LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (https://www.linuxquestions.org/questions/mandriva-30/)
-   -   ClamAV - Virus?!? (https://www.linuxquestions.org/questions/mandriva-30/clamav-virus-323717/)

RySk8er30 05-15-2005 11:16 AM

ClamAV - Virus?!?
 
This might be an oddity, but I think I have a virus? I just installed ClamAV and ran the following command:

Code:

clamscan -r /
I received the following results back:

Code:

----------- SCAN SUMMARY -----------
Known viruses: 29813
Scanned directories: 10080
Scanned files: 109722
Infected files: 5
Data scanned: 3671.96 MB
I/O buffer size: 131072 bytes
Time: 1423.647 sec (23 m 43 s)

How do I find the infected files? How do I remove the virus? How can I find out what virus I have? Thanks.

caladbolg 05-15-2005 01:58 PM

It's probably Clam's "fake viruses". I had this the first time I ran it, but running in verbose mode, I saw the infected files were in Clam's directory.

It's just a test. No need to worry :)

RySk8er30 05-15-2005 04:02 PM

Oh geez. Thanks for the info. I had to play around with the parameters to find the "viruses".

I updated ClamAV (using the command "freshclam") and was informed that I have an outdated version (0.81, 0.85 is the latest). Is there a way to update my ClamAV easily? It seems like all of the programs in my URPMI sources are outdated. I tried changing mirrors with no luck. Any ideas?

abrooks29 05-16-2005 01:10 AM

I assume from you running version .81 that you're using 10.1. It seems to me that their update process has slowed down. They just came out with a firefox update that included 1.03 and 1.04 fixes for 10.2 after much gripping on their forums. Probably best advice if you really need clamav for like screening av in a postfix email server environment, learn to build your own. Its really not that difficult. I maintain updated clamav packages for my 10.0 server. Matter of fact, I just rebuilt .85-4mdk just a few minutes ago. If your using it just on a linux box then I wouldn't worry about it. They might get around and build an updated package for 10.1 but since they are already 4 versions behind...well you get the idea :)

tripwire45 06-09-2005 03:14 PM

Quote:

Originally posted by RySk8er30
I updated ClamAV (using the command "freshclam") and was informed that I have an outdated version (0.81, 0.85 is the latest). Is there a way to update my ClamAV easily? It seems like all of the programs in my URPMI sources are outdated. I tried changing mirrors with no luck. Any ideas? [/B]
In Debian I found the update file using the command "apt-cache search clamav" to look for all the installation and update files relative to clamav. I found this one:

clamav-freshclam - downloads clamav virus databases from the Internet

and installed it. Updated to 0.85 in short order. I ran freshclam and also found 5 viruses. I couldn't run down the infected files from the output but found the scan.log file in root's home directory and discovered this:

Scan started: Thu Jun 9 12:26:09 2005

//usr/share/clamav-testfiles/clam.cab: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.exe.bz2: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.rar: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.zip: ClamAV-Test-File FOUND

Naturally, I was releaved to find out the "infection" was only the test files.
;)

jerzeejerome 12-16-2006 08:39 AM

Quote:

Originally Posted by caladbolg
It's probably Clam's "fake viruses". I had this the first time I ran it, but running in verbose mode, I saw the infected files were in Clam's directory.

It's just a test. No need to worry :)

How do you run it in verbose mode? I found 20 infected files. I would like to know which ones it is refering to.

win32sux 12-16-2006 03:59 PM

Quote:

Originally Posted by jerzeejerome
How do you run it in verbose mode? I found 20 infected files. I would like to know which ones it is refering to.

with a "-v", as with most any unix/linux program... but if you only care about the infected ones, try with a "-i" instead, cuz IIRC that will report only the infected ones...

Emmanuel_uk 12-18-2006 11:47 AM

Quote:

Is there a way to update my ClamAV easily? It seems like all of the programs in my URPMI sources are outdated. I tried changing mirrors with no luck. Any ideas?
urpmi-update -a

also consider installing Klamav


All times are GMT -5. The time now is 11:21 AM.