On Sun, 2010-07-04 at 09:22 -0700, JD wrote: > So far, clamav has not found anything in the mounted windows partition. > That could be good news or bad news :) :) Systems running windows from an infected disk are often unable to find the infection, as the infection often installs a root kit that hides the infection from the virus scanner. When you boot linux and scan the disk using clamav you have a good chance of finding infections that even expensive anti virus apps running on the infected windows system couldn't find. I have several times found infections on running windows systems by remotely mounting their C: drive (the C$ share) on my linux box and running clamav on them. That way I can check them without downtime. How does the infection get past the windows anti-virus? It could either be something new that wasn't detected yet when you got infected. Or (as in my case) systems that need to have anti-virus disabled for certain data directories and applications because of performance problems. Combine that with a need to allow connections to that same app from the internet... Recipe for infections. I usually find 3 different 'hits' on infected systems, and when looking up the signatures on the web I usually find that one is the component that initially infected the system. That one then downloads and installs a root kit to hide itself, and then a backdoor to offer services. -- birger -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
