Thoughts about finding viruses in email inboxes

Mon Mar 30 05:04:24 UTC 2009

--- On Sun, 3/29/09, NoOp <glgxg at sbcglobal.net> wrote:

> On 03/29/2009 12:43 PM, NoOp wrote:
> > On 03/29/2009 09:25 AM, Leonard Chatagnier wrote:
> > 
> >>> 
snippity, snip-
> 
> Answer to your question is:
> 
> sudo clamscan -i /
> 
> The problem with adding the 'v' is that it lists
> all files scanned & the
> infected file(s) get lost among them unless you ouput to a
> log file &
> then review.
Sory NoOp, but it didn't.  Here is the output from the command intoto:
sudo clamscan -i /
[sudo] password for lchata:
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************

----------- SCAN SUMMARY -----------
Known viruses: 537601
Engine version: 0.94.2
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 2.829 sec (0 m 2 s)
lchata at ubuntu-intrepid-64bit:/var/log/clamav$

I also scanned through the cli output of the -v option and never was there a virus or test file found only scanning <file> on every line.
As you can see, it didn't even scan the entire / dir, much less recursively.  Need that -r option even if not -v-:)
sudo clamscan -ir /   worked after I got
over my windose habits and realized that I needed to wait for the scan to complete before I got any output. It did find 7 files, all ClamAV-Test-File(4) & Eicar-Test-Signature(3 files) but with so much cruft warning and error output, I had to scroll back 4 or 5 screen pages to find the virus test file data. What a pain; the developers sure screwed up on this one, IMO. Here is some of the repeating output:
WARNING: Can't open file /sys/devices/platform/i8042/serio0/drvctl                                                  
LibClamAV Error: cli_readn: read error: Invalid argument  
WARNING: Can't open file /sys/devices/virtual/net/pan0/bridge/flush                                                 
WARNING: Can't open file /sys/devices/virtual/graphics/fbcon/rotate_all                                             
LibClamAV Error: cli_readn: read error: Input/output error
WARNING: Can't open file /sys/devices/pci0000:00/0000:00:06.0/host0/scsi_host/host0/scan                            
WARNING: Can't open file /sys/devices/pci0000:00/0000:00:06.0/host0/target0:0:0/0:0:0:0/rescan                      
WARNING: Can't open file /sys/devices/pci0000:00/0000:00:06.0/host0/target0:0:0/0:0:0:0/delete                      
WARNING: Can't open file /sys/devices/pci0000:00/0000:00:06.0/host1/scsi_host/host1/scan                            
LibClamAV Error: cli_readn: read error: Input/output error 
Just a few examples plus the scan summary:
----------- SCAN SUMMARY -----------
Known viruses: 537601
Engine version: 0.94.2
Scanned directories: 43372
Scanned files: 190880
Infected files: 7
Data scanned: 6112.49 MB
Time: 949.306 sec (15 m 49 s)

Ohhh, almost forgot to say thanks!

Leonard Chatagnier
lenc5570 at sbcglobal.net