Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installed CLAMAV (+clamtk)


  • Please log in to reply
8 replies to this topic

#1 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,806 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 30 May 2016 - 10:06 PM

Clam av can be installed ...

apt-get install clamav clamav-daemon clamav-freshclam clamav-unofficial-sigs && freshclam && service clamav-daemon start

Clam tk is a graphical interface ofr cal av....in otherwords it gives a "windows like' window to set preferences and start scans from etc etc....

sudo apt-get install clamtk

upon running clamAV via clamtk.....the results on my Linux Mint 17.3 were....

 

 

 

 

 

 

54vcht.jpg

 

 

 

.....and after quarantining that lot....I then ran it again (on the home folder both times)....

 

 

r0qe81.jpg

 

I then ran bleachbit....with the emphasis on Firefox and Tunderbird.....

and then ran another home folder scan....

 

and it found one more......  /home/brian/.cache/mozilla/firefox/mwad0hks.default/cache2/entries/5F83A0365B5200283ADCA32818F19691636C9506

 

I submitted this to virus total and it tells me that all is clear   0/56 (including clamAv !!)

 

and again...

 

23mr13n.jpg

 

Comments??


Edited by Condobloke, 30 May 2016 - 11:55 PM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

BC AdBot (Login to Remove)

 


#2 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 31 May 2016 - 12:33 AM

False positives abound when running AV scans, especially if the AV scanner involved uses heuristics, which categorise things by their behaviour, and are often incorrect.

 

I've no experience with ClamAV so can't comment on its efficacy as a detector. If in doubt about anything found, do what you've already done and submit the files in question to VirusTotal, if any significant positive threats are found, delete the files.



#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 5,806 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 31 May 2016 - 04:09 AM

I downloaded and installed the clam product from THIS  topic where the link http://www.linux.org/threads/malware-and-antivirus-systems-for-linux.4455/ was provided by PC Punk

 

If I have screwed up in some way, then so be it........but If in fact this is an indication of the efficacy of linux Anti viruses......then heaven help the Linux systems when someone out there decides that linux OS's are an attractive target.


Edited by Condobloke, 31 May 2016 - 06:28 AM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#4 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 31 May 2016 - 04:38 AM

There's no reason I can see why your installation of Clam should be the cause of any problems, I suspect it's related more to the detection algorithms being used.

 

Linux AVs are predominantly looking for Windows infections, and as such I expect they rely heavily on heuristics, as opposed to signature based detections. As I said, I've no experience with Clam, so I don't know whether this is the case or not, but if it is, then it would go a long way towards explaining the unreliable results you've experienced.



#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 5,806 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 31 May 2016 - 04:51 AM

Thanks Gary, that makes a great deal of sense to me...(looking for windows infections)...

 

I will simply remove it and spend a bit more time researching the topic......If i was to see results like that again , I might have to take a shot of adrenaline with Nick ! (HERE)


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,866 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:04 PM

Posted 31 May 2016 - 06:20 AM

I downloaded and installed the clam product from THIS  topic where the link http://www.linux.org/threads/malware-and-antivirus-systems-for-linux.4455/ was provided by Nick.

 
 
I was just quoting something from the site

 

Viruses - Computer viruses are replicating code that spread by hiding inside of infected applications and installers.


 http://www.linux.org/threads/malware-and-antivirus-systems-for-linux.4455/
Whats a virus?

 

The link was provided by PCpunk.
 
 

Pua.HTML.Exploit cve 2015 1692 1

Bad guys please note, This is Linux, We don't use Internet Explorer.

 

Edit bellow.

 

I just read this.

http://www.bleepingcomputer.com/forums/t/613130/mouse-for-linux/#entry4011915

 

 

I tried Wine......(and at this point I must admit i am not the sharpest pencil in the pack when it comes to figuring something like this out).......and that was a no go with set point. I also tried a program called Crossover...again no go.

 

My son tried the same  (and he is WAY sharper than me !)....and also had no success.

 

This could explain it you are running Wine?

Did you try installing Windows drivers for your mouse in Wine?


Edited by NickAu, 31 May 2016 - 06:26 AM.


#7 pcpunk

pcpunk

  • Members
  • 5,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:04 AM

Posted 31 May 2016 - 08:48 AM

I will simply remove it and spend a bit more time researching the topic......If i was to see results like that again , I might have to take a shot of adrenaline with Nick ! (HERE)

There is no need to remove it, you'll just need to learn how to use it.  Take your time it isn't a priority, just read up on it in some articles and Linux Threads, there are many here at bc.com.  For the most part you can just clear the Browser cache to get rid of that stuff, but Clamav, if you read the other link is a:

 

" is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates."

https://www.clamav.net/about

 

Sorry to steer you wrong Condobloke, I'll need to be more careful in the future. That link was meant for a general read about Linux and Malware.  I use Clamav all the time just to clean up Windows browser infections, and don't even know if that is a good practice, but it always fixes glitches that I get over time.  I do this because when I clear browser cache it removes stuff I don't want it to.  Again, this has worked for me for a long time now so will keep using it.  There will be false positives so you'll have to research them, and anything to do with general software, mostly including windows, it might show a false positive.  Like things that you have saved to your home folders.  Mine include Lexar Encryption software, and even some linux files can show false positives.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 5,806 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 31 May 2016 - 06:48 PM

ok....my apologies to all involved here.

 

I had a major dummy spit when I saw the result of the first scan...

 

I then read some more, and cleared the browsers cache thinking that would solve the problem.

 

Wrong.

 

The second scan is every bit as bad as the first......and the third is not much better.

 

I am still carrying around some of the 'windows mentality' where if one sees a handful of results like that...it is panic stations.  I do not visit the sort of web sites that usually 'hand out' crap like that....nor do I download untested/unverified programs etc that may carry a "load" with them. It has become my habit to try very hard to only download from the repository for the time being...as I understand that is as safe as it can get. This is partly to "de windows" myself...basically forcing myself to stop looking for the easy way out, and learning just what Linux can do all on its own....without intervention from 3rd party sites etc

 

So I am still a bit mystified. I am having trouble getting my head around it all.

 

I had a look at Sophos's site...free download....specifically for Linux......490MB....!...seriously ??.....half a gb for a 'basic' av program.

 

The reason I am chasing av stuff for linux is not because I have any real fears for the security or safety of this OS. It is done purely out of interest in learning just how linux ticks....how it interacts with the 'malware' etc etc which is forever present in the internet/computer world.....and a serious curiosity as to just how long it may take for the nasty effects and money gathering to start in the linux world.

 

So when all the4 nasties presented themselves in a scan.....I immediately went into 'windows mode'.....swore terribly.....and started to list mentally the steps necessary to combat this. lets fac e it....I have done just that for many people on this forum so I am more than capable to do it for myself.

 

A litttle while later....the dummy spit subsided.....and I thought....hang about...my pc shows absolutely no signs of infection....no increased 'activity'....cpu etc etc....no slow downs....no bizarre behaviour...no programs failing to open etc etc etc.......so what the **** is going on here ?

 

The rest is history....cleaned browser....(used bleachbit and ubuntu tweak)....ran another scan....blah blah blah.....

 

@pcpunk.......you did not lead me astray....this all about my inability to understand the nature of the beast

 

@NickAu....yes...I tried the whole rigmarole in Wine....and came away less then impressed. I also tried Crossover (free trial)....sent a help message to their 'help' desk only to be told they could not find a download for the necessary .dll which is missing, and to go find it myself !  The 'weak moment' in which I installed wine and crossover has been dealt with......they are gone, never to return.

 

I will ramble more later


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#9 66Batmobile

66Batmobile

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial
  • Local time:08:04 AM

Posted 31 May 2016 - 08:54 PM

@Condobloke

 

Trust me...you're not the only one trying to shake the "windows mentality".  Many have spent time chasing phantoms from operating systems past, only to realize they were imaginary. 

 

 

Hmm, that almost sounded profound... :o :whistle: :P


Gen. Barker - You haven't heard the last of this!!

Hawkeye Pierce - I wasn't listening to the first of it...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users