ClamAV worry (was Pesky Virus)

Fri Jul 23 17:04:35 UTC 2004

I installed ClamAV 0.72 through yum (it was the only one I could find in
rpm form for Fedora Core.)  I went through the steps in the
RPM-clamav.txt file.  The last step says to test clamAv's functionality
by running the command:

/usr/bin/clamdscan -r /usr/share/doc/clamav-0.72

I did so.  It gave me this output:

/usr/share/doc/clamav-0.72/test/test: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test-zip-noext: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test.bz2: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test.msc: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test.zip: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/.RPM-clamav.txt.swp: Unable to open file or directory. ERROR
/usr/share/doc/clamav-0.72: OK

----------- SCAN SUMMARY -----------
Infected files: 5
Time: 1.026 sec (0 m 1 s)

Are these five files really infected?  If so, how do I fix them, I got the yum information for obtaining clamav from  
http://www.clamav.net/binary.html#pagestart

________________________________________________________________________
> From: Alexander Dalloz <alexander.dalloz at uni-bielefeld.de>
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Subject: Re: Pesky virus
> Date: Fri, 23 Jul 2004 17:24:46 +0200
> 
> Am Fr, den 23.07.2004 schrieb Michael Sullivan um 17:14:
> 
> > I've got a small problem.  Last week I received in my
> > non-espersunited.com email account an email from someone I don't know
> > with an .exe file as an attachment.  Naturally I assumed that this was a
> > virus, and wrote back to the email address it was from informing them
> > that they had a virus.  I've received several similar emails on through
> > the week, most were unique but all followed the same format:  One line
> > of text and then the attachment link, usually a .exe or a .zip file.  I
> > haven't opened any of them, but in the past couple of days I've begun
> > seeing them in my espersunited.com email accounts.  I wasn't too worried
> > about it until this morning, when I received a message from another SMTP
> > server saying that my mail was undeliverable to some person's email
> > account.  I looked at the message sent and it was indeed from me, but
> > the message body held the same one line and thesame EXE/ZIP file
> > attachment as the ones I'd received from multiple sources.  I use
> > evolution as my email client.  Could I be infected with this virus?  I
> > didn't think Linux was susceptible to virii - only hostile shell
> > scripts.  Is there a way I can test if I am infected, and if I am, is
> > there a way to find the virus so that I can destroy it?
> 
> Such mail like you described are at 99.99% virus/worm mails - targeting
> Windows[tm] systems (we all know the usual suspects always running with
> administrator account permissions and the and other aspects of the
> system layout making life easy for worm authors).
> 
> To test your system against virus you can use the free anti-virus
> scanner ClamAV (actually version 0.75 is out). Though I doubt you are
> infected with a worms/virus. If you check the suspicious mails (the
> attachments) you got you will quite certainly find out that they are for
> Windows[tm] systems. Maybe it is one of the new virus shortly coming
> out. It is often enough if one of your friends, using your 'private'
> non-espersunited.com email address is infected and has you in his
> address book.
> 
> Alexander
>  
> 
> -- 
> Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
> Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
> Serendipity 17:18:46 up 1 day, 2:06, load average: 0.04, 0.18, 0.27 
> 
> ______________________________________________________________________