Klamav "Virus Found" Question

Based on some other threads saying that while viruses weren’t a problem in Linux, but there have been some efforts to cause problems, I downloaded klamav and clamav this morning. I told Klamav to scan the drive and it came up with the following.


I have a hard time believing those “viruses” are for real. Klamav wanted to quarantine them, but I told it to do nothing till I can hear from you. I have a great working openSUSE 12.1 KDE system. I’d like to keep it that way. (If this was a Windows system I was scanning, I’d believe the worst and not question the finds.) BTW, Thunderbird was running at the time, so that could be the cause of the two Thunderbird “viruses”.

Here are the scanning options I’m using. They are the defaults. Are these set the way you’d recommend? If not, what changes would you make?


Thanks for your help on this.


They are not Virus’

I wouldn’t bother using it. You’ll worry yourself to distraction.

On 12/28/2011 09:56 PM, crypkema wrote:
> what changes would you make?

use YaST > Software Management to uninstal klamav…

it is 100% waste of time–unless you feel it your duty to help your
fellow man protect their Windows machine…

if you want to help them do that, then advise them to not boot it, ever.

i have used Linus off and on from 1998, and exclusively from about
2002…and, i have not had a virus since i left Windows, in 1995.

i do not have any AV on this machine, or the one before, or before, or
before, etc etc all the way back to 1995.

openSUSE®, the “German Engineered Automobiles” of operating systems!

On 2011-12-28 21:56, crypkema wrote:
> Here are the scanning options I’m using. They are the defaults. Are
> these set the way you’d recommend? If not, what changes would you
> make?

I don’t know the definition of “broken executable”. And the “treat
encrypted files as suspicious” is also “suspicious” itself.

With those options active it also complains on my /boot.

Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

You said you have read threads about this “viruses on Linux” subject. But either these were lousy threads or you did not understand them.

There are no known viruses for Linnux. Thus how can any anti-virus software claim to be able to find their footprints? Anti-virus software compares file content with known patterns of viruses. That is why these anti-virus software has databases with those patterns/footpints that are to be updated daily. When nobody knows about any Linux virus, there can be no such patterns in that database. Thus searching in your Linux systemfiles (and user files that never are touched by Windows) is fruitless.

Only thing you can do is search files that come and go to Windows systems (like when you have a mail server). Not to protect your Linux system (because Windows viruses are incompatible with Linux), but to protect your fellow Window users.

Hope this helps in your understanding.

I stumbled upon this thread titled “wine HQ Hacked”](http://forums.opensuse.org/english/other-forums/news-announcements/tech-news/466332-wine-hq-hacked.html) yesterday before installing Klamav and later starting this thread because of what it found. Number 1 below didn’t bother me at all. I don’t have any nuclear reactors in my home. Number 2 and 3 though did catch my attention. I probably just did not understand. :wink:


Being hacked is nothing to do with Virus’

On 2011-12-29 21:16, crypkema wrote:

>> 2. a month or so ago, the Linux kernel.org is cracked by unknown
>> attackers (intentions not clear, damage unknown)

But not by a virus. Nothing that clamav would detect.

Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

There are virusses for Linux. Developped by Kaspersky, in their labs. The only thing about them is, that they have to be executed by hand by root and stop working after a reboot. Kaspersky used to publish about this approx. once a year. Guess they stopped. This does not mean there’s no malware at all for linux, but clamav is not going to help you there.

I join the advice: the best way for clamav is to uninstall it and not bother about virusses.