Re: [clamav-users] ClamAV Scan results

Fri, 04 Jan 2019 04:49:06 -0800 

Likely not.  I would bet that there are some poorly written yara sigs in your 
environment.  

Sent from my  iPhone

> On Jan 4, 2019, at 07:28, Kaushal Shriyan <kaushalshri...@gmail.com> wrote:
> 
> Hi,
> 
> I have the below details 
> 
> [root@ clamav]# clamscan --version
> ClamAV 0.100.2/25267/Fri Jan  4 06:17:25 2019
> [root@ clamav]# rpm -qa | grep clamav
> clamav-filesystem-0.100.2-2.el7.noarch
> clamav-update-0.100.2-2.el7.x86_64
> clamav-0.100.2-2.el7.x86_64
> clamav-lib-0.100.2-2.el7.x86_64
> [root@ clamav]# cat /etc/redhat-release
> CentOS Linux release 7.3.1611 (Core)
> [root@ clamav]# freshclam
> ClamAV update process started at Fri Jan  4 12:25:08 2019
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
> sigmgr)
> daily.cld is up to date (version: 25267, sigs: 2197794, f-level: 63, builder: 
> raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
> [root@ clamav]#
> 
> when i am running clamscan 
> 
> #clamscan --infected --recursive /
> /var/lib/clamav/rfxn.hdb: 
> YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
> /var/lib/clamav/rfxn.ndb: 
> YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
> /var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND
> 
> [root@ clamav]# pwd
> /var/lib/clamav
> [root@ clamav]# ls -ltrh
> total 268M
> -rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd
> -rw-r--r--. 1 clamupdate clamupdate 990K Jan  2 18:00 bytecode.cld
> -rw-r--r--. 1 root       root       441K Jan  4 03:52 rfxn.ndb
> -rw-r--r--. 1 root       root       828K Jan  4 03:52 rfxn.hdb
> -rw-r--r--. 1 root       root       400K Jan  4 03:52 rfxn.yara
> -rw-r--r--. 1 clamupdate clamupdate 153M Jan  4 09:00 daily.cld
> -rw-------. 1 clamupdate clamupdate  520 Jan  4 12:21 mirrors.dat
> [root@ clamav]#
> 
> Is the CentOS Linux release 7.3.1611 (Core) server infected with Malware? 
> Please suggest. Thanks in Advance.
> 
> Best Regards,
> 
> Kaushal
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to