clamav says my kernel is broken?

I haven’t worried for the last 20 years about virus issues w/ SuSE (now opensuse).
But I had the thought recently that as the popularity rises, perhaps I should be wary.

So I setup ClamAV 0.96.5 running the gui KlamAV 0.46 and ran a scan on my system just to see what comes back. This on opensuse 11.1 -32bit / 3.5.10 “release 21.13.1”

it flagged
/boot/vmlinux-2.6.27.56-0.1-default.gzj
Name of Problem: Heuristics.Broken.Executable
Status: Loose

What gives? Am I really infected w/ something?

What flavor kernel you running.

SomeSuSEUser wrote:
> I haven’t worried for the last 20 years about virus issues w/ SuSE (now
> opensuse).

must have been using SuSE before Linus released the first Linux!

> What gives? Am I really infected w/ something?

anyone who has run SuSE/openSUSE for 20 years surely knows that the
machine may have been cracked, but it is certainly not “infected” with
a virus…

also, a person with so much experience probably would know that google
will tell you what is going on, read here:
http://www.zinf.org/qna/What_does_heuristics_broken_executable_mean-qna266728.html

so, in your case just search on:

“Heuristics.Broken.Executable” “vmlinux-2.6.27.56-0.1-default.gzj”

but, since that file name does not exist on any Linux system you have
to make up something else to search on…


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]
Programming: a race between software engineers building bigger/better
idiot-proof programs, and the universe building bigger/better idiots.
So far, the universe is winning. Rick Cook

Nicely done DenverD
But I’m afraid you give me far too much credit for “experience”. lol
What I can do is follow instructions well. Usually.
Example, many months ago, PV and swerdna on this site were able to supply some links and patiently explain what else I needed to do so that I even managed to get this computer networked to a Windows box in the other room and can print files from here to the printer in there. Excellent!
I had no real understanding for most of it, but I get along pretty well with “Read and Do” and all works superbly more often than not.

As for the 20yrs, I didn’t mean to exaggerate really, I’m just old and time all runs together in my head anymore. 20 years doesn’t seem so long ago to me. But I’ve been using Linux since SuSE vers. 8 however many years ago that was. I feel like I’ve learned a lot in those years but would never tell anyone that I’m any sort of an expert.

I’m not sure what it means, cracked vs. infected. Could you clarify that?

I did check out the link however and it explained enough for me to believe there is likely no problem here. I somehow put a extra character on the end of the string I typed.
Should be /boot/vmlinux-2.6.27.56-0.1-default.gz but I will indeed google as suggested to try to put some more light on the topic.

Good tidings and thanks very much for your assist.

uname -a

post result

I don’t think ‘clam’ can even tell you about broken kernels and if it was broken, how did you boot the machine?

On 2011-01-03 18:06, SomeSuSEUser wrote:

> So I setup ClamAV 0.96.5 running the gui KlamAV 0.46 and ran a scan on
> my system just to see what comes back. This on opensuse 11.1 -32bit /
> 3.5.10 “release 21.13.1”

You should think of upgrading, 11.1 stops maintenance this week, I think.

>
> it flagged
> /boot/vmlinux-2.6.27.56-0.1-default.gzj
> Name of Problem: Heuristics.Broken.Executable
> Status: Loose
>
> What gives? Am I really infected w/ something?

I very much doubt it :slight_smile:

Unless you work as root, a virus would have no means to infect a system
file. And one capable of infecting the linux kernel would be famous, M$
would see to it >:-)


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

SomeSuSEUser wrote:
> I’ve been using Linux since SuSE vers. 8 however many years ago
> that was. I feel like I’ve learned a lot in those years but would
> never tell anyone that I’m any sort of an expert.

i know enough about Linux to know that i am absolutely NOT an expert…
SuSE 8.0 came out in April 2002
<http://en.wikipedia.org/wiki/SUSE_Linux_distributions> i was using
Red Hat 7.x at that time…and, came to openSUSE later, around 9.2 or
so…

> I’m not sure what it means, cracked vs. infected. Could you
> clarify that?

several things:

  • there are no known Linux viruses in the wild today…so, you
    couldn’t be infected (as you had asked)…

  • clamAV searches for Window’s viruses only (remember: there are none
    for Linux) so whatever it reports (today) is not going to “infect”
    your Linux system…

  • root kits and other bad things can be placed into a “cracked” system
    (cracked open and ready for plucking)…ClamAV is totally useless in
    either guarding against or recovering from such evil things…

enough?


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]
Programming: a race between software engineers building bigger/better
idiot-proof programs, and the universe building bigger/better idiots.
So far, the universe is winning. Rick Cook