Ubuntu Security :: Clamav Scan Results And Out Of Date?
May 29, 2011
I am a newbie in ubuntu. I did clamscan on my ubuntu /, and I got the result message as follow. it shows "486 errors" I am wondering if the result is OK or I need to do some action on it.
Known viruses: 968595
Engine version: 0.96.5
Scanned directories: 28067
Scanned files: 131696
Infected files: 0
Total errors: 486
Data scanned: 9020.40 MB
Data read: 17800.31 MB (ratio 0.51:1)
Time: 1349.479 sec (22 m 29 s)"
Also, my engine is 0.96.5. The latest version is 0.97. But "aptitude upgrade" can not upgrade the engine to 0.97. I understand 0.97 is still on testing. I am wondering if I can just stay with 0.96.5 and wait for the 0.97 passing all tests. if so, does it cause any security issue?
I have network shares automounted in /media and I want to exclude them from my automatic scheduled ClamAV scan in Maverick. How do I do this? I can't find any CRON link or script that actually starts the scan. Is it the Daemon that does this?
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
I've installed ClamTK on my Kubuntu 9.10 installation, since it's connected to a Windows7 machine.When I ran a scan, it found 9 'viruses', but they are all within my home directory > Opera/mail/store and are either status Phishing.Heuristics.Email.SpoofedDomain OR HTML.Phishing.Bank-593.I recently synced my Hotmail into Opera, so I checked the corresponding dates in my Hotmail account and deleted the emails which I thought were related, however, after clearing down my Opera history, etc., re-booting my PC and re-scanning, the results are the same.How do I clear down these files?
I just ran the port scanner from the Network Tools utility a few times within a few minutes (see screenshots). How can there be different ports open each time? I know that port 631 is for CUPS, but what about the other ones? Could someone help me understand what is going on, or at least point me in the direction of some good information?
when I attempt to scan anything with clamav from a terminal I get the following error:
ERROR: Can't create temporary directory /var/lib/clamav/clamav-da584cb3f4ee38529f0460ad6f7dc632 Hint: The database directory must be writable for UID 999 or GID 100
Which I take to mean that there are no virus definitions installed. I use the "freshclam" command. Which results in the following error:
ERROR: Can't create temporary directory /var/lib/clamav/clamav-da584cb3f4ee38529f0460ad6f7dc632 Hint: The database directory must be writable for UID 999 or GID 100
so I was wondering how I could do a simple find which would order the results by most recently modified. Here is the current fine I am using. (I am doing a shell escape in php, so that is the reasoning for the variables. find '$dir' -name '$str'* -print | head -10
How could I have this order the search by most recently modified. (Note I do not want it to sort 'after' the search, but rather find the results based on what was most recently modified)
what a horrendous piece of software. Ive been at it 3 days trying to do something that ought to be simple and everytime i solve one problem another problem arises. at first I removed the old clamav 9.5 or something. I got the latest ubuntu release btw, and Clamav used to work when i first installed it in the previous ubuntu release. anyway, it asked me to upgrade, so since synaptic doesnt have the latest, i downloaded from sourceforge. I did the whole ./configure gave me errors like need build-essentials-- which i then did, error: need zlib.dv--- I did that one too. Now two more errors that i need to fix so I can compile it.
I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
I am working on a production system on which it is not advisable to enable on-access scan with use of Dazuko. However, I want to do an automatic scan with clamscan when the flashdrive is mounted. As far as I know, Kudzu is arranging the automount of the flashdrives.
I just downloaded with a terminal the program ClamAV. But where it is located? I don't see it in Application - accessories -etc ? neither in "Places", etc where it is? ps: the place where I found about this was here:[URL]...
My windows partition is infected and I recall that it is supposed to be possible from the linux partition with ClamAV. Now I'm running Fedora12 but this forum is much more active and I suppose that doesn't make a big difference. I tried to find something on google but most procedures seem to involve a Live CD but it would be more convenient for me to just do it from my linux distro running. Is there anything I have to be aware of or is it literally just scanning the windows partition with ClamAV?
ubuntu 10.04lts, want to upgrade my clamav from 096.5 to the 097 scan engine. the ubntu repositories have only the 096.5 release, while the debian repositories have the 097 package. set the repositoriy path in the synaptic package manager, and made sure the checkbox was checked. can't see the clamav package.
I've scanned my computer (I'm using Ubuntu 8.04 Hardy Heron) and ClamAV has issued it has found a virus called Exploit.PDF-9669. What seems strange to me is that such a warning always happens (or, at least, in the most cases) in the same folder tree "sys" and ClamAV issues the very same virus/malware warning (Exploit.PDF-9669).
An example: sys/devices/virtual/vtconsole/vtcon0/uevent: Exploit.PDF-9669 FOUND sys/devices/virtual/net/ppp0/address: Exploit.PDF-9669 FOUND sys/devices/virtual/net/ppp0/broadcast: Exploit.PDF-9669 FOUND sys/devices/LNXSYSTM:00/device:00/uevent: Exploit.PDF-9669 FOUND
My ClamAV version is 0.94.2/10275/Fri Jan 8 22:06:46 2010. It has been not updated since I installed Hardy in my computer last year. Is my computer in danger?
I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
I am semi new to UBUNTU worked a bit with it in the passed on vps and that. but i am currentaly tring to make a module for *Zpanel* i am making an anti virus module and am going to be using clamav. up to now everything has been going smoothly but i have hit massive problem.
I am tring to do this:
Code:
And i get this in return
Code:
Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
The following information may resolve the situation:
The following packages have unmet dependencies.
I dont get any install. and the information i have collect from people say that and install should not be stopped becuase of an depend
So as any one who is semi new would do i then tried installing the depend
Code:
And i get this in return
Code:
E: Package 'phpapi-20060613+lfs' has no installation candidate
So it look like problem after problem
Does any one know why i can not install php5-clamavlib
I have UBUNTU 11.04 desktop (with zpanel installed on it)
*zpanel an open source web hosting panel for windows and NOW LINUX (zpanel has just been release on UBUNTU ONLY ).
I'm noodling around with Ubuntu 10.4.1, latest updates and kernel (2.6.32.24?).Anyway, I run ClamAv as root and it goes fine through almost all of my system (huge amount of it), including several virtual devices, where it hangs on pan0, which has some association with my network (eth0 would be for wired connection, and wlan0 for wireless, and pan0 is listed also, but I'm not at that machine right now, so I can't tell why it shows up. wlan0 is what I use to connect to the internet).Is there an issue for clamAV with virtual devices? Any workaround? I had to terminate the scan after it stayed hung for over 5 minutes on pan0.
I've read that there are a lot of rootkits that exist for linux. MS Windows has tools where you can boot a "portable" scanner from a CD and scan your whole Windows installation for rootkits. This way you can even scan boot sectors because you are never actually starting your installed Windows.
Is there anything available like this for Ubuntu? Is there a scanner I can run off the LIVE CD for example to scan my ubuntu installation for rootkits?
I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .
Name of File /usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4 Name of Problem Heuristics.Broken.Executable Status Loose
I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.
I'm using gpg to encrypt and sign a file on a linux machine.using the same keys the file is encrypted and signed on a windows machine and the file sizes are different.
I then encrypted and signed on another windows machine and again the file sizes are different. Does GPG use some random stuff from the machine during encryption?
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.
