ClamAV worry (was Pesky Virus)
Michael Sullivan
michael at espersunited.com
Fri Jul 23 17:04:35 UTC 2004
I installed ClamAV 0.72 through yum (it was the only one I could find in
rpm form for Fedora Core.) I went through the steps in the
RPM-clamav.txt file. The last step says to test clamAv's functionality
by running the command:
/usr/bin/clamdscan -r /usr/share/doc/clamav-0.72
I did so. It gave me this output:
/usr/share/doc/clamav-0.72/test/test: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test-zip-noext: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test.bz2: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test.msc: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/test/test.zip: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.72/.RPM-clamav.txt.swp: Unable to open file or directory. ERROR
/usr/share/doc/clamav-0.72: OK
----------- SCAN SUMMARY -----------
Infected files: 5
Time: 1.026 sec (0 m 1 s)
Are these five files really infected? If so, how do I fix them, I got the yum information for obtaining clamav from
http://www.clamav.net/binary.html#pagestart
________________________________________________________________________
> From: Alexander Dalloz <alexander.dalloz at uni-bielefeld.de>
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Subject: Re: Pesky virus
> Date: Fri, 23 Jul 2004 17:24:46 +0200
>
> Am Fr, den 23.07.2004 schrieb Michael Sullivan um 17:14:
>
> > I've got a small problem. Last week I received in my
> > non-espersunited.com email account an email from someone I don't know
> > with an .exe file as an attachment. Naturally I assumed that this was a
> > virus, and wrote back to the email address it was from informing them
> > that they had a virus. I've received several similar emails on through
> > the week, most were unique but all followed the same format: One line
> > of text and then the attachment link, usually a .exe or a .zip file. I
> > haven't opened any of them, but in the past couple of days I've begun
> > seeing them in my espersunited.com email accounts. I wasn't too worried
> > about it until this morning, when I received a message from another SMTP
> > server saying that my mail was undeliverable to some person's email
> > account. I looked at the message sent and it was indeed from me, but
> > the message body held the same one line and thesame EXE/ZIP file
> > attachment as the ones I'd received from multiple sources. I use
> > evolution as my email client. Could I be infected with this virus? I
> > didn't think Linux was susceptible to virii - only hostile shell
> > scripts. Is there a way I can test if I am infected, and if I am, is
> > there a way to find the virus so that I can destroy it?
>
> Such mail like you described are at 99.99% virus/worm mails - targeting
> Windows[tm] systems (we all know the usual suspects always running with
> administrator account permissions and the and other aspects of the
> system layout making life easy for worm authors).
>
> To test your system against virus you can use the free anti-virus
> scanner ClamAV (actually version 0.75 is out). Though I doubt you are
> infected with a worms/virus. If you check the suspicious mails (the
> attachments) you got you will quite certainly find out that they are for
> Windows[tm] systems. Maybe it is one of the new virus shortly coming
> out. It is often enough if one of your friends, using your 'private'
> non-espersunited.com email address is infected and has you in his
> address book.
>
> Alexander
>
>
> --
> Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
> Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp
> Serendipity 17:18:46 up 1 day, 2:06, load average: 0.04, 0.18, 0.27
>
> ______________________________________________________________________
More information about the users
mailing list