Clamav scan

Support
1

Today I done a full system Scan. Both Windows and Linux. For Windows Pations none.

This is the result of clamav scan.

/root/.xauthYaBajZ: OK
/root/.xauthNna7c1: OK
/root/.dbus/session-bus/f6481812189c4101b5228e77f2f55b1d-0: OK

----------- SCAN SUMMARY -----------
Known viruses: 1802567
Engine version: 0.99.2
Scanned directories: 52624
Scanned files: 371607
Infected files: 50
Total errors: 14411
Data scanned: 54496.17 MB
Data read: 139415.34 MB (ratio 0.39:1)
Time: 13768.559 sec (229 m 28 s)
[root@pujitha-pc ~]#

I install software from OM repose and 1 or 2 from the creator website. I found 50 Infected files
I used below commands.

freshclam
clamscan -r /

2

Can you please list these potentially infected files ?

3

Found the same result here, 50 infected files.
I’ll have to run clamav again, with proper flags to obtain the list of infected files …

4

Busy, Please provide a command to give the infected file list. So others can do it too… and give a feedback. Thanks…

5

So is everyone that might try to help.

6

Busy mean: Takes time to give you the output feedback. You have to wait couple of days. :frowning:

7

The idea is to tell clamscan to inform only infected files. This is done simply by,

clamscan -r -i /

I add to it,

clamav -r -i / >infectados.txt 2>&1

to have the result in a file for later analysis. The resulting file is 1.6M and since everybody can get this using the command above, I’ll not upload it unless told to.

The result is somewhat surprising. The infected files are all clamav’s itself testing files (list in the end). However, I got hundreds of warnings, on the use of pcre and the fact that its support is disabled, an example is

LibClamAV Warning: cli_loadldb: logical signature for Email.Trojan.Toa-5493306-0 uses PCREs but support is disabled, skipping

also, even as root, some files had permission denied. Examples are,

WARNING: Can't open file /sys/devices/pci0000:00/0000:00:1a.0/rescan: Permission denied

and other error messages. Are there problems with clamav installation?

Finally, the list of “infected files”,

/usr/share/doc/clamav/test/clam-petite.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.odc.cpio: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.mail: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.bin-le.cpio: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.bz2: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/.split/split.clam_IScab_int.exeaa: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/.split/split.clam_IScab_ext.exeaa: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/.split/split.clamjol.isoaa: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/.split/split.clam.isoaa: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-aspack.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.mbox.base64: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.newc.cpio: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.tnef: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.pdf: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam_ISmsi_ext.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.ea06.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.rtf: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.d64.zip: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.szdd: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clamjol.iso: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.chm: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam_IScab_ext.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-wwpack.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.7z: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.ole.doc: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam_IScab_int.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.cab: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam_ISmsi_int.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-nsis.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.iso: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.impl.zip: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-fsg.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-upx.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.bin-be.cpio: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-mew.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.zip: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.arj: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.ea05.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam_cache_emax.tgz: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-upack.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.bz2.zip: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.binhex: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.sis: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.tar.gz: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.html: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-yc.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.exe.mbox.uu: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam-pespin.exe: Clamav.Test.File-6 FOUND
/usr/share/doc/clamav/test/clam.ppt: Clamav.Test.File-6 FOUND
8

My Output. infectados.txt (1.3 MB)

9

It seems the same result as mine, except that you have a windows partition with an antivirus (Panda) infected file.

Curiously, in your output file I had to use a search engine for “FOUND” to find the list of infected files …

10

looks like our clamav has disabled PCRE support. I’m building new fixed clamav version.

11

Thanks.

12

New clamav-0.99.2-4 is available in main/testing repository

1 Like
13

Seems to work well. Thanks.

1 Like