I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
View 8 Repliesdoes it effective using ClamAV as Privoxy antivirus? I have actually configure it but it does not seem to come into any effect.Why?I test it with Eicar(test virus) online and it does not even prompt there is a problem unless i have scanned.Beside that,i have installed ClamAV daemon along with it. [URL]
[Code]....
Issue :How come the Clam Antivirus does not prompt there is a virus when i opened the file or problem link?Does it work difference as Window OS antivirus which prompt when there is a virus detected?
I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
View 3 Replies View RelatedI'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.
View 14 Replies View RelatedFor a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.
View 4 Replies View RelatedI have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies View RelatedIn my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
View 4 Replies View RelatedI am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).
View 4 Replies View RelatedI have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
View 1 Replies View RelatedIs there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies View Relatedif i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?
View 9 Replies View RelatedMy Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing),
- Kaspersky Rescue CD 10 (removed infections, now detects nothing),
- Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot.
2) Copy over files from Windows XP partition using Xubuntu.
3) Back up files to an external drive using Xubuntu.
4) Reinstall XP Pro and format hard drive.
5) Reinstall Xubuntu with dual boot.
6) Use Xubuntu for daily use.
7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
I got some documents scanned today and had them put in a USB drive. The shopkeeper informed me that it has a virus, yet he transferred the files onto the USB drive. When I put it into my computer ten minutes later, the drive was not getting mounted. I read up and tried installing usbmount. After installing that, I managed to mount the drive. However, the drive was read-only on Ubuntu. On Windows, I found a virus and tried unsuccessfully to delete it (read-only). I tried again on Ubuntu, but didn't manage to delete the infected file (ReCyCleR/sEtuP.exe). I have now backed up all the files on the disk (except, obviously, the ReCyCleR directory). When I try to format the drive using gParted, I get:
[Code]....
Recently, I've been contacted through AIM by a showgirl who wants me to watch her webcam. I found it very unusual that I was contacted about this, especially through AIM. Now, I don't actively give out my AIM screen name. The only place I am aware of it being posted up is on Facebook, and even I have my privacy on Friends so no one outside my network could see it... and even then my birthday on Facebook is underaged for this scandalous activity.
So I don't believe my screen name was gathered from Facebook in its use in this.Is it possible that I am infected some data mining spyware? How does Ubuntu deal with tracking cookies? I also consider that my screen name was mined from someone else's AIM account by which I was then contacted.
So since i have installed linux, I have been ready about how virus are not nearly as likely to infect linux system as windows, i am running a dual-boot though and import my profile and have a lot of my files from windows system on linux, can they potentially be infected in the windows sense?
View 2 Replies View RelatedI ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
Code:
----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2
[Code]....
ClamAV tells me that three of my OpenOffice.org Calc spreadsheets may be infected (status "MBL_144360.UNOFFICIAL", if that means anything). This seems not entirely implausible, since yesterday I used a USB stick to transfer files from a Windows system. Anyway, I'd really like to keep these spreadsheets. Can I disinfect them somehow?
View 2 Replies View RelatedI have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.
View 3 Replies View RelatedKWord won't save as .doc format on Slackware 13.0 so I got the SlackBuild for OpenOffice and changed my .odt resume to .doc. But now yahoo won't attach it, it says it has a virus. Wtf? (I don't really think it has a virus.)
View 5 Replies View RelatedI installed CLAM AV and also the GUI (CLAMTK).
1). What is the console command to scan all of Fedora, not just a specific directory, but the entire computer?
2). Even tho I have consulted the CLAM AV site on how to update to the latest virus signature database, I don't either understand what they are telling me to do, or I am not "getting" how to do it.
I downloaded a mail archive (text file, almost 150000 lines).When it was scanned by clamscan,
Code:
>cat suspicious_File | clamscan -
stdin: Worm.Bagle.AT FOUND
Worm.Bagle.AT shows up.Web search says that Worm.Bagle comes as mail attachment.So, I tried to identify where worm is.
Step 1. spilt into small files.
Code:
split -l 10000 suspicious_file
Step 2. which part worm resides.
Code:
clamscan xa*
xaa:OK
[code]....
T thought that worm was cut by split command, so I used different size fraction, then result is same.
I have snipped part of my log i captured on the my honey pot need recommendation on what is going o? The infected computers is located at address ${ADDRESS}. A quick check of my low interaction Honeypot (based on nepenthes) gives the following data: i know its a worm but what is going on thanks in advance
linux-sqos:/opt/nepenthes/var/log # cat nepenthes.log
<snip>
[18032007 02:26:03 info module] 76 4
[18032007 02:26:03 info module] SMB Session Request 76
H CKFDENECFDEFFCFGEFFCCACACACACACA
code....
I can't upgrade from debian. What should I had in APT line? How do you upgrade the engine of clam-av.
View 9 Replies View RelatedI just really want to know if there is a way to install clam av through the terminal. I have tried manually installing it, but it doesn't really work. I just want Clam av to just keep my pc working at its best. I have been using windows for so long that I feel like just having an antivirus on my computer.
View 9 Replies View RelatedIs there a way to make Clam update the signatures automatically? I cannot see an option in Clam TK.
View 1 Replies View RelatedCan anyone tell me what names the tomboy notes application gives to its notebooks and notes? Not the file format (xml) I found that on the web, but the filenames and directory where it stores things.
View 2 Replies View RelatedI would like to be able to store all my important details and passwords in such a way that it is encrypted, easy to get the information out and is cross-platform. Basically, I am thinking that if I kick the bucket that I would like to make it as easy as possible for others to be able to access this information using a pre-arranged password.
Ideally I would like the files to contain the program that is needed to extract the data i.e. importantinfoLinux.sh inportantinfoWin.exe (Just like a self-containing zip). I haven't found anything along those lines.
The things I am currently thinking of is:
1) A password database program that is cross-platform like KeePass. WIth the bundle contining the relevant installers for win, linux and OS X and the database file.
2) An AES encrypted zip of the data with relevant programs to open it e.g. 7-zip on windows, peazip on linux and OS X
Has anyone got any thoughts on this? Any self-containing java encryption apps?
I'm getting a "Server Error Something has gone wrong (500)" when i try to access the notes page for several days now. When will it be OK?
Bug report:[URL]
Just now:
Something has gone wrong (500) This is a robot
We've recorded this problem and it will get investigated with the logs. If this problem is urgent, please file a bug report and include this number: OOPS-ID-1534appserver79128
A few days ago I installed F12 and it was working fine very well up until today when I booted my computer from a perfect working order state yesterday to this. Well my wireless was still being sniffed and slowed down to dial up speed but what's new thats been consistant for at least 3 months I can't really do much about it since my brother doesn't like changing the password.
I recently logged onto my new fedora 12, 64-bit, system encrypted (all partitions effected by install), selinux enforced install to find myself in tty4 and some "other" users logged on to the other terminals. My folders would have lock icons on them after opening, my notication menu/toolbar crashed and hasn't returned on system reboot, some data transfers between removable storage returned input output errors while others worked fine(?). I also recieved this kernel bug output from the bug reporting tool but I have no idea what it means.
Also I was not loose with the security either I had removed unconfined login types (After setting up the system as I needed) meaning I couldn't even run root or sudo and neither could anyone else (asfar as I was aware). I pretty much increased selinux to its maximum boolean strictness and limited the _default_(Me included) account to a user from a _default_ unconfined (to actually be able to log in with the selinux boolean in place). Meaning they "the exploiters" were able to bypass selinux as a user account? How is that possible and even if you do root logon is disabled by selinux too?
At the moment I'm on a live cd trying to look for a way to custimise them as it seems it may be my only option.
Just a side note you can't just log in to tty4 by default without actively taking up spaces either by other users or your own use. Meaning since the tty login is automated 3 terminals were in use tty1, tty2 and tty3.
Which commands should I run to find out what is being done?
Edit: Just had my F12 x64 live cd taken down twice and had to hard reset as the toolbar disappeared. Took a photo of the last error message. I was just reading a pdf and using firefox at the time.
Is fedora usually this easy to hack?