On Fri, 2004-07-23 at 13:04, Michael Sullivan wrote: > I installed ClamAV 0.72 through yum (it was the only one I could find in > rpm form for Fedora Core.) I went through the steps in the > RPM-clamav.txt file. The last step says to test clamAv's functionality > by running the command: > > > /usr/bin/clamdscan -r /usr/share/doc/clamav-0.72 > > I did so. It gave me this output: > > > /usr/share/doc/clamav-0.72/test/test: ClamAV-Test-Signature FOUND > /usr/share/doc/clamav-0.72/test/test-zip-noext: ClamAV-Test-Signature FOUND > /usr/share/doc/clamav-0.72/test/test.bz2: ClamAV-Test-Signature FOUND > /usr/share/doc/clamav-0.72/test/test.msc: ClamAV-Test-Signature FOUND > /usr/share/doc/clamav-0.72/test/test.zip: ClamAV-Test-Signature FOUND > /usr/share/doc/clamav-0.72/.RPM-clamav.txt.swp: Unable to open file or directory. ERROR > /usr/share/doc/clamav-0.72: OK > > ----------- SCAN SUMMARY ----------- > Infected files: 5 > Time: 1.026 sec (0 m 1 s) > > Are these five files really infected? If so, how do I fix them, I got the yum information for obtaining clamav from > http://www.clamav.net/binary.html#pagestart > > > > ________________________________________________________________________ > > From: Alexander Dalloz <alexander.dalloz@xxxxxxxxxxxxxxxx> > > To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx> > > Subject: Re: Pesky virus > > Date: Fri, 23 Jul 2004 17:24:46 +0200 > > > > Am Fr, den 23.07.2004 schrieb Michael Sullivan um 17:14: > > > > > I've got a small problem. Last week I received in my > > > non-espersunited.com email account an email from someone I don't know > > > with an .exe file as an attachment. Naturally I assumed that this was a > > > virus, and wrote back to the email address it was from informing them > > > that they had a virus. I've received several similar emails on through > > > the week, most were unique but all followed the same format: One line > > > of text and then the attachment link, usually a .exe or a .zip file. I > > > haven't opened any of them, but in the past couple of days I've begun > > > seeing them in my espersunited.com email accounts. I wasn't too worried > > > about it until this morning, when I received a message from another SMTP > > > server saying that my mail was undeliverable to some person's email > > > account. I looked at the message sent and it was indeed from me, but > > > the message body held the same one line and thesame EXE/ZIP file > > > attachment as the ones I'd received from multiple sources. I use > > > evolution as my email client. Could I be infected with this virus? I > > > didn't think Linux was susceptible to virii - only hostile shell > > > scripts. Is there a way I can test if I am infected, and if I am, is > > > there a way to find the virus so that I can destroy it? > > > > Such mail like you described are at 99.99% virus/worm mails - targeting > > Windows[tm] systems (we all know the usual suspects always running with > > administrator account permissions and the and other aspects of the > > system layout making life easy for worm authors). > > > > To test your system against virus you can use the free anti-virus > > scanner ClamAV (actually version 0.75 is out). Though I doubt you are > > infected with a worms/virus. If you check the suspicious mails (the > > attachments) you got you will quite certainly find out that they are for > > Windows[tm] systems. Maybe it is one of the new virus shortly coming > > out. It is often enough if one of your friends, using your 'private' > > non-espersunited.com email address is infected and has you in his > > address book. > > > > Alexander > > > > > > -- > > Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 > > Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp > > Serendipity 17:18:46 up 1 day, 2:06, load average: 0.04, 0.18, 0.27 > > > > ______________________________________________________________________ You are indeed seeing test files you should also see virus signatures in rpm, gz, or tar files if they are on your system. -- jludwig <wralphie@xxxxxxxxxxx>
