[clamav-users] ClamAV Scan results

Tilman Schmidt tschmidt at cardtech.de
Fri Jan 4 09:00:10 EST 2019


Do not run clamscan over your entire filesystem.
It's a bad idea.

In your case clamscan found something looking like a virus in its own
signatures, which is hardly surprising and certainly not a sign of an
infection.

Am 04.01.19 um 13:28 schrieb Kaushal Shriyan:
> 
> when i am running clamscan 
> 
> #clamscan --infected --recursive /
> /var/lib/clamav/rfxn.hdb:
> YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
> /var/lib/clamav/rfxn.ndb:
> YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
> /var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND
> 
> [root@ clamav]# pwd
> /var/lib/clamav
> [root@ clamav]# ls -ltrh
> total 268M
> -rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd
> -rw-r--r--. 1 clamupdate clamupdate 990K Jan  2 18:00 bytecode.cld
> -rw-r--r--. 1 root       root       441K Jan  4 03:52 rfxn.ndb
> -rw-r--r--. 1 root       root       828K Jan  4 03:52 rfxn.hdb
> -rw-r--r--. 1 root       root       400K Jan  4 03:52 rfxn.yara
> -rw-r--r--. 1 clamupdate clamupdate 153M Jan  4 09:00 daily.cld
> -rw-------. 1 clamupdate clamupdate  520 Jan  4 12:21 mirrors.dat
> [root@ clamav]#
> 
> Is the CentOS Linux release 7.3.1611 (Core) server infected with
> Malware? Please suggest. Thanks in Advance.




More information about the clamav-users mailing list