[clamav-users] What would be a basic scan of my file system (Linux, CentOS 7)?
Al Varnell
alvarnell at mac.com
Sat Feb 1 07:08:42 UTC 2020
I'll let a CentOS runner respond to your first question.
> On Jan 31, 2020, at 21:28, Eduardo Lúcio Amorim Costa via clamav-users <clamav-users at lists.clamav.net> wrote:
>
> I have two questions...
>
> I - What would be a "basic scan" of my file system (Linux, CentOS 7) using clamscan? That is, what parameters should I use and what directories should I scan?
> II - Is ClamAV able to deal with "specific" Linux dangers such as rootkits, etc?
With regard to your second question, I would have to guess only partially. There are exactly 31 signatures containing the word "Linux", with 29 of them in main.ndb and main.hdb. The other two are in daily.ldb and would be the only recent additions.
The names are:
Win.Tool.Linux-1, -14, -15
Win.Trojan.Linux-2, -4, -5, -8 thru -13, -16 thru -23, -27 thru -29
Legacy.Trojan.Linux-3
Legacy.Exploit.Linux-6 and -7
Win.Exploit.Linux-24 thru -26
Unix.Trojan.Linux_DDoS_93-2 and -5364119-0
It's anybody's guess what they actually protect against and how to interpret the ones that start with "Win." indicating a Windows signature.
-Al-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200131/57b6f8fc/attachment.htm>
More information about the clamav-users
mailing list