Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Situation
When I used to clamav to check some external HD, clamav found "Win.Trojan.Agent-905394".
However, TrendMicro and Symantec engines do not report any infection.
It look like that some sort of trojan horse, but no further information on web.
The files infected are active printer driver. So it is not easy to get rid of them, without affection functionality.
I have no idea how to resolve this inconsistency. Most probably, linux machines are immune. www.virustotal.com also
Question
Is this file harmful? (for several other windows ones)
It's highly possible that this is a false positive with clamav and that you can safely disregard the warning. What were the results of the virustotal scan?
sometimes ClamAV has the new definitions a day or two BEFORE trend and norton and mcafee do
also in the past i have had clam find things that both Norton and McAfee missed
and NOT just the things they ARE PAID $$$$ TO MIS
so i take it this is a network printer with Microsoft AND Linux machines using it
while it is nearly impossible to have had the linux os's mess with it
the MS windows systems on the shared printer are easy
and a wireless printer on a windows domain is "VERY low hanging fruit" and a VERY NICE target
and a easy in for a war drive
I have no idea how to resolve this inconsistency. Most probably, linux machines are immune. www.virustotal.com
Have you run
Code:
sudo freshclam
prior to (re-)scan?
Can you name the file exactly?
Can you post the link to the virustotal scan result?
On Windows hosts, you can also use ClamWin for scanning from that environment,
and compare results.
clearly windows files.
on an external hd?
are you sure this is the "active printer driver"?
active on your linux installation, or active on some other, windows installation?
if you have a windows machine running, i think it's better to check for viruses locally, not remotely - or am i misunderstanding?
are you using clamav on that windows machine without network connection?
what is this external hd???
ultimately, you have to find out where clamav's virus definitions come from, and check for the ID "Win.Trojan.Agent-905394". that will give you answers.
so you are using clamav for windows, and scanning an external hard drive, clamav told you that the currently running printer driver on that hard drive might be a trojan???
aren't you maybe talking about the printers setup.exe or some such?
I took a disk drive from stand alone windows machine. I connected the drive to linux machine via USB, so it is recognized as an external drive.
The disk serves as drive C on the windows machine.
Clamav detects several files, which are printer driver related.
It is a long story hiding behind.
Somebody introduced a malware to the machine by using an infected USB stick. (This malware is detected by all virus programs.)
After removing that malware, I checked entire system as described above. Then I ran into this inconsistency problem.
I took a disk drive from stand alone windows machine. I connected the drive to linux machine via USB, so it is recognized as an external drive.
The disk serves as drive C on the windows machine.
Clamav detects several files, which are printer driver related.
It is a long story hiding behind.
Somebody introduced a malware to the machine by using an infected USB stick. (This malware is detected by all virus programs.)
After removing that malware, I checked entire system as described above. Then I ran into this inconsistency problem.
cheers
Well, it's your machine, handle it how you see fit. But, I was a vendor / tech support for MS on the MS network for MS employees and partners. And I can tell you that in situations like this their internal policy is to not trust *any* virus scanner or repair tool; not even their own. By policy, any machine with any trace of any class of malware on it *must* be flattened and reimaged before being reconnected to the network and no data is allowed to be recovered from the infected drive. And they were serious enough about it that it was a terminable offence.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
