[PLUG] What is this please?

Sudhanwa Jogalekar sudhanwa.com at gmail.com
Mon Dec 8 16:03:31 IST 2008


On Thu, Dec 4, 2008 at 10:35 AM, म.हा.सा.ग.र <o.s.h.o at guruvision.com> wrote:
> A good Virus scanner on non-linux platform caught these in the rpm
> packages kept there...
>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeaa"
> threatType="virus" threatName="Packer.PESpin.A" action="none"
> finalStatus= "infected" error= "infected archive"/>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-upack.exe"
> threatType="virus" threatName="Trojan.Generic.713045" action="none"
> finalStatus= "infected" error= "infected archive"/>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-mew.exe"
> threatType="virus" threatName="Trojan.Generic.776592" action="none"
> finalStatus= "infected" error= "infected archive"/>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-aspack.exe"
> threatType="virus" threatName="Trojan.Generic.978200" action="none"
> finalStatus= "infected" error= "infected archive"/>
>
> Any thoughts on this are welcome...
>
> Maybe a food for thought for people concerned with *el4* distribution..
>
> --

Do not come to conclusions so fast.
This is what section 4.3 of the clamav document says:

(After the installation of clamav, you should test the installation like this:)

Try to scan recursively the source directory:
$ clamscan -r -l scan.txt clamav-x.yz
It should find some test files in the clamav-x.yz/test directory. The
scan result will be
saved in the scan.txt log file

I think the virus scanner is trapping the sample test files in the
clamav package.

Just try to install the said rpm and test the installation as above.
It should give similar results.

Regards
-Sudhanwa


More information about the Plug-mail mailing list