Results 1 to 9 of 9

Thread: Klamav "Virus Found" Question

  1. #1

    Default Klamav "Virus Found" Question

    Based on some other threads saying that while viruses weren't a problem in Linux, but there have been some efforts to cause problems, I downloaded klamav and clamav this morning. I told Klamav to scan the drive and it came up with the following.



    I have a hard time believing those "viruses" are for real. Klamav wanted to quarantine them, but I told it to do nothing till I can hear from you. I have a great working openSUSE 12.1 KDE system. I'd like to keep it that way. (If this was a Windows system I was scanning, I'd believe the worst and not question the finds.) BTW, Thunderbird was running at the time, so that could be the cause of the two Thunderbird "viruses".

    Here are the scanning options I'm using. They are the defaults. Are these set the way you'd recommend? If not, what changes would you make?



    Thanks for your help on this.

    Chris

  2. #2
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,719
    Blog Entries
    20

    Default Re: Klamav "Virus Found" Question

    They are not Virus'

    I wouldn't bother using it. You'll worry yourself to distraction.
    Leap 15_KDE
    My Articles Was I any help? If yes: Click the star below

  3. #3
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Klamav "Virus Found" Question

    On 12/28/2011 09:56 PM, crypkema wrote:
    > what changes would you make?


    use YaST > Software Management to uninstal klamav..

    it is 100% waste of time--unless you feel it your duty to help your
    fellow man protect **their** Windows machine...

    if you want to help them do that, then advise them to not boot it, ever.

    i have used Linus off and on from 1998, and exclusively from about
    2002...and, i have not had a virus since i left Windows, in 1995.

    i do not have any AV on this machine, or the one before, or before, or
    before, etc etc all the way back to 1995.

    --
    DD
    openSUSE®, the "German Engineered Automobiles" of operating systems!

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Klamav "Virus Found" Question

    On 2011-12-28 21:56, crypkema wrote:
    > Here are the scanning options I'm using. They are the defaults. Are
    > these set the way you'd recommend? If not, what changes would you
    > make?


    I don't know the definition of "broken executable". And the "treat
    encrypted files as suspicious" is also "suspicious" itself.

    With those options active it also complains on my /boot.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  5. #5
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,729

    Default Re: Klamav "Virus Found" Question

    You said you have read threads about this "viruses on Linux" subject. But either these were lousy threads or you did not understand them.

    There are no known viruses for Linnux. Thus how can any anti-virus software claim to be able to find their footprints? Anti-virus software compares file content with known patterns of viruses. That is why these anti-virus software has databases with those patterns/footpints that are to be updated daily. When nobody knows about any Linux virus, there can be no such patterns in that database. Thus searching in your Linux systemfiles (and user files that never are touched by Windows) is fruitless.

    Only thing you can do is search files that come and go to Windows systems (like when you have a mail server). Not to protect your Linux system (because Windows viruses are incompatible with Linux), but to protect your fellow Window users.

    Hope this helps in your understanding.
    Henk van Velden

  6. #6

    Default Re: Klamav "Virus Found" Question

    Quote Originally Posted by hcvv View Post
    You said you have read threads about this "viruses on Linux" subject. But either these were lousy threads or you did not understand them...
    I stumbled upon this thread titled "wine HQ Hacked" yesterday before installing Klamav and later starting this thread because of what it found. Number 1 below didn't bother me at all. I don't have any nuclear reactors in my home. Number 2 and 3 though did catch my attention. I probably just did not understand.

    Chris

    Quote Originally Posted by DenverD View Post
    On 10/12/2011 02:09 AM, JoergJaeger wrote:

    > I am getting used to this now. I conclude that nothing is safe, ever.
    > It would be interesting to know after what these individuals were.


    of course you are right, nothing is safe...ever...which is why good
    security practices _are_ required on every instance of Windows, Linux,
    AIX, UNIX, BSD, OSX, etc etc etc..

    i have a theory about why this happened (that some will paint as paranoid):

    there is an organized move afoot to show that open source software as
    just a vulnerable, flaky and easily attacked as the Number One closed
    source system...

    1. last year, a middle-east government's nuclear program is successfully
    attacked (and mechanically destroyed multiple centrifuges) by a Windows
    virus

    2. a month or so ago, the Linux kernel.org is cracked by unknown
    attackers (intentions not clear, damage unknown)

    3. Windows keylogger discovered in Predator drones control system
    (intentions not clear, damage unknown)

    4. the Linux WineHQ is cracked...(intentions not clear, damage unknown)

    conclusion: makes no difference which you choose, they are both
    vulnerable, might as well use Number One.

    in the Profit War, FUD is terrible thing to waste..
    some of the forces involved have a long history of using such..

    --
    DD
    openSUSE®, the "German Automobiles" of operating systems

  7. #7
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,719
    Blog Entries
    20

    Default Re: Klamav "Virus Found" Question

    Being hacked is nothing to do with Virus'
    Leap 15_KDE
    My Articles Was I any help? If yes: Click the star below

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Klamav "Virus Found" Question

    On 2011-12-29 21:16, crypkema wrote:

    >> 2. a month or so ago, the Linux kernel.org is cracked by unknown
    >> attackers (intentions not clear, damage unknown)


    But not by a virus. Nothing that clamav would detect.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  9. #9
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,586
    Blog Entries
    14

    Default Re: Klamav "Virus Found" Question

    There are virusses for Linux. Developped by Kaspersky, in their labs. The only thing about them is, that they have to be executed by hand by root and stop working after a reboot. Kaspersky used to publish about this approx. once a year. Guess they stopped. This does not mean there's no malware at all for linux, but clamav is not going to help you there.

    I join the advice: the best way for clamav is to uninstall it and not bother about virusses.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •