Hi VMDK's are vm-ware's disks. So if you have an infected file in an filesystem of a virtual mashine, it is stored in the VMDK. So boot your VM and run clamscan there. It will tell you which file in the virtual file system is infected.
However, since vmware stores all files in the vmdk, it is NOT a false positive. Deleting a vmdk (and hence a full virtual drive) is not a good idea for only some infected filed. It would be best to exclude vmdk from virus scanning at the host and also do virus scanning at the guest os. Beware, that erased files in the virtual file system will only be overwritten in the vmdk, if other data is stored there. Hence, the vmdk will stay "infected", if you delete virii from the virtual file system. (Just as free blocks of a drive will stay infected, if you just delete files.) Regards, Steffen -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Scott Moore Gesendet: Freitag, 10. Dezember 2004 21:46 An: [EMAIL PROTECTED] Betreff: [Clamav-users] VMWARE and False positives? I am getting the following in my scans and knowing what I know about Vmware, I think they are false positives: C:\VMware Files\RH72 BASE\Linux.vmdk: Exploit.IFrame.Gen FOUND C:\VMware Files\RH72 Test ED\Linux.vmdk: Exploit.IFrame.Gen FOUND C:\VMware Files\W2K SQL IIS ActiveX Dev\Windows 2000 Server-02.vmdk: Exploit.IFrame.Gen FOUND C:\VMware Files\Windows 2000 Server COR\Windows 2000 Server-02.vmdk: Exploit.IFrame.Gen FOUND Has anyone seen anything like this? _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
