ClamAV worry (was Pesky Virus)

jludwig wralphie at comcast.net
Sun Jul 25 01:58:12 UTC 2004 

On Fri, 2004-07-23 at 13:04, Michael Sullivan wrote:
> I installed ClamAV 0.72 through yum (it was the only one I could find in
> rpm form for Fedora Core.)  I went through the steps in the
> RPM-clamav.txt file.  The last step says to test clamAv's functionality
> by running the command:
> 
> 
> /usr/bin/clamdscan -r /usr/share/doc/clamav-0.72
> 
> I did so.  It gave me this output:
> 
> 
> /usr/share/doc/clamav-0.72/test/test: ClamAV-Test-Signature FOUND
> /usr/share/doc/clamav-0.72/test/test-zip-noext: ClamAV-Test-Signature FOUND
> /usr/share/doc/clamav-0.72/test/test.bz2: ClamAV-Test-Signature FOUND
> /usr/share/doc/clamav-0.72/test/test.msc: ClamAV-Test-Signature FOUND
> /usr/share/doc/clamav-0.72/test/test.zip: ClamAV-Test-Signature FOUND
> /usr/share/doc/clamav-0.72/.RPM-clamav.txt.swp: Unable to open file or directory. ERROR
> /usr/share/doc/clamav-0.72: OK
>                                                                                                  
> ----------- SCAN SUMMARY -----------
> Infected files: 5
> Time: 1.026 sec (0 m 1 s)
> 
> Are these five files really infected?  If so, how do I fix them, I got the yum information for obtaining clamav from  
> http://www.clamav.net/binary.html#pagestart
> 
> 
> 
> ________________________________________________________________________
> > From: Alexander Dalloz <alexander.dalloz at uni-bielefeld.de>
> > To: For users of Fedora Core releases <fedora-list at redhat.com>
> > Subject: Re: Pesky virus
> > Date: Fri, 23 Jul 2004 17:24:46 +0200
> > 
> > Am Fr, den 23.07.2004 schrieb Michael Sullivan um 17:14:
> > 
> > > I've got a small problem.  Last week I received in my
> > > non-espersunited.com email account an email from someone I don't know
> > > with an .exe file as an attachment.  Naturally I assumed that this was a
> > > virus, and wrote back to the email address it was from informing them
> > > that they had a virus.  I've received several similar emails on through
> > > the week, most were unique but all followed the same format:  One line
> > > of text and then the attachment link, usually a .exe or a .zip file.  I
> > > haven't opened any of them, but in the past couple of days I've begun
> > > seeing them in my espersunited.com email accounts.  I wasn't too worried
> > > about it until this morning, when I received a message from another SMTP
> > > server saying that my mail was undeliverable to some person's email
> > > account.  I looked at the message sent and it was indeed from me, but
> > > the message body held the same one line and thesame EXE/ZIP file
> > > attachment as the ones I'd received from multiple sources.  I use
> > > evolution as my email client.  Could I be infected with this virus?  I
> > > didn't think Linux was susceptible to virii - only hostile shell
> > > scripts.  Is there a way I can test if I am infected, and if I am, is
> > > there a way to find the virus so that I can destroy it?
> > 
> > Such mail like you described are at 99.99% virus/worm mails - targeting
> > Windows[tm] systems (we all know the usual suspects always running with
> > administrator account permissions and the and other aspects of the
> > system layout making life easy for worm authors).
> > 
> > To test your system against virus you can use the free anti-virus
> > scanner ClamAV (actually version 0.75 is out). Though I doubt you are
> > infected with a worms/virus. If you check the suspicious mails (the
> > attachments) you got you will quite certainly find out that they are for
> > Windows[tm] systems. Maybe it is one of the new virus shortly coming
> > out. It is often enough if one of your friends, using your 'private'
> > non-espersunited.com email address is infected and has you in his
> > address book.
> > 
> > Alexander
> >  
> > 
> > -- 
> > Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
> > Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
> > Serendipity 17:18:46 up 1 day, 2:06, load average: 0.04, 0.18, 0.27 
> > 
> > ______________________________________________________________________
You are indeed seeing test files you should also see virus signatures in
rpm, gz, or tar files if they are on your system.
-- 
jludwig <wralphie at comcast.net>

More information about the fedora-list mailing list