Hi there, On Mon, 24 Dec 2007 Baz wrote:
> I installed ClamAV and ran a scan on my entire system returning a > report of one infected file. How do I find this file? I Did you accidentally press 'send' too soon? I'm sure you intended to tell us just what your system is and how you installed ClamAV on it; exactly what you did, and exactly what you saw, when you ran the scan process. Clearly without that information we will be at considerable disadvantage, any help that we can give will of necessity be couched in fairly general terms. Don't forget that there are people here who run ClamAV on a bewildering variety of combinations of hardware and software, for very much more than the odd scan of their system files. So here's some fairly general help. First, and probably most important, read everything you can find that might help you to help yourself. That's a common theme in the open source software world. If you want to optimize the help you get from lists like this one, here's something important you need to read soon: http://www.catb.org/~esr/faqs/smart-questions.html Second, there are lots of ways of finding the file which you seek, but of course the methods will depend on information that unfortunately wasn't provided with your question. I suspect that you ran 'clamscan' and you were rewarded with a _very_ large list of file names, to each of which was appended the four characters ": OK", and at the end of the list was a summary, which is how you came by the information that one of the files is infected. On almost any computer system, the list of filenames on a full system scan would be so long that it scrolled most of the information that you were hoping for (that is, the names of any infected files) off the top of the screen so quickly you had no chance to read it. Am I right? Well, one way of stopping this from happening is to press 'CTRL-S' (that is, you hold down the 'CTRL' key and press the 'S' key once) which stops the text scrolling on most systems. Then to make it start scrolling again, press 'CTRL-Q'. You need to be quick, and fairly patient, to do it this way. You could avoid this problem by using your wits (also a common theme in the open source world) for example by piping output from your scan command through 'grep' - if you have a system which permits piping output and has 'grep' installed on it. If you haven't got 'grep' (already I can hear people asking "What use is a system that doesn't have grep and can't pipe output?" but never mind that for the moment:) then you could send the entire output of your scan to a file, and use a pager or a text editor to search for the rogue file. If you haven't got or can't use a pager or an editor for some reason, then maybe you'll be able to read the output over the Christmas break, or come back here with more information. Please be assured that what you want to do is trivially easy to do. Your next question is taking vague shape in my mind. It has to do with what the file is that you've found, and what you should do with it. For today, I've guessed as much as I'm prepared to guess, and I probably wouldn't have done that if it wasn't Christmas Eve. Compliments of the season to all. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
