Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Details with full explanation of Virus infection

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


kaushalshriyan at gmail

Jul 20, 2013, 1:09 AM

Post #1 of 7 (141 views)
Permalink
Details with full explanation of Virus infection
Hi,

If any virus is infected on the linux desktop or server, can ClamAV spew
out details with full explanation of Virus infection and the remedy and
does ClamAV block on its own if there is a Virus Attack.

Regards,

Kaushal
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


alvarnell at mac

Jul 20, 2013, 1:23 AM

Post #2 of 7 (137 views)
Permalink
Re: Details with full explanation of Virus infection [In reply to]
On Jul 20, 2013, at 1:09 AM, Kaushal Shriyan <kaushalshriyan [at] gmail> wrote:

> If any virus is infected on the linux desktop or server, can ClamAV spew
> out details with full explanation of Virus infection and the remedy

No. You will be notified of the path to the infected file and the infection name. The rest is up to you. No descriptions of any infection has ever been recorded by ClamAV.

> and does ClamAV block on its own if there is a Virus Attack.

No, it will simply notify you that an infected file has been found.


Sent from Janet's iPad

-Al-
--
Al Varnell
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


kaushalshriyan at gmail

Jul 20, 2013, 2:37 AM

Post #3 of 7 (136 views)
Permalink
Re: Details with full explanation of Virus infection [In reply to]
On Sat, Jul 20, 2013 at 1:53 PM, Al Varnell <alvarnell [at] mac> wrote:

> On Jul 20, 2013, at 1:09 AM, Kaushal Shriyan <kaushalshriyan [at] gmail>
> wrote:
>
> > If any virus is infected on the linux desktop or server, can ClamAV spew
> > out details with full explanation of Virus infection and the remedy
>
> No. You will be notified of the path to the infected file and the
> infection name. The rest is up to you. No descriptions of any infection has
> ever been recorded by ClamAV.
>
> > and does ClamAV block on its own if there is a Virus Attack.
>
> No, it will simply notify you that an infected file has been found.
>
>
> Sent from Janet's iPad
>
> -Al-
> --
> Al Varnell
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>


Thanks Al Varnell. Is Linux Desktop or Server prone to Virus Attack,
trojan,worm,malware/spyware or rootkit.?

Regards

Kaushal
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


henri at nerv

Jul 20, 2013, 2:51 AM

Post #4 of 7 (136 views)
Permalink
Re: Details with full explanation of Virus infection [In reply to]
On Sat, Jul 20, 2013 at 03:07:41PM +0530, Kaushal Shriyan wrote:
> Thanks Al Varnell. Is Linux Desktop or Server prone to Virus Attack,
> trojan,worm,malware/spyware or rootkit.?
>
> Regards
> Kaushal

Yes. Lots of discussion about the subject in the internet. Try searching for
example "Linux rootkit".

---
Henri Salo
Attachments: signature.asc (0.19 KB)


greg at donor

Jul 20, 2013, 2:30 PM

Post #5 of 7 (124 views)
Permalink
Re: Details with full explanation of Virus infection [In reply to]
Oh sure... Rootkits almost *ALWAYS* take stupid user interaction to fulfill
their destiny. In other words, they MUST BE purposely installed by a user.
that is on the system. Unlike being able to do it without breaking a sweat
in Windows.

Sort of like Sony's CDROM Rootkit to make sure DRM was safe, if you put one
of their CDs in... poof autorun automagically put it on. All without user
intervention.

Or better yet, let us take a look, most of the problems with Rootkits
require access to the machine, either from the console or from a remote
login to the machine. Desktop machines running an Apache webserver out on
the internet... just asking for trouble. But most of the time it is
minimized to the user account if properly chroot'd. Among other things...

Usually if the USER gets exploited with a piece of malware, the machine
itself is fine, as long as the user didn;t automatically say "SURE" go
ahead and install this unknown and out of nowhere piece of software.

Yeah. What is the threshold for Human ignorance and trojans/virus/etc... we
can never get around that. But the Unix separation of Privileges model can
mitigate much or most of the issue.


On Sat, Jul 20, 2013 at 5:51 AM, Henri Salo <henri [at] nerv> wrote:

> On Sat, Jul 20, 2013 at 03:07:41PM +0530, Kaushal Shriyan wrote:
> > Thanks Al Varnell. Is Linux Desktop or Server prone to Virus Attack,
> > trojan,worm,malware/spyware or rootkit.?
> >
> > Regards
> > Kaushal
>
> Yes. Lots of discussion about the subject in the internet. Try searching
> for
> example "Linux rootkit".
>
> ---
> Henri Salo
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>



--
greg folkert - systems administration and support
web: donor.com
email: greg [at] donor
phone: 877-751-3300 x416
local: 616-328-6449
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


jesler at sourcefire

Jul 20, 2013, 5:27 PM

Post #6 of 7 (125 views)
Permalink
Re: Details with full explanation of Virus infection [In reply to]
On Jul 20, 2013, at 4:23 AM, Al Varnell <alvarnell [at] mac> wrote:
> On Jul 20, 2013, at 1:09 AM, Kaushal Shriyan <kaushalshriyan [at] gmail> wrote:
>
>> If any virus is infected on the linux desktop or server, can ClamAV spew
>> out details with full explanation of Virus infection and the remedy
>
> No. You will be notified of the path to the infected file and the infection name. The rest is up to you. No descriptions of any infection has ever been recorded by ClamAV.

Easiest way is to take the name of the virus and google it. You may find corresponding information on something like Virustotal to look up similar information from other vendors.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


clamav at jubileegroup

Jul 21, 2013, 6:17 AM

Post #7 of 7 (119 views)
Permalink
Re: Details with full explanation of Virus infection [In reply to]
Hi there,

On Sun, 21 Jul 2013, Greg Folkert wrote:

> ... Rootkits almost *ALWAYS* take stupid user interaction to fulfill
> their destiny. In other words, they MUST BE purposely installed by a user.
> that is on the system. Unlike being able to do it without breaking a sweat
> in Windows.

(1) Don't be too dogmatic about this. Many *nix exploits rely on
little more than that the victim's system be running a particular(ly
outdated) version of some particular software. Tools exist which can
automate scanning for likely targets, but it's a numbers game and the
probability of a successful attack on a randomly discovered victim is
more or less proportional to the number of target systems running the
vulnerable software. No matter what kind of vulnerability we consider
(direct attack on a daemon, user interaction, whatever), the numbers
of vulnerable Windows systems are likely to be orders of magnitude
greater than the numbers of vulnerable *nix systems. Attackers know
this, and they're in it for the money, so they tend not to waste their
time attacking *nix boxes randomly. Specifically targeted attacks are
in a different league, and unless you're running the IT services for a
high-value target you're unlikely to come across them, but there's no
doubt that they happen. Under some circumstances, the compromise of
one target can enable the compromise of many others. See for example

http://www.theregister.co.uk/2011/01/25/fedora_server_compromised/

> Yeah. What is the threshold for Human ignorance and trojans/virus/etc...

(2) "No one in this world has ever lost money by underestimating the
intelligence of the great masses of the plain people."

[http://thinkexist.com/quotes/henry_louis_mencken/]

> ... But the Unix separation of Privileges model can mitigate much or
> most of the issue.

(3) Windows 7 and later don't do as bad a job as earlier versions, but
there's still the pop-up box asking if it should do it, plus (2) above.

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.