LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-25-2017, 05:05 PM   #1
siery
Member
 
Registered: Dec 2015
Posts: 34

Rep: Reputation: Disabled
Errors reported by Clamav scan


Hey. That will be probably a newbie question, so I'm sorry for triviality.

I lately start taking care about my laptops health and scan it with clamav. Besides viruses witch are easy to get rid off ("rm" or "mv ), clamav is reporting total errors. And last time I scan there was 22923 total errors find!
That make me really worry, and thats probably the reason of loud radiator work. Anyways, I have no idea how to fix thous errors, is there any way to find out more about them by using clamav or some other tool? Do i need to fix them all by hand or is there some easy way to do this?

I been searching the web before for that but find nothing.

--
Thank you, 513ry!

Last edited by siery; 01-25-2017 at 05:06 PM.
 
Old 01-25-2017, 05:44 PM   #2
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735

Rep: Reputation: 154Reputation: 154
Would it be possible posting some of the errors?
 
Old 01-25-2017, 05:50 PM   #3
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Scan your stuff in terminal using
Code:
clamscan -ir $HOME --log=$HOME/scan.rpt
I suspect you tried it on / without sudo privs and woke up Tux...?

Three things:
Did you use ClamTK? (the gui)
Did you scan / ? (don't)
Did you enable PUA (it is disabled by default)

at the end of the run, you'll see the "warnings" and they are also logged in $HOME/scan.rpt

That file will identify "infections". Please post the output of $HOME/scan.rpt

Thank you.

Last edited by Habitual; 01-25-2017 at 05:52 PM.
 
Old 01-25-2017, 06:12 PM   #4
siery
Member
 
Registered: Dec 2015
Posts: 34

Original Poster
Rep: Reputation: Disabled
No, I don't use the GUI (I'm comfortable with the terminal, even if I seem not technical, I work witch terminal every day)
Yes, I did scan the "/"
No, I didn't use PUA, but I enabled UFW on that PC some days ago after I saw that rapport.

So you mean I should scan only "~/"? What about viruses that get into root directories? And why not using root privilege, are you sure no viruses and errors have them ?

Last edited by siery; 01-25-2017 at 06:21 PM.
 
Old 01-26-2017, 05:49 AM   #5
siery
Member
 
Registered: Dec 2015
Posts: 34

Original Poster
Rep: Reputation: Disabled
scan raport

After scanning only the $HOME directory I got no "Total Errors" summary. And only infected files are some test files from clamav download. So I guess it's fine. I will be grateful for someone who explains why do thous errors appear when I scan the system from the root directory.

Whole raport:
Quote:
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-yc.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-petite.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.tnef: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-fsg.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ea06.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-nsis.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.szdd: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.zip: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-mew.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-upack.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.d64.zip: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ole.doc: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.mbox.base64: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-aspack.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_ISmsi_ext.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.mail: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clam.isoaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clamjol.isoaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clam_IScab_ext.exeaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/.split/split.clam_IScab_int.exeaa: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ea05.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.sis: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.impl.zip: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.rtf: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_IScab_int.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-wwpack.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.cab: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_ISmsi_int.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.mbox.uu: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.tar.gz: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-upx.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.odc.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.iso: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.bin-le.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clamjol.iso: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.binhex: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.chm: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.7z: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_cache_emax.tgz: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam_IScab_ext.exe: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.bin-be.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.exe.html: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.arj: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.ppt: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.newc.cpio: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam-pespin.exe: Win.Trojan.Sality-90234 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/test/clam.pdf: Clamav.Test.File-6 FOUND
/home/siery/Downloads/Archive/clamav-0.99.2/unit_tests/clam-phish-exe: Clamav.Test.File-6 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 5663100
Engine version: 0.99.2
Scanned directories: 19346
Scanned files: 228216
Infected files: 49
Data scanned: 29909.13 MB
Data read: 150886.38 MB (ratio 0.20:1)
Time: 4801.750 sec (80 m 1 s)
 
Old 01-26-2017, 08:31 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
I don't use "Clam," but it sure does look to me like those might be test files that are supposed to trigger "found" responses!

The subdirectory names are test and unit_test and that just has to be significant.
 
Old 01-26-2017, 10:35 AM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Don't scan / ever.

Seriously, mono triggers clamav.
mintwifi.py triggers it.
It's useless as teats on a boar hog.
It's a Red-Herrring and you'll ire Linus.
 
Old 01-26-2017, 12:50 PM   #8
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915
Quote:
Originally Posted by Habitual View Post
Don't scan / ever.

Seriously, mono triggers clamav.
mintwifi.py triggers it.
It's useless as teats on a boar hog.
It's a Red-Herrring and you'll ire Linus.
Out of interest, why? I scan / recursively with clamtk and as long as I ignore /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1 (which exists even after a fresh install of Mint 18.1) and any PUA's related to Mono, Wine and LibreOffice, it works a treat (on the face of it, anyway ;-))
 
Old 01-26-2017, 03:51 PM   #9
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
The fallacy of "anti-virus" software ... in addition to mis-appropriating a biological metaphor which does not apply at all to digital equipment ... is that software files will get tampered-with "on their own."

You should routinely be running your computer from a user-id that is not an Administrator ... is not a member of the wheel group ... "doesn't have the special ability to do jack squat!"

So, the only files that you can modify are ... yours. (And you're running continuous backups, right?)

If anything asks you to enter an administrative password, of course(!) you know not to do any such thing.

You have one user-id that is used only for system maintenance and for no other purpose. You log on to that user, perform maintenance, then log off.

Malware can't get a toe-hold. It can't modify anything of value.
 
Old 01-26-2017, 04:31 PM   #10
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by hydrurga View Post
Out of interest, why? I scan / recursively with clamtk and as long as I ignore /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1 (which exists even after a fresh install of Mint 18.1) and any PUA's related to Mono, Wine and LibreOffice, it works a treat (on the face of it, anyway ;-))
Only an advanced Linux user would ask such a question. "As a General Rule..." make it any less alarming for the OP?
You my friend, know how to vet a 4 year old Common Vulnerability found in a "new Install".
John Q. Public does not.

Why scan it is the Real Question?
Surely someone has let clamav know that mime.cache in Ubuntu isn't "infected". C'mon, it's Big Bad Ubuntu.
Been there for years...No one at clamav uses Ubuntu?

Guess what? clamav could give a rat's ass.
Notice most of the "test" directory stuff were .exes?
And the worst "feature" of all isn't a feature at all. Alas, clamscan doesn't clean.

It's a crutch for new users.
You go out of your way to install it (Desktops only) they should be prepared to hand over control of the system to it.
22 Years, only saw a Linux "worm" once, in a collection of vulns, on a Windows machine in a compressed archive of 10k of them.

Common Sense and regular backups.
No offense and just my gnarly opinion, as usual.

Peace.

Last edited by Habitual; 01-31-2017 at 09:09 AM.
 
1 members found this post helpful.
Old 01-31-2017, 04:32 AM   #11
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,835

Rep: Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033
Quote:
Originally Posted by siery View Post
Hey. That will be probably a newbie question, so I'm sorry for triviality.

I lately start taking care about my laptops health and scan it with clamav. Besides viruses witch are easy to get rid off ("rm" or "mv ), clamav is reporting total errors. And last time I scan there was 22923 total errors find!
That make me really worry, and thats probably the reason of loud radiator work. Anyways, I have no idea how to fix thous errors, is there any way to find out more about them by using clamav or some other tool? Do i need to fix them all by hand or is there some easy way to do this?

I been searching the web before for that but find nothing.

--
Thank you, 513ry!
It looks like you do not have anything to be worried about, from your second post.

Quote:
Originally Posted by sundialsvcs View Post

he fallacy of "anti-virus" software ... in addition to mis-appropriating a biological metaphor which does not apply at all to digital equipment ... is that software files will get tampered-with "on their own."
Just because you think that antivirus related software is a scam, it does not mean you should offer bad advice. If you do not wish to use it on your own PC, it does NOT mean that everyone else should follow your example. As someone else's PC is not your PC at the end of the day. And more to the point, you are passing your own personal views as sound "advice". You should ether stick to the question at hand or if you do not have any useful input to offer, don't reply to it in the first place!
 
Old 01-31-2017, 08:52 AM   #12
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735

Rep: Reputation: 154Reputation: 154
Hey there. I do not wish to make an issue of this. But in terms of what people do on their pc. Like you said jsbjsb001, people do what they want.

I believe the last part of the sexond quote you wroteis a little on the iffy side.as you said in older posts. You do not pay for anti virus stuff. Well I do. For windows boxes i do have a rather expensive subscription and it is certainly not for protecting against a virus. It is simply because in a typical version of windows, yes you can secure it but you cannot fine tune it to the finest detail.

As sundial said. 99% of the time. If you use a non authoratative account, which does not belong to wheel, you are going to be fine. Have you not realized yet that even most windows machines are comoletely bollocksed because people do the wrong thing at wrong time in an administrative acount?

It will happen with both linux and windows systems. So as a matter of fact, the advice sundial gave is probably better protecting a far greater amount of systems from what is the most common apart from phishing.

The time of viruses has past. Sure there are some nasty ones out there. But user error is still the biggest issue. I mean i have a little school with 2 part time staffers and my ips goes absolutely bonkers with denied services notifications due to blocking their machines for corporate policy violations.

As such your files only and backup. That is really really sound advice in my opinion.

Besides that, I can say that Habitual and sundial are two members I personally look up to and they have provided myself and other with tremendous resources and guidance.

They may not always give a direct answer to solve your issue but if you sit back and think. They do know a thing or two.

So seeing you are from Oz mate. Sit back have a beer, watch a bit of footy and enjoy a barbeque coz where I am at it is too darn cold and wet to do any of those things.

Last edited by ericson007; 01-31-2017 at 08:54 AM.
 
Old 02-01-2017, 02:20 AM   #13
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,835

Rep: Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033Reputation: 2033
Quote:
Originally Posted by ericson007 View Post
Hey there. I do not wish to make an issue of this. But in terms of what people do on their pc. Like you said jsbjsb001, people do what they want.

I believe the last part of the sexond quote you wroteis a little on the iffy side.as you said in older posts. You do not pay for anti virus stuff. Well I do. For windows boxes i do have a rather expensive subscription and it is certainly not for protecting against a virus. It is simply because in a typical version of windows, yes you can secure it but you cannot fine tune it to the finest detail.
That's right I refuse to pay anything for AV software and as I also said, there are FREE versions of a lot of the major AV programs available. So if you choose to pay instead, that's your problem! I could not care what you do with your PC, you can leave it in the middle of the road and let a truck run over it, for all I care.

Quote:
Originally Posted by ericson007 View Post
As sundial said. 99% of the time. If you use a non authoratative account, which does not belong to wheel, you are going to be fine. Have you not realized yet that even most windows machines are comoletely bollocksed because people do the wrong thing at wrong time in an administrative acount?

It will happen with both linux and windows systems. So as a matter of fact, the advice sundial gave is probably better protecting a far greater amount of systems from what is the most common apart from phishing.
Where in my previous quote did I say it's wrong to use a non-administrative account? If you have read my other posts you should have seen that I DO AGREE with that advice! But this was NOT what siery was asking in the first place.

Quote:
Originally Posted by ericson007 View Post
The time of viruses has past. Sure there are some nasty ones out there. But user error is still the biggest issue. I mean i have a little school with 2 part time staffers and my ips goes absolutely bonkers with denied services notifications due to blocking their machines for corporate policy violations.
Not sure what planet your living on but.. I could not agree that viruses are a thing of the past. See the following URL if you don't believe me;

https://www.symantec.com/security_re...ng/threats.jsp

you can also do a google search, which will also give you more results.

Quote:
Originally Posted by ericson007 View Post
As such your files only and backup. That is really really sound advice in my opinion.

Besides that, I can say that Habitual and sundial are two members I personally look up to and they have provided myself and other with tremendous resources and guidance.
I'm sorry but passing your own personal views off as sound "advice" (in this case and others sundial's intent of dismissing AV software as a valid security measure. Because as sundial has admitted him/herself that he/she thinks that AV software even for Windows is a scam or similar) is NOT good sound "advice"! Full Stop.

And who's talking about Habitual!??

Quote:
Originally Posted by ericson007 View Post
So seeing you are from Oz mate. Sit back have a beer, watch a bit of footy and enjoy a barbeque coz where I am at it is too darn cold and wet to do any of those things.
For starters, I'm not a big drinker (infact can't even remember the last time I had ANY alcohol of ANY kind).

Seconds, don't own a barbecue ether!

Thirds, I can't help you with the weather mate!

And if you what to take that track, you could always enjoy some whale meat, oh sorry "research" Any breakthrough's yet?? LOL
 
  


Reply

Tags
anti-virus, clamav, error


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Clamav - What does it scan? junior-s Linux - Software 1 02-11-2014 01:38 AM
file-scan-clamav-1.8 or clamav-0.93.1 invader44 Linux - Newbie 1 12-29-2009 08:49 AM
ClamAV scan with a LiveCD AvatarofVirgo Linux - Security 4 10-12-2007 05:08 PM
What is the best way to get clamav to scan emails? luca2005 Linux - Software 0 12-12-2004 04:52 AM
Clamav scan on demmand rooch84 Linux - Security 9 08-16-2004 09:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration