Thoughts about finding viruses in email inboxes

Sun Mar 29 16:25:19 UTC 2009

--- On Sat, 3/28/09, Matthew Flaschen <matthew.flaschen at gatech.edu> wrote:

> From: Matthew Flaschen 
snip
It reports
> > several viruses found but doesn't say what or
> where they are located.
> > In the past, clamav, would list the names and location
> but now it
> > doesn't anymore or I can't find them.
> 
> What clamav command are you running, exactly, and what
> version (of
> Ubuntu and the command)?  Have you looked at the manual
> (http://www.clamav.net/doc/latest/clamdoc.pdf) or man page
> to see if it
> has the options you want?
> 
Thanks, Matthew, for the help:

clamscan -V
ClamAV 0.94.2/9178/Sat Mar 28 21:52:31 2009

sudo clamscan -vir /
[sudo] password for lchata:

Have looked at the man page, not the manual url(note to myself to do so). Am running intrepid up-to-date.
Output of above scan:
----------- SCAN SUMMARY -----------
Known viruses: 537600
Engine version: 0.94.2
Scanned directories: 43409
Scanned files: 191168
Infected files: 5
Data scanned: 6197.88 MB
Time: 1125.166 sec (18 m 45 s)

Note: this scan was just done while answering this email.  The scan summary is
the same as for previous scans, ie, no detail as to what viruses or their location.

> I see no sign of a "hidden virus" problem.

Me, or the OP? I did not say anything about
a "hidden virus".

i did
> notice an unrelated
> database glitch similar to
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471643 but
> upgrading to
> 0.94.2/8683/Wed from hardy backports solved that.  With the
> latest
> command, this sequence works exactly as expected and
> documented:
> 
The latest Intrepid version does seem to 
have a newer version of clamav than you show above.

> mkdir -p avtest
> for i in a b c d;
> do
> dd if=/dev/urandom count=1 bs=68 of=avtest/$i
> done
> 
Sorry, don't do scripting; don't understand it.

> clamscan -i -r avtest
> wget https://secure.eicar.org/eicar.com -O avtest/c
> clamscan -i -r avtest
> 
> It prints:
> 
> avtest/c: Eicar-Test-Signature FOUND
> 
> Of course, there are other clamav options you can use, but
> this one is
> simple and in line with what you want.
> 
My options, above to answer your question, only contained an additional -v(verbose option) and the only output I had was that so many(a number) of viruses were found.  It did not give any description of what the viruses were and no mention if it was a test pattern, or test signature.  It did so in the past, IIRC, but not now.  Nor does it tell me where the viruses are located.  It did so in the past on earlier distributions as I recall.  And this is the info I would like to know how to get now.  Thanks for any info on this and I expect it would answer the OP questions also.
BTW, clamav reports that version 0.95 is available but not in Intrepid/backports. Went to the listed faq url page and found nothing but source code and unapproved deb files for Ubuntu.  What should a Ubuntu user do if he can't compile(and doesn't want to learn how at his old age) to get the latest version of clamav.

Leonard Chatagnier
lenc5570 at sbcglobal.net