Hi,
Assuming the journal was properly created on an existing EXT2 filesystem and
then the filesystems MOUNTED AS EXT3, then the contents of the journal
should contain nothing but journaling data. Initially, there is always the
potential for the journal to occupy disk sectors that previously contained
an infected file, but those sectors would eventually have been overwritten
with journal data. The sample "hits" provided earlier in this thread showed
that the "file" contained different viruses, on different days.
In either case, viruses are not likely to infect the journal, IF the journal
is being properly used (by properly mounting the filesystem as EXT3), and
unless the virus were specifically written to be Linux EXT3 journal-aware,
should never even know about the existance of the journal. Likewise, clam
should not even be EXT3 journal-aware.
It looks like a false positive. Bitdefender don't shows any viruses. But
why there are different viruses. Because of the refresh of virus database?
When in doubt:
1. unmount the filesystem
2. remount it as EXT2
3. blow away the existing journal (it should be visible as a file, when the
fs is mounted as EXT2)
4. use "mke2fs -j /device" to recreate a new journal
5. do an "ls -al .journal" to confirm the new journal exists
6. remount the filesystem as type EXT3
7. repeat the "ls -al .journal" - you should NOT see the journal file!
(clam shouldn't see it, either!)
8. confirm that your /etc/fstab file is correct
remount for root (/*) is not possible. Only with reboot and from cdrom.
Thanks. Bye Fred
--
Software Development EsPresto AG
-----------------------------------------------------------------
[EMAIL PROTECTED] Breite Str. 30-31
Tel/Fax: +49.30.90 226.750/.760 10178 Berlin/Germany
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
