Hi, I have the below details
[root@ clamav]# clamscan --version *ClamAV 0.100.2/25267/Fri Jan 4 06:17:25 2019* [root@ clamav]# rpm -qa | grep clamav clamav-filesystem-0.100.2-2.el7.noarch clamav-update-0.100.2-2.el7.x86_64 clamav-0.100.2-2.el7.x86_64 clamav-lib-0.100.2-2.el7.x86_64 [root@ clamav]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@ clamav]# freshclam ClamAV update process started at Fri Jan 4 12:25:08 2019 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cld is up to date (version: 25267, sigs: 2197794, f-level: 63, builder: raynman) bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo) [root@ clamav]# when i am running clamscan #clamscan --infected --recursive / /var/lib/clamav/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND /var/lib/clamav/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND /var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND [root@ clamav]# pwd /var/lib/clamav [root@ clamav]# ls -ltrh total 268M -rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd -rw-r--r--. 1 clamupdate clamupdate 990K Jan 2 18:00 bytecode.cld -rw-r--r--. 1 root root 441K Jan 4 03:52 rfxn.ndb -rw-r--r--. 1 root root 828K Jan 4 03:52 rfxn.hdb -rw-r--r--. 1 root root 400K Jan 4 03:52 rfxn.yara -rw-r--r--. 1 clamupdate clamupdate 153M Jan 4 09:00 daily.cld -rw-------. 1 clamupdate clamupdate 520 Jan 4 12:21 mirrors.dat [root@ clamav]# Is the CentOS Linux release 7.3.1611 (Core) server infected with Malware? Please suggest. Thanks in Advance. Best Regards, Kaushal
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml