On 05/28/2013 02:08 PM, Yasha Karant wrote:
The latest ClamAV that I can find pre-ported fro SL6 x86-64 is
http://pkgs.repoforge.org/clamav/clamd-0.97.7-1.el6.rf.x86_64.rpm
EPEL has a slightly newer version of this package:
http://koji.fedoraproject.org/koji/buildinfo?buildID=413926
Will this RPM "override" dependencies in the "stock" SL distribution? EL
(and Linux in general) does not seem to have reliable polymorphism -- the
default for these sorts of dependencies generally does not seem to install a
different executable/library sub-tree independent of the stock distribution
except in so far as the same files (e.g., libraries) are used.
However, ClamAV still appears to be pre-production (0.x, not 1.x). Is it
stable and useful?
Yasha Karant
On 05/24/2013 03:01 PM, Clint Bowman wrote:
ClamAV seems to have a good pedigree--SANS has mentioned it frequently.
Clint Bowman INTERNET: [email protected]
Air Quality Modeler INTERNET: [email protected]
Department of Ecology VOICE: (360) 407-6815
PO Box 47600 FAX: (360) 407-7534
Olympia, WA 98504-7600
USPS: PO Box 47600, Olympia, WA 98504-7600
Parcels: 300 Desmond Drive, Lacey, WA 98503-1274
On Fri, 24 May 2013, Yasha Karant wrote:
Currently, which are the "best" antivirus programs for SL 6 X86-64?
I am familiar with several Linux applicable antivirus applications:
Avast, BitDefender, ClamAV, AVG, amongst others,
but have not tested any of these on my current environment.
Any current recommendations?
Yasha Karant
On 05/24/2013 10:34 AM, John Lauro wrote:
Linux can get viruses too including ones that could cause the
symptoms
described. Not sure what you mean by oos viruses, but the claim was
blaster like, not the blaster virus. That said, it sounds suspicious
like an attempt to get you to buy something. Anyways, a virus on Linux
is possible, but you can use argus or tcpdump or a ton of other network
monitoring tools on your machine and see if it is spewing out random
connections that it shouldn't be.
----- Original Message -----
From: "g" <[email protected]>
To: "scientific linux users" <[email protected]>
Sent: Friday, May 24, 2013 12:50:12 PM
Subject: is this a this virus or an error
greetings.
last night while reading articles at 'news.yahoo.com' using firefox
17.0.6,
i had 3 pages opened and this message popped up;
+++
Excessive Sessions Warning
Error
Your 2701HG-B Gateway has intercepted your web page request to
provide you
with this important message. The following devices on your network
are using
a large number of simultaneous Internet sessions:
192.168.1.144
The most likely cause of this issue is a ~blaster~ type virus which has
infected the device. It is strongly recommended that the devices
above be
scanned for potential viruses.
Note that a large number of sessions may occasionally be the result of
application software or gaming software installed on the device. If you
believe this is the case, click the ~Do not show me excessive session
warnings in the future~ to disable this feature.
To access the requested Web page that was intercepted, please close all
browser windows and then restart your Web browser software.
If you continue to see this page after closing all open Web browser
windows,
restart your computer.
[ ] Do not show me excessive session warnings in the future
+++
i have, at previous times, had 8 to 10 pages opened and not received
such
a notice.
curious as to what such a virus infected, i looked up 'blaster' at
wikipedia.org to find;
+++
The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a
computer
worm that spread on computers running the Microsoft operating
systems: Windows
XP and Windows 2000, during August 2003.[1]
The worm was first noticed and started spreading on August 11, 2003.
The rate
that it spread increased until the number of infections peaked on
August 13,
2003. Filtering by ISPs and widespread publicity about the worm
curbed the
spread of Blaster.
+++
i contacted bellsouth and the rep insisted that i had a virus that was
causing message.
when i told her that i had doubt that it was a virus, because i run
linux
and oos viruses do not effect linux.
she insisted that "viruses have a way of creeping into a system" and
that
for $100, i could have an online scan run to check my system.
when i mentioned that notice stated;
It is strongly recommended that the devices above be scanned for
potential
viruses.
rep insisted that meant my computer and not the dsl modem.
needless to say, if she did not understand what i was trying to explain
to her that i was not using oos, she has little understanding about any
virus problem.
so, have any readers run across above notice or know of any virus
that can
enter a linux system to cause such a message to appear?
tia.
--
Pat Riehecky
Scientific Linux developer
http://www.scientificlinux.org/
