How to clean virus-infected files ?
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Mon Jun 28 17:27:36 UTC 2004
On Mon, 2004-06-28 at 06:56, Scot L. Harris wrote:
> On Mon, 2004-06-28 at 07:16, Alberto M R Davila wrote:
> > Thanks Charles,
> >
> > But... I have also viruses in my evolution mbox files:
> >
> > > //home/mine/evolution/local/KBD/mbox: Exploit.IFrame.Gen FOUND
> > > //home/mine/evolution/local/2002/mbox: Exploit.IFrame.Gen FOUND
>
> This is one problem with the mbox format. To find the specific message
> that has the infection you may be able to search the mbox file for the
> name listed above "IFrame.Gen" or some variation of that.
That is not entirely true.
(search the archives for this subject -: ClamAV + worm in mbox file)
> I have not tried this but that is about the only way you are going to
> find the individual message in an mbox format. If maildir format was
> used then each message would be in a separate file and this would be
> easier to deal with.
This can do the same thing for you in mbox format. This was suggested
by Chrisof Damian (May 25 2004)
formail < evilmbox -s thescript.sh > virusfreembox
#!/bin/sh
TEMP=`mktemp XXXXXX`
cat > $TEMP
clamscan --quiet --unzip --mbox $TEMP
if [ $? == 0 ]; then
cat $TEMP
fi
rm $TEMP
After that, diff it to your org evolution mbox file.
Hmm.. I think I've got to document this down in my "own" mini-howtos
HTH
--
More information about the fedora-list
mailing list