I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
View 1 RepliesI recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
View 3 Replies View Relatedif i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?
View 9 Replies View Relateddoes it effective using ClamAV as Privoxy antivirus? I have actually configure it but it does not seem to come into any effect.Why?I test it with Eicar(test virus) online and it does not even prompt there is a problem unless i have scanned.Beside that,i have installed ClamAV daemon along with it. [URL]
[Code]....
Issue :How come the Clam Antivirus does not prompt there is a virus when i opened the file or problem link?Does it work difference as Window OS antivirus which prompt when there is a virus detected?
ClamAV tells me that three of my OpenOffice.org Calc spreadsheets may be infected (status "MBL_144360.UNOFFICIAL", if that means anything). This seems not entirely implausible, since yesterday I used a USB stick to transfer files from a Windows system. Anyway, I'd really like to keep these spreadsheets. Can I disinfect them somehow?
View 2 Replies View RelatedMy Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing),
- Kaspersky Rescue CD 10 (removed infections, now detects nothing),
- Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot.
2) Copy over files from Windows XP partition using Xubuntu.
3) Back up files to an external drive using Xubuntu.
4) Reinstall XP Pro and format hard drive.
5) Reinstall Xubuntu with dual boot.
6) Use Xubuntu for daily use.
7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
View 8 Replies View RelatedKWord won't save as .doc format on Slackware 13.0 so I got the SlackBuild for OpenOffice and changed my .odt resume to .doc. But now yahoo won't attach it, it says it has a virus. Wtf? (I don't really think it has a virus.)
View 5 Replies View RelatedI have been trying to update the gui version 4.10 and the antivirus engine 0.95.1 but to no avail.
View 9 Replies View RelatedI have installed clamav antivirus,and while scanning it shows the following warning
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
And so i have tried to update the virus database as root,using this command
# freshclam
bash: freshclam: command not found
but i cant,can you pls say me how to update the virus database...
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
View 5 Replies View RelatedI was curious if anyone has attempted or successfully converted a kaspersky virus signature file to clamav signature? During a trial period using kaspersky anti virus for our web server I successfully petitioned them to write signatures for some nasty php web-shell hacks, and now that the trial period has expired I don't have the ability to scan for the files anymore (I know I am cheap!). The first hurdle would be finding the correct file, as their signatures are all done in hexadecimal format, and my knowledge for searching through that type of file is very limited.
View 7 Replies View RelatedHow to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
View 2 Replies View RelatedI'm having a little trouble with ClamAV. Everytime someone sends me an email I get this error in my Webmin Mail Log. Now the mail works and it goes to the quarantine or to the user mail box but this error fills up my mail log and I'm assuming it is not using ClamAV virus definitions to scan the mail? How would I get rid of this error?
I checked in my /etc/clamd.conf and I have AllowSupplementaryGroups yes. What can be causing this error?
I am using ClamAV 0.96.1
Spamassassin 3.3.12
PostFix 2.3.3
CentOS 5.5
Jun 21 09:57:53 localhost amavis[10714]: (10714-03) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/amavisd/tmp/amavis-20100621T090618-10714/parts:
lstat() failed: Permission denied. ERROR
Jun 21 09:57:53 localhost amavis[10714]: (10714-03) WARN: all primary virus scanners failed, considering backups
Jun 21 09:58:01 localhost amavis[10714]: (10714-03) SPAM, <lovelovedsert12@yahoo.com> -> <acruel@email.com>, Yes, hits=20.638 tag=6 tag2=7 kill=7
tests=DKIM_ADSP_CUSTOM_MED=0.001, DRUGS_ERECTILE=2.221, FORGED_YAHOO_RCVD=1.022, FREEMAIL_ENVFROM_END_DIGIT=2.223, FREEMAIL_FROM=0.001,
FREEMAIL_REPLYTO=2.775, FREEMAIL_REPLYTO_END_DIGIT=0.98, FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=0.001, INVALID_DATE=0.432, MISSING_MID=0.14,
NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_BSRN=2.5, RCVD_IN_RELAYS_ORDB=3, RDNS_NONE=1.274, TVD_RCVD_SINGLE=1.213,
T_TO_NO_BRKTS_FREEMAIL=0.01, quarantine spam-9665 (maia-spam-quarantine)
Jun 21 09:58:01 localhost amavis[10714]: (10714-03) Blocked SPAM, [212.96.9.34] [212.96.9.34] <lovelovedsert12@yahoo.com> -> <acruel@email.com>, Hits: 20.638, 8508ms
when I attempt to scan anything with clamav from a terminal I get the following error:
ERROR: Can't create temporary directory /var/lib/clamav/clamav-da584cb3f4ee38529f0460ad6f7dc632
Hint: The database directory must be writable for UID 999 or GID 100
Which I take to mean that there are no virus definitions installed. I use the "freshclam" command. Which results in the following error:
ERROR: Can't create temporary directory /var/lib/clamav/clamav-da584cb3f4ee38529f0460ad6f7dc632
Hint: The database directory must be writable for UID 999 or GID 100
I have a dual boot computer. The WindowsXP "side" has been infected with a rootkit virus. So far UBUNTU has not been affected to my knowledge. I have not yet removed the virus from the WindowsXP "side". I am thinking of deleting the NTFS partition and have the computer fully dedicated to UBUNTU. Now for my question. Is there a possibility that the virus resides in the MBR and that I need to "rebuild" the MBR to actually remove the virus?
Even more extreme, should I totally re-install UBUNTU in the name of safety and precaution.
For a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.
View 4 Replies View Relatedif there is any free software there used to protect Fedora from spyware and virus?
View 8 Replies View RelatedI'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.
View 14 Replies View RelatedI have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies View RelatedIn my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
View 4 Replies View RelatedI am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).
View 4 Replies View RelatedIs there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies View RelatedI ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
Code:
----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2
[Code]....
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
I have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.
View 3 Replies View RelatedDoes anyone know how to update Clamtk from 4.25 to 4.29 through Software Sources?
View 1 Replies View Relatedwhat a horrendous piece of software. Ive been at it 3 days trying to do something that ought to be simple and everytime i solve one problem another problem arises. at first I removed the old clamav 9.5 or something. I got the latest ubuntu release btw, and Clamav used to work when i first installed it in the previous ubuntu release. anyway, it asked me to upgrade, so since synaptic doesnt have the latest, i downloaded from sourceforge. I did the whole ./configure gave me errors like need build-essentials-- which i then did, error: need zlib.dv--- I did that one too. Now two more errors that i need to fix so I can compile it.
View 1 Replies View RelatedI checked on clamav web site but no way to install it yet on Maverick.
View 4 Replies View Related