How To Find the Infected Files after Running Clamavscan??

Message

michaellowe · #1 Post by **michaellowe** » Tue 28 Jul 2015, 14:18

Hello to anyone and everyone who is or isn't a definitive clamav guru, preference for the former but any help would be appreciated.
I dont run it often but when I do it makes me feel more secure.
Anyway just ran my clamavscan and it returned this:

----------- SCAN SUMMARY -----------
Known viruses: 3918521
Engine version: 0.97.3
Scanned directories: 35459
Scanned files: 340654
Infected files: 2
Total errors: 580
Data scanned: 18930.77 MB
Data read: 47810.95 MB (ratio 0.40:1)
Time: 5631.223 sec (93 m 51 s)

so it appears it works but one thing Ive never known how to do is where to find the offending infected files? my knowledge of clamav is very limited other than typing clamav in the terminal and hitting return, I dont know anything else about it? anyone knwo anything about the program and how to run it efficiently, is there man pages somewhere? i'm running the sfs so its hard to know anything?

Thanks in advance for any help,

cheers

Semme · #2 Post by **Semme** » Tue 28 Jul 2015, 14:27

You want the -r and -i switch >> http://askubuntu.com/questions/250290/h ... ith-clamav

I think /var collects a log file as well.

michaellowe · #3 Post by **michaellowe** » Tue 28 Jul 2015, 14:39

Semme wrote:You want the -r and -i switch >> http://askubuntu.com/questions/250290/h ... ith-clamav

I think /var collects a log file as well.

Yeah I tried that r switch and cant remember what happened but it did nothing I think, well at least not visually?? will try it again and report back
Thanks

michaellowe · #4 Post by **michaellowe** » Tue 28 Jul 2015, 14:42

michaellowe wrote:
Semme wrote:You want the -r and -i switch >> http://askubuntu.com/questions/250290/h ... ith-clamav

I think /var collects a log file as well.
Yeah I tried that r switch and cant remember what happened but it did nothing I think, well at least not visually?? will try it again and report back
Thanks

ok ran freshclam

and I get this:

# freshclam
ClamAV update process started at Mon Jul 27 15:38:54 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.3 Recommended version: 0.98.7
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd is up to date (version: 20733, sigs: 1499961, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 265, sigs: 47, f-level: 63, builder: neo)
[LibClamAV] ******************************************************
[LibClamAV] *** Virus database timestamp in the future! ***
[LibClamAV] *** Please check the timezone and clock settings ***
[LibClamAV] ******************************************************

what to do about these warnings, the second one seems irrelevant???
but now what about the virus database timestamp in the future warning?

Semme · #5 Post by **Semme** » Tue 28 Jul 2015, 14:46

Which pup are you running this from?

michaellowe · #6 Post by **michaellowe** » Tue 28 Jul 2015, 14:55

Semme wrote:Which pup are you running this from?

hmm seems to be working now??

at the mo I am currently running a scan on /

using this command:
clamscan -r --move=/home/USER/VIRUS /home/USER

Ive replaced the above file/directory paths with my own to suit the way I have things set up like so:

clamscan -r --move=/mnt/home/vault /

will let you know the outcome it still puts out the warning about the virus database timestamp being in the future???
and to check time and clock settings??? weird

PS. im on lucid 525

michaellowe · #7 Post by **michaellowe** » Tue 28 Jul 2015, 15:23

also found out that I didnt need to create that vault dir at mnt/home as there is already a /virus
checked the contents and it had more than 2 infected files which was the previous scans results? weird?? anyway its still chugging away will share a screenshot and you can see what you make of the contents of the /virus directory? cheers

michaellowe · #8 Post by **michaellowe** » Tue 28 Jul 2015, 15:32

found out why clamscan -r wouldnt work before:
it had the -i parameter set as well (which I assume can only mean that it lists the infected items or is supposed to???) well it didnt work like that anyway so Ive removed it and run it just as clamscan -r --move=.....
hopefully this might shed some light for other clamav users?
cheers

michaellowe · #9 Post by **michaellowe** » Tue 28 Jul 2015, 17:15

For anyone thats interested
this is the final output from several locations including the terminal
would be very interested in finding out what anyone in the know
makes of it?

Semme · #10 Post by **Semme** » Tue 28 Jul 2015, 20:02

What's this site say?

Bindee · #11 Post by **Bindee** » Sun 02 Aug 2015, 07:50

Seems to have vanished>>>>>>>>>

michaellowe · #12 Post by **michaellowe** » Sun 02 Aug 2015, 09:57

Bindee wrote:Seems to have vanished>>>>>>>>>

yeah i got similar? page never loads and wifi drop outs, their serves might be overloaded?!!

Bindee · #13 Post by **Bindee** » Sun 09 Aug 2015, 02:50

Any update on this?

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum