[PLUG] What is this please?

Manas Alekar maalekar at gmail.com
Mon Dec 8 05:00:34 IST 2008


On Fri, Dec 5, 2008 at 4:40 PM, Rahul Sundaram
<sundaram at fedoraproject.org>wrote:

> म.हा.सा.ग.र wrote:
> > A good Virus scanner on non-linux platform caught these in the rpm
> > packages kept there...
> >
> >
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeaa"
> > threatType="virus" threatName="Packer.PESpin.A" action="none"
> > finalStatus= "infected" error= "infected archive"/>
> >
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-upack.exe"
> > threatType="virus" threatName="Trojan.Generic.713045" action="none"
> > finalStatus= "infected" error= "infected archive"/>
> >
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-mew.exe"
> > threatType="virus" threatName="Trojan.Generic.776592" action="none"
> > finalStatus= "infected" error= "infected archive"/>
> >
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-aspack.exe"
> > threatType="virus" threatName="Trojan.Generic.978200" action="none"
> > finalStatus= "infected" error= "infected archive"/>
> >
> > Any thoughts on this are welcome...
> >
> > Maybe a food for thought for people concerned with *el4* distribution..
>
> You mean, a not so good virus scanner as this is classic case of false
> warnings. Clamav is a anti-virus scanner in Linux that is primary used
> to scan Windows viruses. In this case, these packages come from a third
> party repository called "rpmforge" and is build for EL 4 = Red Hat
> Enterprise Linux 4. Frequently, anti-virsuses will detect other virus
> scanners as viruses because they hold some of the same patterns when
> doing brute force string matching. A good anti-viruses program wouldn't
> just rely on string matches.
>
Curious. Can you point some resources on how good antivirus programs work ?
I seem to find this interesting.

- Manas


More information about the Plug-mail mailing list