[clamav-users] ClamAV Scan results

Kaushal Shriyan kaushalshriyan at gmail.com
Fri Jan 4 07:28:52 EST 2019


I have the below details

[root@ clamav]# clamscan --version
*ClamAV 0.100.2/25267/Fri Jan  4 06:17:25 2019*
[root@ clamav]# rpm -qa | grep clamav
[root@ clamav]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@ clamav]# freshclam
ClamAV update process started at Fri Jan  4 12:25:08 2019
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
daily.cld is up to date (version: 25267, sigs: 2197794, f-level: 63,
builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder:
[root@ clamav]#

when i am running clamscan

#clamscan --infected --recursive /
YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
/var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND

[root@ clamav]# pwd
[root@ clamav]# ls -ltrh
total 268M
-rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd
-rw-r--r--. 1 clamupdate clamupdate 990K Jan  2 18:00 bytecode.cld
-rw-r--r--. 1 root       root       441K Jan  4 03:52 rfxn.ndb
-rw-r--r--. 1 root       root       828K Jan  4 03:52 rfxn.hdb
-rw-r--r--. 1 root       root       400K Jan  4 03:52 rfxn.yara
-rw-r--r--. 1 clamupdate clamupdate 153M Jan  4 09:00 daily.cld
-rw-------. 1 clamupdate clamupdate  520 Jan  4 12:21 mirrors.dat
[root@ clamav]#

Is the CentOS Linux release 7.3.1611 (Core) server infected with Malware?
Please suggest. Thanks in Advance.

Best Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190104/7995794b/attachment.html>

More information about the clamav-users mailing list