Results 1 to 5 of 5

Thread: clamav scan found 3 infected files, curious what they are

  1. #1

    Default clamav scan found 3 infected files, curious what they are

    I installed clamav from yast just to see if it would pick anything up, broken, infected on opensuse 12.1?
    I followed the article "http://wiki.clamav.net/bin/view/Main/SuSEInstall"

    Here are my results :

    Code:
    linux-fjj3:/ # /bin/su
    linux-fjj3:/ # freshclam
    ClamAV update process started at Tue Jan  3 05:14:31 2012
    main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
    daily.cvd is up to date (version: 14229, sigs: 59412, f-level: 63, builder: arnaud)
    bytecode.cvd is up to date (version: 159, sigs: 38, f-level: 63, builder: edwin)
    linux-fjj3:/ # clamscan -i -r --detect-broken 
    /home/suse1/Desktop/Opensuse 12.1 KDE4/DualBoots/grub4dos-0.4.3/bootlace.com: Heuristics.Broken.Executable FOUND
    The line "/home/suse1/Desktop/Opensuse 12.1 KDE4/DualBoots/grub4dos-0.4.3/bootlace.com: Heuristics.Broken.Executable FOUND'
    showed for awhile then disappeared resulting in all the LibclamAV warning text below


    this LibClamAV warning part i condensed, it went on and on...

    [CODELibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4072 bytes @ offset 24, got 0
    LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
    WARNING: Can't open file /sys/module/drm_kms_helper/uevent: Permission denied][/CODE]

    [CODE----------- SCAN SUMMARY -----------
    Known viruses: 1102570
    Engine version: 0.97.3
    Scanned directories: 25673
    Scanned files: 145473
    Infected files: 3
    Total errors: 694
    Data scanned: 6684.73 MB
    Data read: 7470.37 MB (ratio 0.89:1)
    Time: 283.426 sec (4 m 43 s)][/CODE]


    thanks

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    14,738

    Default Re: clamav scan found 3 infected files, curious what they are

    You should search for other threads about people who thought that clamav is something to let loose on LInux files. Else a lot of us have to tell again that you should not do this nonsense.

    Only use it when your system regularly receives and send files from and to windows system (like when you run a mail-server). You can only protect Windows systems with clamav and friends, because they only know about Windows viruses.

    Best advice: de-install it and stop worrying.
    Henk van Velden

  3. #3

    Default Re: clamav scan found 3 infected files, curious what they are

    I am going to remove clamAV. will the removal of clamav from yast also remove the antivirus update i did as well? I was just curious since i do have thunderbird and receive emails from windows users and also network thru samba with my other windows systems...Also use linuxreader.exe... The windows systems do have antivirus and firewall software

    thanks

  4. #4
    Join Date
    Oct 2008
    Location
    Glasgow, Scotland
    Posts
    584

    Default Re: clamav scan found 3 infected files, curious what they are

    As well as detecting MS Windows viruses, clamav also flags phishing e-mail. I use it, together with spam defences, on my local mail server.

    Some mail clients (e.g. KMail) can use an installed clamav to filter incoming messages. This can be useful as part of your spam filter settings, and in helping avoid inadvertently relaying malware to others who may be susceptible.
    as a starting
    The virus table update is called freshclam and is part of the clamav package. clamav-db is only used as a starting point in the case of freshclam not being started.

    It is just pointless using an A-V to scan non-MS filesystems.

  5. #5
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    14,738

    Default Re: clamav scan found 3 infected files, curious what they are

    Quote Originally Posted by diablo1 View Post
    I am going to remove clamAV. will the removal of clamav from yast also remove the antivirus update i did as well? I was just curious since i do have thunderbird and receive emails from windows users and also network thru samba with my other windows systems...Also use linuxreader.exe... The windows systems do have antivirus and firewall software

    thanks
    When the RPM is build correct, de-installing it will remove all files that are part of the package. I guess (but am of course note sure) that the updates go into files that allready have virus descriptions and that came with the package. Thus when these files are removed by the de-install, the changes to these files will go with tem. But that is the theory. OTOH one or two of those files left behind will not fill up your disk and when you do a reinstall of a next openSUSE level in a year or so, you will start with a fresh clean situation anyhow.

    And yes, I guess it is a good idea to let those Windows systems protect themselves against the Windows targeting viruses.

    And remember, you may receive e-mails with Windows viruses (and other malware), but they will not do anything bad to your Linux system. Particularly of you do not open HTML mails as such automaticaly, but only if you trust the sender. And even then, things would not be executable in your Linux system (ever tried to run a Windoiws exeuitable on your Linux?). And even then it will at the most ruin your personal data and not the system (as long as you do not read your mail as root of course).
    Henk van Velden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •