Ubuntu Security :: Understanding ClamTK Scan Results

Apr 10, 2010

I've installed ClamTK on my Kubuntu 9.10 installation, since it's connected to a Windows7 machine.When I ran a scan, it found 9 'viruses', but they are all within my home directory > Opera/mail/store and are either status Phishing.Heuristics.Email.SpoofedDomain OR HTML.Phishing.Bank-593.I recently synced my Hotmail into Opera, so I checked the corresponding dates in my Hotmail account and deleted the emails which I thought were related, however, after clearing down my Opera history, etc., re-booting my PC and re-scanning, the results are the same.How do I clear down these files?

View 1 Replies


ADVERTISEMENT

Ubuntu Security :: Use Clamtk To Scan Flash Disk?

May 18, 2011

I use clamtk to scan flash disk. It says the engine is out of date. What do I do to update it?

View 1 Replies View Related

Ubuntu Security :: Clamav Scan Results And Out Of Date?

May 29, 2011

I am a newbie in ubuntu. I did clamscan on my ubuntu /, and I got the result message as follow. it shows "486 errors" I am wondering if the result is OK or I need to do some action on it.

Known viruses: 968595
Engine version: 0.96.5
Scanned directories: 28067
Scanned files: 131696
Infected files: 0
Total errors: 486
Data scanned: 9020.40 MB
Data read: 17800.31 MB (ratio 0.51:1)
Time: 1349.479 sec (22 m 29 s)"

Also, my engine is 0.96.5. The latest version is 0.97. But "aptitude upgrade" can not upgrade the engine to 0.97. I understand 0.97 is still on testing. I am wondering if I can just stay with 0.96.5 and wait for the 0.97 passing all tests. if so, does it cause any security issue?

View 5 Replies View Related

Ubuntu :: Conflicting Port Scan Results

Apr 18, 2010

I just ran the port scanner from the Network Tools utility a few times within a few minutes (see screenshots). How can there be different ports open each time? I know that port 631 is for CUPS, but what about the other ones? Could someone help me understand what is going on, or at least point me in the direction of some good information?

View 8 Replies View Related

Ubuntu Security :: Clamtk GUI Front End For ClamAV?

Sep 15, 2010

Does anyone know how to update Clamtk from 4.25 to 4.29 through Software Sources?

View 1 Replies View Related

Security :: Understanding TCPdump And SSH Security

Jul 10, 2010

I have ssh open to one of my servers on a non-standard port. I have never seen anything to make me believe someone has cracked or even has tried to crack into the machine in the past. However, I was troubleshooting another issues I had and notice entries like this in my tcpdump output:

13:09:22.341390 IP 192.168.1.2.51413 > 190-82-164-231.adsl.tie.cl.10399: UDP, length 67
13:09:22.341427 IP 192.168.1.2.51413 > 95.58.5.15.22439: UDP, length 67
13:09:22.341464 IP 192.168.1.2.51413 > ool-4350a8e7.dyn.optonline.net.56836: UDP, length 67
13:09:22.341499 IP 192.168.1.2.51413 > 80.237.121.2.63878: UDP, length 67
13:09:22.396750 IP ool-4350a8e7.dyn.optonline.net.56836 > 192.168.1.2.51413: UDP, length 58
13:09:22.698354 IP 95.58.5.15.22439 > 192.168.1.2.51413: UDP, length 58

Obviously some of these are IP addresses of people on ISPs. Are these people just scanning ports? I do not see any invalid users in my secure log so I am not too concerned right now. But I am getting a ton of these (above entries) in my tcpdumps, so it is a little scary to think that there is this many people trying to scan my ports and possible attacking me. I am just trying to learn more about security and tcp packets.

View 2 Replies View Related

Ubuntu Security :: Understanding Unix Style Permissions

Jul 20, 2010

On Windows, you can go to a file's permissions and it's clearly stated who can do what. You can choose between individual users or groups such as 'everyone' or certain types of users such as 'domain users'. You could create a clear cut list of every single user/group on the system and what their permissions for a file are and have it neatly displayed in a list.On Unix, we have octal permissions and sticky bits. I understand the whole concept of rwxrwxrwx (777). The first three are what the file owner can do, the second is what the main group the user belongs to can do, and the third is what other users can do.

But, when you view a file's permissions you are only getting the permissions as they apply to the user that owns the file. For example, as I understand it, if I viewed a file that only the root user had rwx permissions on and everyone else could only read. The permissions would show up as rwxr--r-- (744). But, those same permissions would show up to any user as 744 as well. Since the last 3 characters are what applies to "other users" (pretty vague). How would someone know what users in particular those permissions apply to? There could be one "other user" that can rwx that file and another "other user" that can't.Also, why just stop with the main group? What about other groups? A the user Foo's main group he belongs to might be Foo. But he could also belong to the groups Boo and Zoo, which belong to other users and would give him full rwx permissions over Boo and Zoo's files just as if he were Boo or Zoo.

Then you have the whole sticky bit thing that makes it so that files can be owned by the same person and at the same time be made use of (to varying degrees) by other users. To chmod the UID you'd chmod 2777 or for GID 4777 (just an an example). I did this for a file and it allowed a standard user account who was previously unable to run the command to be able to run it. But, how can that work when I didn't anywhere specify what particular user (or groups of users) that sticky bit applies to?

I'm confused about this whole thing to the point that I'm not even sure exactly what questions I should be asking or even if my examples are even 100% correct. I just sort of ranted about some specific things that floated to the top of my head. Permissions are easy to understand when your running a Unix-like system on a single user desktop. Because the only users/groups you have are root, the single user, and various system users/groups that you don't really need to worry about. So a file with rwxr--r-- means that only the Root user (not even members of his group) can edit the file and you can't unless you use sudo. Because the "other user" in the last 3 characters always just means you. But, things seem to get a whole lot more complicated when you start adding in multiple users. Can someone explain this or link to a "for dummies" article that can explain all of this to me in a way that someone who's used to Windows style permissions can make a connection between the two OS families and their way of handling these things?

View 9 Replies View Related

Ubuntu Security :: Way To Scan For Rootkits ?

Jul 24, 2011

I've read that there are a lot of rootkits that exist for linux. MS Windows has tools where you can boot a "portable" scanner from a CD and scan your whole Windows installation for rootkits. This way you can even scan boot sectors because you are never actually starting your installed Windows.

Is there anything available like this for Ubuntu? Is there a scanner I can run off the LIVE CD for example to scan my ubuntu installation for rootkits?

View 7 Replies View Related

Ubuntu Security :: Virus Found During Scan?

Jul 4, 2010

I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .

Name of File
/usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4
Name of Problem
Heuristics.Broken.Executable
Status
Loose

Does anyone know if this is a problem.

View 6 Replies View Related

Ubuntu Security :: Scan 'only' USB Stick For Virus In 10.10

Dec 7, 2010

I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.

View 2 Replies View Related

Security :: Question - GPG On Two Different Machines (different Results)?

Apr 23, 2010

I'm using gpg to encrypt and sign a file on a linux machine.using the same keys the file is encrypted and signed on a windows machine and the file sizes are different.

I then encrypted and signed on another windows machine and again the file sizes are different. Does GPG use some random stuff from the machine during encryption?

View 1 Replies View Related

Ubuntu Security :: 10.04 - Scan Windows Partition For Virus?

May 12, 2010

I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?

View 3 Replies View Related

Ubuntu Security :: Odd Port Scanning Results - 646 - Dropping Packets

Jun 6, 2010

I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.

View 5 Replies View Related

Ubuntu Security :: Automatically Run Virus Scan When Insert USB Pen Drive

Jan 2, 2010

I use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?

View 2 Replies View Related

Ubuntu Security :: Virus Scan Of Files To Send Onto Windows

Jan 31, 2010

I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!

View 5 Replies View Related

Ubuntu Security :: Free Outside Vulnerability Scan That Works With Server

Feb 11, 2010

Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.

View 5 Replies View Related

Ubuntu Security :: Innocent Website Tries To 'scan' Computer / Should I Get Protection?

May 6, 2010

So I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.

Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.

View 6 Replies View Related

Ubuntu Security :: Scan Windows Computer From Laptop Via Network?

Aug 30, 2010

How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?

View 5 Replies View Related

Ubuntu Security :: Exclude Folders From ClamAV Scheduled Scan?

Feb 22, 2011

I have network shares automounted in /media and I want to exclude them from my automatic scheduled ClamAV scan in Maverick. How do I do this? I can't find any CRON link or script that actually starts the scan. Is it the Daemon that does this?

View 1 Replies View Related

Ubuntu Security :: Ran A Chkrootkit Scan And Found - Suspicious Files And Directories ?

Aug 1, 2010

I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo

How do I get rid of this suspicious file?

View 4 Replies View Related

Fedora Security :: CLAM AV - What Is The Console Command To Scan

Nov 12, 2009

I installed CLAM AV and also the GUI (CLAMTK).

1). What is the console command to scan all of Fedora, not just a specific directory, but the entire computer?

2). Even tho I have consulted the CLAM AV site on how to update to the latest virus signature database, I don't either understand what they are telling me to do, or I am not "getting" how to do it.

View 11 Replies View Related

Security :: Credentialed Foundstone Scan Against RHEL5.5 Won't Connect

Oct 27, 2010

Our org uses Foundstone. I gave them a wheel user and verified connectivity with putty from their server to my RH box. Foundstone never makes it in and I don't see anything from faillog, sshd logs, etc.

View 5 Replies View Related

Security :: Any Good Comparison Software To Scan Files?

Apr 23, 2011

I had a hack on my oscommerce website recently. I have put in the relevant security patches but I need to check whether the hacker left any code changes in my files. What is a good file comparison software for linux? I need it to scan though the current files and folders and compare it the original default oscommerce installation so I can check the code.

View 14 Replies View Related

Ubuntu Security :: Virus Scanner To Scan Some Removable Media (USB Drives, Mp3 Players, Etc)?

Jan 19, 2010

I'm looking for a virus scanner to scan some removable media (USB drives, mp3 players, etc). Since there's so many choices to choose from, can anyone recommend any?

I've heard a lot of people recommending clam av, but everything I've read suggests that clam av is better used for scanning e-mail servers and not home desktop application...

View 1 Replies View Related

Fedora Security :: How To Determine What Type Of Files Clamav Can Scan

Dec 7, 2009

How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?

View 2 Replies View Related

Security :: Honeynet Challenge Results: Forensic Analysis Of A Compromised Server

May 7, 2011

I just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.

View 2 Replies View Related

Security :: Interpreting Zenmap Results: Network Distance And Traceroute Hop Values

Apr 18, 2011

I ran two scans in Zenmap: 1) Quick scan plus and 2) Quick Traceroute. Quick scan plus, under the Nmap Output tab, has a field called "Network Distance". The Quick Traceroute report under the same tab lists the HOP and RTT time. I was thinking that for a given server, the value for the Network Distance would be the same as the HOP field when initiating the scans from the same server, but they are not.

View 5 Replies View Related

CentOS 5 :: Install Anti Virus / Security Package On Server Uses Cron Jobs To Do Scan Every 12 Hours

Feb 27, 2011

I have a Cent OS dedicated server, not sure what version though as I'm new to Linux. How do I find out what version I have? Is there an anti virus or security package that I can install on my server which can use Cron Jobs to do a scan every 12 hours.

View 7 Replies View Related

Debian :: Eeepc Wifi - Every Time Scan For Network Using Iwconfig Wlan0 Scan Or Wicd And Computer Completely Freezes

Jan 9, 2011

I installed squeeze on my eeepc 1015ped and downloaded the correct firmware-brcm80211 drivers but every time I scan for my network using iwconfig wlan0 scan or wicd, my computer completely freezes. I previously had a solid install running xmonad, and wicd was working like a charm (using the same broadcom driver) but i tinkered too much with it and decided to do a fresh install. I haven't quite run into a problem like this before.

View 2 Replies View Related

Ubuntu :: ClamTK Won't Update

Sep 3, 2010

i've tried everything including gksu clamtk

but when i go to help > check for updates

it says my virus definitions are up to date and there is a new version of clamtk available but no way to download it.

i also installed it via synaptic package manager and not repositories.

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved