Guest McGregor Posted September 20, 2008 Report Share Posted September 20, 2008 I'm an unexperienced user and new to Linux. But I know it as reliable and secure OS. Sometimes I can find some viruses on my computer - namely in wine and it's no wonder. But the other day I felt a bit confused - for training reasons I was scanning my computer with Clamav and to my astonishment it found 33 infected files. And where?! In /usr!!! I traced the whole path - /usr/share/doc/clamav/test. There were 33 infected Windows files there: ----------- SCAN SUMMARY ----------- Known viruses: 428525 Engine version: 0.94 Scanned directories: 2 Scanned files: 103 Infected files: 33 Data scanned: 1.30 MB Time: 3.655 sec (0 m 3 s) [randolph@localhost ~]$ I don't think there's any danger to my Mandriva. Most probably these viruses are to be there for some reason, but which one I have no idea. I wish someone would shed light on the issue. Quote Link to comment Share on other sites More sharing options...
David Batson Posted September 20, 2008 Report Share Posted September 20, 2008 I think that ClamAV has a tendancy for false positives. On my install of KlamAV, I have the boxes unchecked for: * Treat a Broken Executable as a Virus * Mark Encrypted Files as Suspicious BTW, the latest versions of ClamAV and KlamAV (in backports) are: * ClamAV 0.94 * KlamAV 0.44 Quote Link to comment Share on other sites More sharing options...
David Batson Posted September 20, 2008 Report Share Posted September 20, 2008 ...for training reasons I was scanning my computer with Clamav and to my astonishment it found 33 infected files. And where?! In /usr!!! I traced the whole path - /usr/share/doc/clamav/test. There were 33 infected Windows files there: After reading your post I decided to finally do a full system scan, and these same 33 viruses were on my system at the same location: /usr/share/doc/clamav/test/. If you mouse over the file entry in KlamAV, the following message is displayed: ClamAV-Test-File: clam.xxx contains the ClamAV test signature. It's not a virus. I am fairly confident this is normal and no cause for alarm. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted September 20, 2008 Report Share Posted September 20, 2008 The directory itself gives a hint in that it's test viruses for you to run the scanner against to see if it is working. Quote Link to comment Share on other sites More sharing options...
SilverSurfer60 Posted September 20, 2008 Report Share Posted September 20, 2008 Is that why its called test then? :huh: Quote Link to comment Share on other sites More sharing options...
tyme Posted September 29, 2008 Report Share Posted September 29, 2008 I'm going to bet you can safely delete the files in /usr/share/doc/clamav/test - probably even the whole test directory. No more false-positives :) (and clamav should continue to function). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.