LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices


Reply
  Search this Thread
Old 01-06-2006, 07:41 PM   #1
rrsc16954
Member
 
Registered: Sep 2003
Location: Edinburgh, Scotland
Distribution: Kubuntu 12/4
Posts: 214

Rep: Reputation: 30
Klamav - virus found - Zip.ExceededFilesLimit


I have the new Members' December edition and just ran the Klamav anti-virus for the first time and it found 4 instances of 'Zip.ExceededFilesLimit'.

I have googled for it and get conflicting results... some suggestions it it just the virus samples in the program others seem to suggest it could be more serious.

For example see: http://www.gossamer-threads.com/list...av/users/20667

I have searched here and couldn't find any mention. Does anybody know whether it is a problem in mandriva? And at this time do I need av in linux?
 
Old 01-08-2006, 01:47 PM   #2
Lakota
Member
 
Registered: Oct 2003
Location: London, ON, Canada
Distribution: Mandriva 2007 Free
Posts: 507

Rep: Reputation: 30
here is an explanation I found on another forum,

(e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) if max-files, max-space, or max-recursion is reached.

it doesn't mean there's a virus it meas that clamav has a limit of how many files or how many levels to check in a archive and that limit has been reached.

Link to quote above, check the moderators comment in this thread:
http://www.mepislovers.org/modules/n...11149&start=10
 
Old 01-08-2006, 01:57 PM   #3
Lakota
Member
 
Registered: Oct 2003
Location: London, ON, Canada
Distribution: Mandriva 2007 Free
Posts: 507

Rep: Reputation: 30
The above explanation does hold water. If you open the options button on Klamav, you will see at the top, the max limits are user configurable, and the "mark as virus if limits exeeded", or "mark as virus if encripted" is an option the user can define.

I ran into this same scenario in Windows. Scanned a file that I had on a backup disk with AVG, AVG said had a virus. I know for a fact it did not. It was a text file I created, encrypted and compressed. It is just a failsafe false positive type thing.
 
Old 01-10-2006, 07:28 PM   #4
rrsc16954
Member
 
Registered: Sep 2003
Location: Edinburgh, Scotland
Distribution: Kubuntu 12/4
Posts: 214

Original Poster
Rep: Reputation: 30
Thank you for your responses.

The four directories 'found' had large numbers of compressed sub-directories probably containing more of the same eg two of them were mozilla installation folders.

Thanks again for your time.
 
Old 01-11-2006, 09:42 AM   #5
rjw1678
Member
 
Registered: Sep 2003
Location: Delaware, USA
Distribution: Ubuntu 12.04 LTS
Posts: 55

Rep: Reputation: 15
I changed the klamavrc file (that I found by searching the home directory of the user that I was running klam-av from). The changes I made were :

MBsToExtract=99M
NoFilesToExtract=99999
RecursionLevel=25

This took care of the problem for me.

Later
Bob
 
Old 01-11-2006, 09:08 PM   #6
rrsc16954
Member
 
Registered: Sep 2003
Location: Edinburgh, Scotland
Distribution: Kubuntu 12/4
Posts: 214

Original Poster
Rep: Reputation: 30
Thanks Bob

I'll look closely at that. I don't think I need to worry about the files I found, though. One of the names I have seen re-assuring us (somewhere in my google) is that of the guy (which I can't remember now) who seems to find all the potential security breaches in Mandriva. When I am downloading security updates I seem to see his name on 99%.

After waiting a day or so for a response here, I asked for assurance from Mandriva club security forum and got the same story there.

It's just a sensible precaution in case a virus is hidden inside a compressed file, although it would seem to me reasonable to give a more precise warning rather than a statement that you have a virus.

Richard
 
Old 01-13-2006, 03:30 AM   #7
Lakota
Member
 
Registered: Oct 2003
Location: London, ON, Canada
Distribution: Mandriva 2007 Free
Posts: 507

Rep: Reputation: 30
Hey, new toy to stress us out! Grisoft released a new product a few hours ago, avg free for linux. This one is for the home user. They even have a mandriva rpm to download, denoted by the "mdk" in file name.
http://free.grisoft.com/doc/20/lng/us/tpl/v5
 
Old 01-16-2006, 07:53 PM   #8
rrsc16954
Member
 
Registered: Sep 2003
Location: Edinburgh, Scotland
Distribution: Kubuntu 12/4
Posts: 214

Original Poster
Rep: Reputation: 30
Lakota - very interesting, thanks! I'm trying to install the required libraries at the moment.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I found a virus on the bit torrents for 10.1 cereal83 Slackware 17 12-16-2006 06:07 PM
KlamAv drake_101 Linux - Software 7 01-06-2006 10:32 PM
Mysql Server ...virus Attack Found ! my-unix-dream Linux - Newbie 9 05-15-2005 12:35 PM
Klamav bobinglis Linux - Software 0 04-18-2005 02:36 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva

All times are GMT -5. The time now is 12:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration