> sorry to bother you but I am new to ClamAV (on fedora core 6). I ran > clamscan on my laptop and got a message telling me that I have 3 files > infected.
You might have some malware, but I doubt your system is infected. > One is in my mail . I browed the FAQ and find a way supposed (by using ... Yes, everyone gets junk in their e-mail. Your system might not even be vulnerable to it, and it doesn't mean that the stuff has actually infected your system. But finding the specific message is a bit hard with ClamAV > The second file infected is in my windows partition under the root > directory (I got this result :media/hda2/pagefile.sys: > Exploit.HTML.MHTRedir-8 FOUND). hda2 is my windows partition. Thisfile > is 1.3G large (from what nautilus sees/says). Again is simply deleting > enough ? I s it usually a windows file ? This is the Windows swap file. So you probably visited a site with an exploit, and some of your RAM holding that, happened to get swapped to disk. Or it could be a false-positive. Your Windows swap file is just temp storage while Windows is running, so anything in it junk. There is no need to disinfect it, as Windows will re-init it when it boots aqain. > The third one is more confusing to me since it is a zipped file that I > donwloaded from the US Samsung site when I tried to upgrade my Yepp 920 > studio and firmware (mp3 player interface). The scan tells me that it is > an oversized archive. Is there a way for clamAV to be sure of that (I The ZIP file may be corrupted. The exact ClamAV message would be helpful, but ClamAV has protection against "ZIP bombs", which contain files with unrealistic compression ratios. "ZIP bombs" can take a really long time to scan, as the AV engine will decompress the file(s), which can decompress to 100x the original size (or more). So scanning a 50MB ZIP bomb, could involve scanning 5GB of data. There are settings in Clam to configure the "unrealistic" compression ratio setting. Tom _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
