LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices


Reply
  Search this Thread
Old 05-15-2005, 12:16 PM   #1
RySk8er30
Member
 
Registered: Jul 2004
Location: Buffalo, NY
Distribution: Mandriva 2005LE
Posts: 274

Rep: Reputation: 30
ClamAV - Virus?!?


This might be an oddity, but I think I have a virus? I just installed ClamAV and ran the following command:

Code:
clamscan -r /
I received the following results back:

Code:
----------- SCAN SUMMARY -----------
Known viruses: 29813
Scanned directories: 10080
Scanned files: 109722
Infected files: 5
Data scanned: 3671.96 MB
I/O buffer size: 131072 bytes
Time: 1423.647 sec (23 m 43 s)
How do I find the infected files? How do I remove the virus? How can I find out what virus I have? Thanks.
 
Old 05-15-2005, 02:58 PM   #2
caladbolg
Member
 
Registered: Jul 2004
Distribution: Mandrake 10.x, Fedora Core 3, Archlinux 0.7, Ubuntu 5.04
Posts: 303

Rep: Reputation: 31
It's probably Clam's "fake viruses". I had this the first time I ran it, but running in verbose mode, I saw the infected files were in Clam's directory.

It's just a test. No need to worry
 
Old 05-15-2005, 05:02 PM   #3
RySk8er30
Member
 
Registered: Jul 2004
Location: Buffalo, NY
Distribution: Mandriva 2005LE
Posts: 274

Original Poster
Rep: Reputation: 30
Oh geez. Thanks for the info. I had to play around with the parameters to find the "viruses".

I updated ClamAV (using the command "freshclam") and was informed that I have an outdated version (0.81, 0.85 is the latest). Is there a way to update my ClamAV easily? It seems like all of the programs in my URPMI sources are outdated. I tried changing mirrors with no luck. Any ideas?
 
Old 05-16-2005, 02:10 AM   #4
abrooks29
Member
 
Registered: May 2005
Location: Tennessee USA
Distribution: CentOS/Solaris(sparc)/Mandriva
Posts: 43

Rep: Reputation: 15
I assume from you running version .81 that you're using 10.1. It seems to me that their update process has slowed down. They just came out with a firefox update that included 1.03 and 1.04 fixes for 10.2 after much gripping on their forums. Probably best advice if you really need clamav for like screening av in a postfix email server environment, learn to build your own. Its really not that difficult. I maintain updated clamav packages for my 10.0 server. Matter of fact, I just rebuilt .85-4mdk just a few minutes ago. If your using it just on a linux box then I wouldn't worry about it. They might get around and build an updated package for 10.1 but since they are already 4 versions behind...well you get the idea
 
Old 06-09-2005, 04:14 PM   #5
tripwire45
Member
 
Registered: Aug 2004
Distribution: Ubuntu 11.10
Posts: 59

Rep: Reputation: 15
Quote:
Originally posted by RySk8er30
I updated ClamAV (using the command "freshclam") and was informed that I have an outdated version (0.81, 0.85 is the latest). Is there a way to update my ClamAV easily? It seems like all of the programs in my URPMI sources are outdated. I tried changing mirrors with no luck. Any ideas? [/B]
In Debian I found the update file using the command "apt-cache search clamav" to look for all the installation and update files relative to clamav. I found this one:

clamav-freshclam - downloads clamav virus databases from the Internet

and installed it. Updated to 0.85 in short order. I ran freshclam and also found 5 viruses. I couldn't run down the infected files from the output but found the scan.log file in root's home directory and discovered this:

Scan started: Thu Jun 9 12:26:09 2005

//usr/share/clamav-testfiles/clam.cab: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.exe.bz2: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.rar: ClamAV-Test-File FOUND
//usr/share/clamav-testfiles/clam.zip: ClamAV-Test-File FOUND

Naturally, I was releaved to find out the "infection" was only the test files.

Last edited by tripwire45; 06-09-2005 at 04:15 PM.
 
Old 12-16-2006, 09:39 AM   #6
jerzeejerome
Member
 
Registered: Aug 2006
Location: Jersey, USA
Distribution: Fedora 6, Slackware
Posts: 66

Rep: Reputation: 15
Quote:
Originally Posted by caladbolg
It's probably Clam's "fake viruses". I had this the first time I ran it, but running in verbose mode, I saw the infected files were in Clam's directory.

It's just a test. No need to worry
How do you run it in verbose mode? I found 20 infected files. I would like to know which ones it is refering to.

Last edited by jerzeejerome; 12-16-2006 at 04:09 PM.
 
Old 12-16-2006, 04:59 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by jerzeejerome
How do you run it in verbose mode? I found 20 infected files. I would like to know which ones it is refering to.
with a "-v", as with most any unix/linux program... but if you only care about the infected ones, try with a "-i" instead, cuz IIRC that will report only the infected ones...
 
Old 12-18-2006, 12:47 PM   #8
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,606

Rep: Reputation: 53
Quote:
Is there a way to update my ClamAV easily? It seems like all of the programs in my URPMI sources are outdated. I tried changing mirrors with no luck. Any ideas?
urpmi-update -a

also consider installing Klamav
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
clamav: what happens when it finds a virus? hamish Linux - Security 1 08-03-2005 11:10 AM
On-access virus scanning with Clamav Berhanie Linux - Software 0 05-19-2005 12:56 PM
help with clamAV Lleb_KCir Linux - Software 6 01-29-2005 04:45 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 02:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva

All times are GMT -5. The time now is 02:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration