Likely not. I would bet that there are some poorly written yara sigs in your environment.
Sent from my iPhone > On Jan 4, 2019, at 07:28, Kaushal Shriyan <kaushalshri...@gmail.com> wrote: > > Hi, > > I have the below details > > [root@ clamav]# clamscan --version > ClamAV 0.100.2/25267/Fri Jan 4 06:17:25 2019 > [root@ clamav]# rpm -qa | grep clamav > clamav-filesystem-0.100.2-2.el7.noarch > clamav-update-0.100.2-2.el7.x86_64 > clamav-0.100.2-2.el7.x86_64 > clamav-lib-0.100.2-2.el7.x86_64 > [root@ clamav]# cat /etc/redhat-release > CentOS Linux release 7.3.1611 (Core) > [root@ clamav]# freshclam > ClamAV update process started at Fri Jan 4 12:25:08 2019 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cld is up to date (version: 25267, sigs: 2197794, f-level: 63, builder: > raynman) > bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo) > [root@ clamav]# > > when i am running clamscan > > #clamscan --infected --recursive / > /var/lib/clamav/rfxn.hdb: > YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND > /var/lib/clamav/rfxn.ndb: > YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND > /var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND > > [root@ clamav]# pwd > /var/lib/clamav > [root@ clamav]# ls -ltrh > total 268M > -rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd > -rw-r--r--. 1 clamupdate clamupdate 990K Jan 2 18:00 bytecode.cld > -rw-r--r--. 1 root root 441K Jan 4 03:52 rfxn.ndb > -rw-r--r--. 1 root root 828K Jan 4 03:52 rfxn.hdb > -rw-r--r--. 1 root root 400K Jan 4 03:52 rfxn.yara > -rw-r--r--. 1 clamupdate clamupdate 153M Jan 4 09:00 daily.cld > -rw-------. 1 clamupdate clamupdate 520 Jan 4 12:21 mirrors.dat > [root@ clamav]# > > Is the CentOS Linux release 7.3.1611 (Core) server infected with Malware? > Please suggest. Thanks in Advance. > > Best Regards, > > Kaushal > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml