Re: [Clamav-users] How to find infected file
On December 23, 2007 at 10:49PM Robert Adams wrote: I am very curious to know why anybody wants to help someone that has such an adversarial attitude towards them. I understand that support is support and should help people when they are able to, but not everybody's attitude warrants that extra mile of help. Baz, keep paying those big bucks and remain a Windows-weenie. It does not appear to me as though you will ever get an answer that makes you happy until you have someone hold your hand throughout the entire process. Linux requires a knowlege of the O/S AND the distro - please learn some of the basics of both before you junp down others' throats when they (very patiently) try to help you. These people have spent much more than the month or so that you have put in to learn Linux. Please show them the respect they deserve, ESPECIALLY when they are offering you their assistance on a Sunday evening. Hopefully my next posting will not be in regards to some spoiled, arrogant pussy that expects other people to do all his work and thinking for him. Big buck, little bucks or no bucks, it makes no difference. Money is only relative. The problem resides with those who are either too lazy or stupid to RTFM. The number of winey-weeners is relatively proportionate to the number of users of both *.nix and Microsoft products, although it is usually easier to find documentation on Win32 based products. It is apparent that the OP does not know proper posting etiquette to begin with. The first response to his posting informed of of that; never-the-less, he choose to ignore it. At that point right there I would have dismissed his further inquiries. I usually ignore top posters out of habit anyway. If they chose to post in a non-traditional manner, why should I waste me time trying to assist them? The best response you can give to a poster like that is not to berate him, which only feeds his desire for attention, but rather to just ignore him completely until his attitude changes. -- Gerard A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? TOPIC: Posting Etiquette ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Hi there, On Mon, 24 Dec 2007 Baz wrote: I installed ClamAV and ran a scan on my entire system returning a report of one infected file. How do I find this file? I Did you accidentally press 'send' too soon? I'm sure you intended to tell us just what your system is and how you installed ClamAV on it; exactly what you did, and exactly what you saw, when you ran the scan process. Clearly without that information we will be at considerable disadvantage, any help that we can give will of necessity be couched in fairly general terms. Don't forget that there are people here who run ClamAV on a bewildering variety of combinations of hardware and software, for very much more than the odd scan of their system files. So here's some fairly general help. First, and probably most important, read everything you can find that might help you to help yourself. That's a common theme in the open source software world. If you want to optimize the help you get from lists like this one, here's something important you need to read soon: http://www.catb.org/~esr/faqs/smart-questions.html Second, there are lots of ways of finding the file which you seek, but of course the methods will depend on information that unfortunately wasn't provided with your question. I suspect that you ran 'clamscan' and you were rewarded with a _very_ large list of file names, to each of which was appended the four characters : OK, and at the end of the list was a summary, which is how you came by the information that one of the files is infected. On almost any computer system, the list of filenames on a full system scan would be so long that it scrolled most of the information that you were hoping for (that is, the names of any infected files) off the top of the screen so quickly you had no chance to read it. Am I right? Well, one way of stopping this from happening is to press 'CTRL-S' (that is, you hold down the 'CTRL' key and press the 'S' key once) which stops the text scrolling on most systems. Then to make it start scrolling again, press 'CTRL-Q'. You need to be quick, and fairly patient, to do it this way. You could avoid this problem by using your wits (also a common theme in the open source world) for example by piping output from your scan command through 'grep' - if you have a system which permits piping output and has 'grep' installed on it. If you haven't got 'grep' (already I can hear people asking What use is a system that doesn't have grep and can't pipe output? but never mind that for the moment:) then you could send the entire output of your scan to a file, and use a pager or a text editor to search for the rogue file. If you haven't got or can't use a pager or an editor for some reason, then maybe you'll be able to read the output over the Christmas break, or come back here with more information. Please be assured that what you want to do is trivially easy to do. Your next question is taking vague shape in my mind. It has to do with what the file is that you've found, and what you should do with it. For today, I've guessed as much as I'm prepared to guess, and I probably wouldn't have done that if it wasn't Christmas Eve. Compliments of the season to all. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
I usually don't post but I just can't resist this insulting troll.. wasn't provided with your question. I suspect that you ran 'clamscan' and you were rewarded with a _very_ large list of file names, to each of which was appended the four characters : OK, and at the end of [...snip things about grep, editor and pager...] To make a really long story short; you mean something like: $ clamscan /home/username | grep -v : OK | less Of course, the OP would probably see a # instead of $ because he's logged in as root, not as a mortal user like he should, considering his experience. However, I'm not familiar with a clam.conf/clamscan.conf/whatever.conf file and I'm quite sure that it doesn't exist. There is of course the clamd.conf file that the OP might want to locate (hint) if he were using clamdscan instead of clamscan (OP: mind the little difference). But, then the OP would need an up-to-date locate database (hint). Ah wel, since it's almost Christmas eve (and before the OP starts trolling and top-posting again) these are the lines to find clamd.conf: (I haven't seen a recent distro that lacks these..) # updatedb # locate clamd.conf OP: - Don't tell us that you can't find updatedb, locate, grep and/or less. In that case, please go seek help elsewhere. This list is about ClamAV, not about learning to use Linux. - You need to cleanup your act if you want help. It's you who's insulting people that try to help you. If you can't use the help given, it might be you who's not competent enough to perform basic tasks. This would be your problem, not ours. - If you don't want to learn how to work with *nix and it's apps, please delete your Linux partition and stick with Windows as that would then be best for all of us (including you). Compliments of the season to all. Perhaps a bit early, but, merry Christmas to everyone! Grts, Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] How to find infected file
Hello, I installed ClamAV and ran a scan on my entire system returning a report of one infected file. How do I find this file? I -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Baz wrote: Hello, I installed ClamAV and ran a scan on my entire system returning a report of one infected file. How do I find this file? I Did you look in your log file? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
And where exactly is it? Do Linux developers intentionally make this shit difficult and still bitch about Windows/Norton's dominance? On Dec 23, 2007 4:15 PM, Dennis Peterson [EMAIL PROTECTED] wrote: Baz wrote: Hello, I installed ClamAV and ran a scan on my entire system returning a report of one infected file. How do I find this file? I Did you look in your log file? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Baz wrote: And where exactly is it? Do Linux developers intentionally make this shit difficult and still bitch about Windows/Norton's dominance? Please crush with all your being any desire to top post. Apparently you've not read anything yet so a good place to start is the ClamAV Wiki. The have a page especially for new users. http://wiki.clamav.net/Main/WebHome#ClamAV_for_beginners I can't tell you where your log will be because I had nothing to do with the installation, but if you run the clamconf utility it will tell you where it thinks the log is. There are a number of user-defined choices about the log which is why it is unpredictable where it is. On my Sun systems it is in /var/log and I use the syslogd logger. Those were choices I made. The clamconf utility is often located in the same path as the clamdscan and clamscan executables, but that is also configurable. If you installed ClamAV from source your build process would tell you these things. If you installed from an RPM then who ever built your RPM has the info you need. I don't own, run, or use Linux so don't know what the developers do for fun. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Dennis, Not apparently you're wrong. I spent at least two hours reading the wiki, support info from the website, various things from Google searches. Please note, that even you don't even know where it should be. This information should be readily apparent. Also, I didn't compile it, but installed pre-compiled packages from a non-official Debian repository. My main point is these Linux cheerleaders, who also whine about Microsoft's dominance, yet they can't even offer end-user-friendly applications so very basic to desktop security. Nevertheless, thank you for your input. On Dec 23, 2007 4:58 PM, Dennis Peterson [EMAIL PROTECTED] wrote: Baz wrote: And where exactly is it? Do Linux developers intentionally make this shit difficult and still bitch about Windows/Norton's dominance? Please crush with all your being any desire to top post. Apparently you've not read anything yet so a good place to start is the ClamAV Wiki. The have a page especially for new users. http://wiki.clamav.net/Main/WebHome#ClamAV_for_beginners I can't tell you where your log will be because I had nothing to do with the installation, but if you run the clamconf utility it will tell you where it thinks the log is. There are a number of user-defined choices about the log which is why it is unpredictable where it is. On my Sun systems it is in /var/log and I use the syslogd logger. Those were choices I made. The clamconf utility is often located in the same path as the clamdscan and clamscan executables, but that is also configurable. If you installed ClamAV from source your build process would tell you these things. If you installed from an RPM then who ever built your RPM has the info you need. I don't own, run, or use Linux so don't know what the developers do for fun. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Or this # clamscan -r / Dave, keep that smug attitude going. It only helps M$. Thank God I still have XP on another partition. On Dec 23, 2007 5:12 PM, Dave M [EMAIL PROTECTED] wrote: On Dec 23, 2007 7:07 PM, Baz [EMAIL PROTECTED] wrote: Dennis, Not apparently you're wrong. I spent at least two hours reading the wiki, support info from the website, various things from Google searches. Please note, that even you don't even know where it should be. This information should be readily apparent. Also, I didn't compile it, but installed pre-compiled packages from a non-official Debian repository. My main point is these Linux cheerleaders, who also whine about Microsoft's dominance, yet they can't even offer end-user-friendly applications so very basic to desktop security. Nevertheless, thank you for your input. Those darn linux cheerleaders. So how did you run your scan? You should have been left with something like this: [EMAIL PROTECTED] ~]$ clamscan test/ test/xpladv470.wmf: Exploit.WMF.A FOUND test/lsd.exe: OK test/wmf_exp.wmf: Exploit.WMF.A FOUND test/lol.exe: OK --- SCAN SUMMARY -- Or did you use a GUI? On Dec 23, 2007 4:58 PM, Dennis Peterson [EMAIL PROTECTED] wrote: Baz wrote: And where exactly is it? Do Linux developers intentionally make this shit difficult and still bitch about Windows/Norton's dominance? Please crush with all your being any desire to top post. Apparently you've not read anything yet so a good place to start is the ClamAV Wiki. The have a page especially for new users. http://wiki.clamav.net/Main/WebHome#ClamAV_for_beginners I can't tell you where your log will be because I had nothing to do with the installation, but if you run the clamconf utility it will tell you where it thinks the log is. There are a number of user-defined choices about the log which is why it is unpredictable where it is. On my Sun systems it is in /var/log and I use the syslogd logger. Those were choices I made. The clamconf utility is often located in the same path as the clamdscan and clamscan executables, but that is also configurable. If you installed ClamAV from source your build process would tell you these things. If you installed from an RPM then who ever built your RPM has the info you need. I don't own, run, or use Linux so don't know what the developers do for fun. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
On Dec 23, 2007 7:16 PM, Baz [EMAIL PROTECTED] wrote: Or this # clamscan -r / Dave, keep that smug attitude going. It only helps M$. Thank God I still have XP on another partition. Not sure why you'd scan your whole system. Personally, on a Linux system using it the way you are, I'd only be interested in scanning user directories and maybe /tmp. You'll probably get an easier, cleaner output if you try this: # clamscan -i -r / Then it's only showing the infected files. You'll have an easier time reading the output now. And don't run as root - that can be dangerous. On Dec 23, 2007 5:12 PM, Dave M [EMAIL PROTECTED] wrote: On Dec 23, 2007 7:07 PM, Baz [EMAIL PROTECTED] wrote: Dennis, Not apparently you're wrong. I spent at least two hours reading the wiki, support info from the website, various things from Google searches. Please note, that even you don't even know where it should be. This information should be readily apparent. Also, I didn't compile it, but installed pre-compiled packages from a non-official Debian repository. My main point is these Linux cheerleaders, who also whine about Microsoft's dominance, yet they can't even offer end-user-friendly applications so very basic to desktop security. Nevertheless, thank you for your input. Those darn linux cheerleaders. So how did you run your scan? You should have been left with something like this: [EMAIL PROTECTED] ~]$ clamscan test/ test/xpladv470.wmf: Exploit.WMF.A FOUND test/lsd.exe: OK test/wmf_exp.wmf: Exploit.WMF.A FOUND test/lol.exe: OK --- SCAN SUMMARY -- Or did you use a GUI? On Dec 23, 2007 4:58 PM, Dennis Peterson [EMAIL PROTECTED] wrote: Baz wrote: And where exactly is it? Do Linux developers intentionally make this shit difficult and still bitch about Windows/Norton's dominance? Please crush with all your being any desire to top post. Apparently you've not read anything yet so a good place to start is the ClamAV Wiki. The have a page especially for new users. http://wiki.clamav.net/Main/WebHome#ClamAV_for_beginners I can't tell you where your log will be because I had nothing to do with the installation, but if you run the clamconf utility it will tell you where it thinks the log is. There are a number of user-defined choices about the log which is why it is unpredictable where it is. On my Sun systems it is in /var/log and I use the syslogd logger. Those were choices I made. The clamconf utility is often located in the same path as the clamdscan and clamscan executables, but that is also configurable. If you installed ClamAV from source your build process would tell you these things. If you installed from an RPM then who ever built your RPM has the info you need. I don't own, run, or use Linux so don't know what the developers do for fun. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Baz wrote: Or this # clamscan -r / Dave, keep that smug attitude going. It only helps M$. Thank God I still have XP on another partition. Despite the fact that you are a top posting whining asshat who has no sense of personal responsibility, it's Christmas so I'm not going to tell you to kiss my a$$. Figure it out for yourself, genius. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Dave, work on your passive-aggressive lip service. Ask Santa for help. On Dec 23, 2007 5:24 PM, Dennis Peterson [EMAIL PROTECTED] wrote: Baz wrote: Or this # clamscan -r / Dave, keep that smug attitude going. It only helps M$. Thank God I still have XP on another partition. Despite the fact that you are a top posting whining asshat who has no sense of personal responsibility, it's Christmas so I'm not going to tell you to kiss my a$$. Figure it out for yourself, genius. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Sorry, Dennis work on it On Dec 23, 2007 5:25 PM, Baz [EMAIL PROTECTED] wrote: Dave, work on your passive-aggressive lip service. Ask Santa for help. On Dec 23, 2007 5:24 PM, Dennis Peterson [EMAIL PROTECTED] wrote: Baz wrote: Or this # clamscan -r / Dave, keep that smug attitude going. It only helps M$. Thank God I still have XP on another partition. Despite the fact that you are a top posting whining asshat who has no sense of personal responsibility, it's Christmas so I'm not going to tell you to kiss my a$$. Figure it out for yourself, genius. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ...heart and soulone will burn. - Joy Division -- ...heart and soulone will burn. - Joy Division ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
Baz wrote: Or this # clamscan -r / Dave, keep that smug attitude going. It only helps M$. Thank God I still have XP on another partition. Leave the troll alone guys. It's not going any where. Regards, Rick ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html