• Clam AV question

    From Mountain Magpie@21:1/5 to All on Tue Nov 2 08:02:47 2021
    Ran a virus etc. scan on Ubuntu 21.10 with Clam, and these were the
    results:-

    Known viruses: 8573202
    Engine version: 0.103.3
    Scanned directories: 6598
    Scanned files: 87229
    Infected files: 1


    Is there an easy way to find the suspected infected file, without
    trawling through the long printout in the terminal, at all?

    In advance, thanks, as usual.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Peter@21:1/5 to Mountain Magpie on Tue Nov 2 11:44:17 2021
    On 02.11.2021 09:02, Mountain Magpie wrote:

    Ran a virus etc. scan on Ubuntu 21.10 with Clam, and these were the
    results:-

    Known viruses: 8573202
    Engine version: 0.103.3
    Scanned directories: 6598
    Scanned files: 87229
    Infected files: 1


    Is there an easy way to find the suspected infected file, without
    trawling through the long printout in the terminal, at all?

    In advance, thanks, as usual.


    How about redirecting the output from clamscan to a text file, and then
    search in that file?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mike Easter@21:1/5 to Peter on Tue Nov 2 07:25:59 2021
    Peter wrote:
    Mountain Magpie wrote:

    Ran a virus etc. scan on Ubuntu 21.10 with Clam, and these were the
    results:-

    Known viruses: 8573202
    Engine version: 0.103.3
    Scanned directories: 6598
    Scanned files: 87229
    Infected files: 1


    Is there an easy way to find the suspected infected file, without
    trawling through the long printout in the terminal, at all?

    In advance, thanks, as usual.


    How about redirecting the output from clamscan to a text file, and then search in that file?

    clamscan has a command to put (copy or move) the infected file into a
    specified directory.

    https://docs.clamav.net/manual/Usage/Scanning.html#clamscan

    --move=DIRECTORY - move infected files into DIRECTORY
    --copy=DIRECTORY - copy infected files into DIRECTORY



    --
    Mike Easter

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Aragorn@21:1/5 to All on Tue Nov 2 17:40:29 2021
    On 02.11.2021 at 08:02, Mountain Magpie scribbled:

    Ran a virus etc. scan on Ubuntu 21.10 with Clam, and these were the
    results:-

    Known viruses: 8573202
    Engine version: 0.103.3
    Scanned directories: 6598
    Scanned files: 87229
    Infected files: 1

    You do know that Clam AV only scans for Windows viruses, right? And you
    also do know that Windows viruses don't work in GNU/Linux, right?

    Of course, if you've been playing around with Wine, then it is always
    possible that you got some Windows virus in a file in your home
    directory — it's the only thing Wine has write access to.


    --
    With respect,
    = Aragorn =

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Elvidge@21:1/5 to Aragorn on Tue Nov 2 17:25:31 2021
    On 02/11/2021 04:40 pm, Aragorn wrote:
    On 02.11.2021 at 08:02, Mountain Magpie scribbled:

    Ran a virus etc. scan on Ubuntu 21.10 with Clam, and these were the
    results:-

    Known viruses: 8573202
    Engine version: 0.103.3
    Scanned directories: 6598
    Scanned files: 87229
    Infected files: 1

    You do know that Clam AV only scans for Windows viruses, right? And you
    also do know that Windows viruses don't work in GNU/Linux, right?

    Of course, if you've been playing around with Wine, then it is always possible that you got some Windows virus in a file in your home
    directory — it's the only thing Wine has write access to.



    Or if you're using a Linux box as a Windows backup or as a NAS server
    for Windows.

    --
    Chris Elvidge
    England

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mountain Magpie@21:1/5 to All on Tue Nov 2 22:30:28 2021
    On Tue, 2 Nov 2021 17:40:29 +0100, Aragorn posted:-

    You do know that Clam AV only scans for Windows viruses, right? And
    you also do know that Windows viruses don't work in GNU/Linux, right?

    Well I hope that is a rhetorical question.

    Simply following instructions from this page https://upcloud.com/community/tutorials/scan-ubuntu-server-malware/

    But I overlooked the word "server" there, I must admit.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul@21:1/5 to Mountain Magpie on Tue Nov 2 22:01:52 2021
    On 11/2/2021 4:02 AM, Mountain Magpie wrote:

    Ran a virus etc. scan on Ubuntu 21.10 with Clam, and these were the
    results:-

    Known viruses: 8573202
    Engine version: 0.103.3
    Scanned directories: 6598
    Scanned files: 87229
    Infected files: 1


    Is there an easy way to find the suspected infected file, without
    trawling through the long printout in the terminal, at all?

    In advance, thanks, as usual.

    The STDOUT output of "clamscan" contains the information.

    The --log file output itself only contains exception conditions
    for the scanner, like trying to scan a symbolic link.

    This means, if you run "clamscan" from the command line, you need
    to redirect all the terminal output into your own logfile.

    In the example here, I did "cd /" and then the clamscan placed
    the two log files (useless and useful versions) at the top of
    the tree being scanned.

    The command line scanner does not "act" on the files, unless
    you use one of the other directives. Without a large set of
    command line switches, it just scans.

    EICAR sample virus was used to trip detection, resulting in a "found" file.

    https://en.wikipedia.org/wiki/EICAR_test_file

    Here is my sample photo.

    [Picture]

    https://i.postimg.cc/YSkb2Qfx/clamscan.gif

    Command used:

    cd /
    sudo clamscan --official-db-only=yes -r --log=out.txt | sudo tee log2.txt

    Paul

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)