| View previous topic :: View next topic |
| Author |
Message |
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
 Posted: Fri Jun 11, 2004 4:18 pm Post subject: New to ClamAV and it has found 2 viruses |
 |
|
I emerge ClamAV last night and i ran it this morning and it has found 2 virues, one being the test signitures in the install archive and the other being a file i have downloaded a long time ago.
| Code: |
//usr/portage/distfiles/clamav-0.70.tar.gz: ClamAV-Test-Signature FOUND
//home/user/file7.zip: Trojan.WinFavorites.Bridge FOUND
|
Am I infected with the trojan? How can i remove it if I am? How can i get ClamAV to clean the viruses it finds? I have already deleted the file. I couldnt find anything on the trojan on the internet with a quick search.
Is there anything else i should know about ClamAV and how to use it?
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
 |
barlad
l33t
Joined: 22 Feb 2003
Posts: 673
|
| Posted: Fri Jun 11, 2004 4:59 pm Post subject: |
|
|
Hello.
The first file (signature found) is not a problem. I have no experience with ClamAV but I guess it is just detecting one of the file that is provided in the installation package.
The second one looks more problematic. I think you should do a research on google concerning that trojan and see if it is windows or linux related. If it is linux related, download chkrootkit and run the test. If it's linux related, you will probably be able to find to get rid of it. |
|
| Back to top |
|
|
dashaun
n00b
Joined: 18 Jul 2003
Posts: 44
Location: Planet Express
|
| Posted: Fri Jun 11, 2004 5:28 pm Post subject: |
|
|
Two things....
First, I changed my signature to be more like yours (registered linux user)
Second, this is the first time I've honestly heard of a linux user worried about a virus on a linux machine.
I've just emerged "clamav" just to see what I can figure out.
I wonder how many people would find problems if they run it. Also, I wonder how many people are running this (or other) all the time like we/they are "supposed to".
_________________
Java developer that loves Gentoo
Registered Linux user #357881 |
|
| Back to top |
|
|
jonnevers
Veteran
Joined: 02 Jan 2003
Posts: 1594
Location: Gentoo64 land
|
| Posted: Fri Jun 11, 2004 6:08 pm Post subject: |
|
|
I cron freshclam (the updater for clamav) everynight at midnight and then i cron clamscan (the scanner for clamav) every morning at 2 a.m.. This is on my main dedicated server. The only virus it ever found was, like the original poster, one of its own files (a vius definition file i believe). on my clients though, i don't run it at all.
I should add, that occasional, I get crazy and decide to clamscan a mounted windows share or another linux box's samba share that houses a lot of downloaded files and its sad to read those logs 
in the case of the samba shares, clamav has found lots of windows viruses which have no effect on linux boxen.. so they are really false-positives. |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Fri Jun 11, 2004 7:18 pm Post subject: |
|
|
Thanks for the input. I have looked it up on google and i cant seem to find this exact one but i found related ones and it only affects windozes. So i dont think im affected. I didnt think i was in the first place i was just messing around and thought id emerge clamav and scan my desktop.
Whats the best way to set it up on a server so that it will scan my desktop also? The server runs Gentoo also.
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
|
Networking & Security
