Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Dec 2014, 11:24
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Clamav-portable
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [11 Posts]  
Author Message
shinobar


Joined: 28 May 2009
Posts: 2631
Location: Japan

PostPosted: Mon 16 Jun 2014, 23:01    Post subject:  Clamav-portable
Subject description: Virus scan
 

Note that the Puppy itself need not any virus scanner. In other word, any virus scanner do nothing with the Linux system.
These virus scanners are for protecting Windows. It is effective when you are sharing data with windows on your PC, or exchanging data with other PC using email, USB, be protect by or samba and etc. Also when you are running wine on Linux.

Note2: Clamav may over detect sane files as virus. Removing these files may harm the Windows system. I recommend to scan only data files by this clamav. The windows system files are better to be protected by proper security program or by free online scan on the Windows itself.

1. Get clamav-portable-0.2.tar.gz:
http://shino.pos.to/party/bridge.cgi?puppy/opt/
2. Extract the tar ball on somewhere under HDD or USB media mounted, /mnt/home, /mnt/sdb1 and etc.
3. Click on the folder, or the AppRun in the folder.
4. Step 1-->3-->4 on the GUI menu.


May work on any Puppy 431 and later.

In general, virus scanners have a large database, so that puppy space(pupsave) easily filled up. The Clamav-portable places all in one dirctory. When you place it under some mounted point, it does not consume pyppy space.

Compiled clamav-0.98.3 on Puppy-431JP. Combined with clamvtk-1.2 made by vicmz and fellow:
http://www.murga-linux.com/puppy/viewtopic.php?t=88656

DetectBrokenExecutables is disabled because it seems doing over detection.
You can change the option by editing the clamscan.conf in the folder.

_________________
Google Chrome portable
Downloads for Puppy Linux http://shino.pos.to/linux/downloads.html

Last edited by shinobar on Wed 18 Jun 2014, 06:29; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website 
Sylvander

Joined: 15 Dec 2008
Posts: 3552
Location: West Lothian, Scotland, UK

PostPosted: Tue 17 Jun 2014, 01:36    Post subject:  

1. Followed your instructions to download and extract the tarball to /mnt/home/Clamav-portable.

2. Ran /mnt/home/Clamav-portable/clamav-portable-0.2/AppRun.
Told it to scan sda1 holding installation of WinXP that I almost never use.
I've never done any significant work on it, no internet banking, use a multi-session Puppy DVD-RW for that and nothing else.
It found 1 infected file.
Examined /mnt/home/Clamav-portable/clamav-portable-0.2/clamav/virus/clamscan-FOUND.log
It had 1 entry = "/mnt/sda1/Program Files/Common Files/Microsoft Shared/MSInfo/msinfo32.exe: Win.Trojan.7400369 FOUND"
Looks BAD! Sad
I have clicked "Quarantine files".
The file is now in "/mnt/home/Clamav-portable/clamav-portable-0.2/clamav/virus" folder.
What effect will that have on WinXP?
Can XP work OK without the use of this file?

3. Scanned 2 other partitions [sda2, sda3] used by XP.
Both are clean [no infected files found].

4. I have a Puppy->Xfe backup of the folder/file content of sda1 holding WinXP made 2013-Jan-16.
The MSInfo folder on this has 10 files [rather than 3].
I'm now scanning that backup of sda1 [oops, scanned all sda partitions in error].
It found 4 infected files.
Here are the additional infected files found:
/mnt/sdb1/backups/ASRock-H61M-S/Xfe/sda,Partitions,2013Jan16/sda5,EXT3/Mail/jwgteb8g.default/Mail/pop3.blueyonder.co-2.uk/Inbox: Heuristics.Phishing.Email.SpoofedDomain FOUND [sda5 is Puppy Home, Mail folder holds TB files]
/mnt/sdb1/backups/ASRock-H61M-S/Xfe/sda,Partitions,2013Jan16/sda3,FAT32/Windows/Run External Programs/Media Players/WMP11/portablewindowsmediaplayer11.exe: W32.Adware.Downloader.Mediaget-4 FOUND [sda3 holds Windows portables, scanned & clean previously]
/mnt/sdb1/backups/ASRock-H61M-S/Xfe/sda,Partitions,2013Jan16/sda3,FAT32/Windows/Run External Programs/Image Editing,Viewing/GIMPPortable/v2,2,17,0/App/gimp/lib/gimp/2.0/plug-ins/MapObject.exe: Win.Trojan.Agent-296317 FOUND
/mnt/sdb1/backups/ASRock-H61M-S/Xfe/sda,Partitions,2013Jan16/sda3,FAT32/Windows/Run External Programs/Anti-Spyware/1-2-3 Spyware Free/asc4.dll: Trojan.FakeAV-344 FOUND
I'm puzzled by these finds...these partitions have been scanned many times previously with no infections found.
Might these be false positives?

5. Rescanning the backup of sda1 only.
No infection found in the backup. Very Happy
Would it be a good idea to delete all XP folders/files from sd1 and replace with clean backup copies?
.
.

Last edited by Sylvander on Tue 17 Jun 2014, 02:31; edited 5 times in total
Back to top
View user's profile Send private message 
vicmz


Joined: 15 Jan 2012
Posts: 1153

PostPosted: Tue 17 Jun 2014, 01:53    Post subject: Re: Clamav-portable
Subject description: Virus scan
 

shinobar wrote:
Combined with clamvtk-1.2 made by vicmz and fellow:
http://www.murga-linux.com/puppy/viewtopic.php?t=88656


Actually it was all made by nilsonmorales, josep2424 and mama21mama. I only posted on their behalf because they aren't fluent in English. Thank you for updating it, Shinobar. Very Happy

_________________
OB Precise 14.07.26 Woof-CE|Puppy Linux en español
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3552
Location: West Lothian, Scotland, UK

PostPosted: Tue 17 Jun 2014, 11:48    Post subject:  

Discovered that when I was scanning the backups as per my previous post above, those partition backups were made when I had Win2000Pro on sda1.
So I found the correct backup made just after I'd replaced Win2000Pro with WinXP.
So...

1. Scanned "/mnt/sdc1/backups/ASRock-H61M-S/Xfe/WinXP,on,NTFS/131209_firstbackup,newly,installed".
An infected file was found:
/mnt/sdc1/backups/ASRock-H61M-S/Xfe/WinXP,on,NTFS/131209_firstbackup,newly,installed/Program Files/Common Files/Microsoft Shared/MSInfo/msinfo32.exe: Win.Trojan.7400369 FOUND
Now have 2 copies of this same infected file; one from the backup, the other from sda1.
So this XP was infected very early in its life.
I've quarantined both copies.
Not sure if I should restore the backup.
Back to top
View user's profile Send private message 
Al1000

Joined: 15 Apr 2014
Posts: 52

PostPosted: Tue 17 Jun 2014, 12:56    Post subject:  

My experience with ClamAV is that it often reports false positives, and I understand it is reported to be notorious for this when it's being used to scan operating system files, rather than as an email scanner for servers which is what it was originally designed as.

Search the internet for - ClamAV - in conjunction with the names of any ''Trojans'' etc that it reports, and you should find results such as this:

https://www.virustotal.com/en/file/1d5cae50081a57e7b55bef220788d9065483ff1a8d39c3ca8df39f60cdf231af/analysis/
Back to top
View user's profile Send private message 
nilsonmorales


Joined: 15 Apr 2011
Posts: 536
Location: El salvador

PostPosted: Wed 18 Jun 2014, 00:32    Post subject:  

There's a newer Clamvtk.
commits are welcome
Clamvtk in Github


_________________
My blog


Back to top
View user's profile Send private message MSN Messenger 
shinobar


Joined: 28 May 2009
Posts: 2631
Location: Japan

PostPosted: Wed 18 Jun 2014, 06:28    Post subject: Be caution  

Add note2:
Clamav may over detect sane files as virus. Removing these files may harm the Windows system. I recommend to scan only data files by this clamav. The windows system files are better to be protected by proper security program or by free online scan on the Windows itself.

_________________
Google Chrome portable
Downloads for Puppy Linux http://shino.pos.to/linux/downloads.html
Back to top
View user's profile Send private message Visit poster's website 
tony

Joined: 14 Jan 2006
Posts: 319
Location: Montreal.ca

PostPosted: Wed 18 Jun 2014, 07:17    Post subject:  

Hi,

many thanks for all involved in the portable version of clamav.

However, it does need some fine tuning and some help is required.

For instance it found one infected Email and quarantined my inbox.

I am pleased with it however and thanks again.

Regards Tony
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3552
Location: West Lothian, Scotland, UK

PostPosted: Wed 18 Jun 2014, 10:34    Post subject: Re: Be caution  

shinobar wrote:
...Clamav may over detect sane files as virus. Removing these files may harm the Windows system.

I checked each of the files at www.virustotal.com
Kept only 1 file [see below] in the virus vault, and returned all the others.
KEPT:
/mnt/sdb1/backups/ASRock-H61M-S/Xfe/sda,Partitions,2013Jan16/sda3,FAT32/Windows/Run External Programs/Media Players/WMP11/portablewindowsmediaplayer11.exe: W32.Adware.Downloader.Mediaget-4 FOUND
Here's the analysis window "Detection Ratio = 22/54"
All the others had very low detection ratios.
Back to top
View user's profile Send private message 
ASRI éducation


Joined: 09 May 2009
Posts: 2648
Location: France

PostPosted: Wed 18 Jun 2014, 17:55    Post subject: Re: Clamav-portable
Subject description: Virus scan
 

shinobar wrote:
clamav-portable-0.2.tar.gz

Thank you shinobar.

_________________
Projet ASRI éducation => Association | Forum | Dépôt | Espace kids
Back to top
View user's profile Send private message Visit poster's website 
morochos

Joined: 27 Aug 2013
Posts: 8

PostPosted: Fri 31 Oct 2014, 11:45    Post subject: Scan home partition  

Hi. I have two partions in my PC, one for windows and the "home" for linux.
This portable version works very well for analyzing the fat windows partition, however, when I try to analyze the "home", clamav ends the scan doing nothing.
Please tell me how to scan my "home" partition with clamav-portable
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [11 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0795s ][ Queries: 12 (0.0036s) ][ GZIP on ]