Mono, Wine and LibreOffice, it works a treat (on the face of it, anyway ;-))
Only an advanced Linux user would ask such a question. "As a General Rule..." make it any less alarming for the OP?
You my friend, know how to vet a 4 year old Common Vulnerability found in a "new Install".
John Q. Public does not.
Why scan it is the Real Question?
Surely someone has let clamav know that mime.cache in Ubuntu isn't "infected". C'mon, it's Big Bad Ubuntu.
Been there for years...No one at clamav uses Ubuntu?
Guess what? clamav could give a rat's ass.
Notice most of the "test" directory stuff were .exes?
And the worst "feature" of all isn't a feature at all. Alas, clamscan doesn't clean.
It's a crutch for new users.
You go out of your way to install it (Desktops only) they should be prepared to hand over control of the system to it.
22 Years, only saw a Linux "worm" once, in a collection of vulns, on a Windows machine in a compressed archive of 10k of them.
Common Sense and regular backups.
No offense and just my gnarly opinion, as usual.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by siery
Hey. That will be probably a newbie question, so I'm sorry for triviality.
I lately start taking care about my laptops health and scan it with clamav. Besides viruses witch are easy to get rid off ("rm" or "mv ), clamav is reporting total errors. And last time I scan there was 22923 total errors find!
That make me really worry, and thats probably the reason of loud radiator work. Anyways, I have no idea how to fix thous errors, is there any way to find out more about them by using clamav or some other tool? Do i need to fix them all by hand or is there some easy way to do this?
I been searching the web before for that but find nothing.
--
Thank you, 513ry!
It looks like you do not have anything to be worried about, from your second post.
Quote:
Originally Posted by sundialsvcs
he fallacy of "anti-virus" software ... in addition to mis-appropriating a biological metaphor which does not apply at all to digital equipment ... is that software files will get tampered-with "on their own."
Just because you think that antivirus related software is a scam, it does not mean you should offer bad advice. If you do not wish to use it on your own PC, it does NOT mean that everyone else should follow your example. As someone else's PC is not your PC at the end of the day. And more to the point, you are passing your own personal views as sound "advice". You should ether stick to the question at hand or if you do not have any useful input to offer, don't reply to it in the first place!
Hey there. I do not wish to make an issue of this. But in terms of what people do on their pc. Like you said jsbjsb001, people do what they want.
I believe the last part of the sexond quote you wroteis a little on the iffy side.as you said in older posts. You do not pay for anti virus stuff. Well I do. For windows boxes i do have a rather expensive subscription and it is certainly not for protecting against a virus. It is simply because in a typical version of windows, yes you can secure it but you cannot fine tune it to the finest detail.
As sundial said. 99% of the time. If you use a non authoratative account, which does not belong to wheel, you are going to be fine. Have you not realized yet that even most windows machines are comoletely bollocksed because people do the wrong thing at wrong time in an administrative acount?
It will happen with both linux and windows systems. So as a matter of fact, the advice sundial gave is probably better protecting a far greater amount of systems from what is the most common apart from phishing.
The time of viruses has past. Sure there are some nasty ones out there. But user error is still the biggest issue. I mean i have a little school with 2 part time staffers and my ips goes absolutely bonkers with denied services notifications due to blocking their machines for corporate policy violations.
As such your files only and backup. That is really really sound advice in my opinion.
Besides that, I can say that Habitual and sundial are two members I personally look up to and they have provided myself and other with tremendous resources and guidance.
They may not always give a direct answer to solve your issue but if you sit back and think. They do know a thing or two.
So seeing you are from Oz mate. Sit back have a beer, watch a bit of footy and enjoy a barbeque coz where I am at it is too darn cold and wet to do any of those things.
Last edited by ericson007; 01-31-2017 at 08:54 AM.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by ericson007
Hey there. I do not wish to make an issue of this. But in terms of what people do on their pc. Like you said jsbjsb001, people do what they want.
I believe the last part of the sexond quote you wroteis a little on the iffy side.as you said in older posts. You do not pay for anti virus stuff. Well I do. For windows boxes i do have a rather expensive subscription and it is certainly not for protecting against a virus. It is simply because in a typical version of windows, yes you can secure it but you cannot fine tune it to the finest detail.
That's right I refuse to pay anything for AV software and as I also said, there are FREE versions of a lot of the major AV programs available. So if you choose to pay instead, that's your problem! I could not care what you do with your PC, you can leave it in the middle of the road and let a truck run over it, for all I care.
Quote:
Originally Posted by ericson007
As sundial said. 99% of the time. If you use a non authoratative account, which does not belong to wheel, you are going to be fine. Have you not realized yet that even most windows machines are comoletely bollocksed because people do the wrong thing at wrong time in an administrative acount?
It will happen with both linux and windows systems. So as a matter of fact, the advice sundial gave is probably better protecting a far greater amount of systems from what is the most common apart from phishing.
Where in my previous quote did I say it's wrong to use a non-administrative account? If you have read my other posts you should have seen that I DO AGREE with that advice! But this was NOT what siery was asking in the first place.
Quote:
Originally Posted by ericson007
The time of viruses has past. Sure there are some nasty ones out there. But user error is still the biggest issue. I mean i have a little school with 2 part time staffers and my ips goes absolutely bonkers with denied services notifications due to blocking their machines for corporate policy violations.
Not sure what planet your living on but.. I could not agree that viruses are a thing of the past. See the following URL if you don't believe me;
you can also do a google search, which will also give you more results.
Quote:
Originally Posted by ericson007
As such your files only and backup. That is really really sound advice in my opinion.
Besides that, I can say that Habitual and sundial are two members I personally look up to and they have provided myself and other with tremendous resources and guidance.
I'm sorry but passing your own personal views off as sound "advice" (in this case and others sundial's intent of dismissing AV software as a valid security measure. Because as sundial has admitted him/herself that he/she thinks that AV software even for Windows is a scam or similar) is NOT good sound "advice"! Full Stop.
And who's talking about Habitual!??
Quote:
Originally Posted by ericson007
So seeing you are from Oz mate. Sit back have a beer, watch a bit of footy and enjoy a barbeque coz where I am at it is too darn cold and wet to do any of those things.
For starters, I'm not a big drinker (infact can't even remember the last time I had ANY alcohol of ANY kind).
Seconds, don't own a barbecue ether!
Thirds, I can't help you with the weather mate!
And if you what to take that track, you could always enjoy some whale meat, oh sorry "research" Any breakthrough's yet?? LOL
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.