[opensuse] Virus Scan

newer
[opensuse] Disabling updater applet

Stan Goodman

22 Oct 2010 22 Oct '10

10:45

I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)". Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any. I would appreciate advice on how to proceed and what tool(s) to use for this. -- Stan Goodman Qiryat Tiv'on Israel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Show replies by date

Bogdan Cristea

22 Oct 22 Oct

10:51

On Friday 22 October 2010 13:45:28 Stan Goodman wrote:

...

have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

Bitdefender offers a free version for unices. -- Bogdan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Stan Goodman

11:10

At 12:51:25 on Friday Friday 22 October 2010, Bogdan Cristea wrote:

...

On Friday 22 October 2010 13:45:28 Stan Goodman wrote:

...
have received a message from my hosting service informing me that they

have found that my FTP password has been compromised by an intruder

or a

...
trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

Through YaST I have searched the usual repos plus Packman to find

software

...
to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information,

but

...
so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

Bitdefender offers a free version for unices.

Thanks... -- Stan Goodman Qiryat Tiv'on Israel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Michael S. Dunsavage

10:57

On 10/22/2010 06:45 AM, Stan Goodman wrote:

...

I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

clamav. It's in the repos. But it seems you have more serious problems too. -- Michael S. Dunsavage -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Stan Goodman

11:07

At 12:57:33 on Friday Friday 22 October 2010, "Michael S. Dunsavage" wrote:

...

On 10/22/2010 06:45 AM, Stan Goodman wrote:

...
I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

clamav. It's in the repos.

I did install clamav and also the GUI for it, and tried to load it (Alt- F2), but have not seen anything appear. I would like to see at least acknowledgment that it is present, and maybe some remarks on how to use it. But anyway, according to the brief paragraph from YaST, it is for email viruses, which I do not think is pertinent in this case.

...

But it seems you have more serious problems too.

Many, some of them even unconnected with openSuSE. -- Stan Goodman Qiryat Tiv'on Israel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Michael S. Dunsavage

13:10

On 10/22/2010 07:07 AM, Stan Goodman wrote:

...

At 12:57:33 on Friday Friday 22 October 2010, "Michael S. Dunsavage" wrote:

...
On 10/22/2010 06:45 AM, Stan Goodman wrote:

...
I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

clamav. It's in the repos.

I did install clamav and also the GUI for it, and tried to load it (Alt- F2), but have not seen anything appear. I would like to see at least acknowledgment that it is present, and maybe some remarks on how to use it. But anyway, according to the brief paragraph from YaST, it is for email viruses, which I do not think is pertinent in this case.

...
But it seems you have more serious problems too.

Many, some of them even unconnected with openSuSE.

the command to use is clamscan -- Michael S. Dunsavage -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Chuck Payne

13:28

On Fri, Oct 22, 2010 at 9:10 AM, Michael S. Dunsavage wrote:

...

On 10/22/2010 07:07 AM, Stan Goodman wrote:

...
At 12:57:33 on Friday Friday 22 October 2010, "Michael S. Dunsavage" wrote:

...
On 10/22/2010 06:45 AM, Stan Goodman wrote:

...
I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

clamav. It's in the repos.

I did install clamav and also the GUI for it, and tried to load it (Alt- F2), but have not seen anything appear. I would like to see at least acknowledgment that it is present, and maybe some remarks on how to use it. But anyway, according to the brief paragraph from YaST, it is for email viruses, which I do not think is pertinent in this case.

...
But it seems you have more serious problems too.

Many, some of them even unconnected with openSuSE.

the command to use is

clamscan

-- Michael S. Dunsavage

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

There is also a free very of AVG for linux. -- ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- en.opensuse.org/User:Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. www.susestudio.com. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Mark Misulich

16:43

...

...
...
...
I did install clamav and also the GUI for it, and tried to load it (Alt- F2), but have not seen anything appear. I would like to see at least acknowledgment that it is present, and maybe some remarks on how to use it. But anyway, according to the brief paragraph from YaST, it is for email viruses, which I do not think is pertinent in this case.

Hi, why don't you install klamav, it is a easy gui for clamav? You can find it in Yast. A second antivirus that you can install is f-prot, I think it may work better at finding viruses than klamav. It is a command line scanner but it is easy to install and use. You can get it from here: http://www.f-prot.com/download/trial_forms/linux-ws-tgz.html Once you download it, move the tarball to /opt. Extract it there, and then to install it follow the instructions in the readme file. The instructions for updating virus definitions and scanning are also in the readme file. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Stan Goodman

16:39

At 15:10:49 on Friday Friday 22 October 2010, "Michael S. Dunsavage" wrote:

...

the command to use is clamscan

I guess that's why they call it clamva. I never would have tumbled to the different name. -- Stan Goodman Qiryat Tiv'on Israel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Carlos E. R.

11:18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2010-10-22 at 12:45 +0200, Stan Goodman wrote:

...

I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

That's probably just the copy-pasted stock advise.

...

Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

Install clamav, then activate system service "freshclam" to keep it updated. Then run "clamav /" and let it run. Clamav doesn't have a great hit ratio. You can also install "antivir", which is gratis for personal use, but not free, update it manually (antivir --update), then scan from root. Both work on a terminal. Forget GUIs. The real problem is the security setup on your hosting service. It is they who have a problem. FTP passwords are usually not encrypted, they can be sniffed. Or they were subject to a dictionary attack. Or somebody just guessed your password. Make sure you use a difficult password, symbols and letters and as long as you can use. Do not reuse passwords on two sites, always use different passwords. Malicious software can be used to set up a network of bots that try to break up (guess) the passwords of sites, too. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzBcx4ACgkQtTMYHG2NR9X+EACfelzsuuaFnojH6QjNNgLQNNSL XgsAnjOhZbhI1WLa0n946mKAdyQxqFcb =cvww -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Mark Goldstein

11:35

On Fri, Oct 22, 2010 at 1:18 PM, Carlos E. R. wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Friday, 2010-10-22 at 12:45 +0200, Stan Goodman wrote:

...
I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

That's probably just the copy-pasted stock advise.

I agree with Carlos. They most probable have a problem themselves. In cases when such a message also contains suggestion to scan your computer with their on-line scanner or install their scanner, it is most probable an attack.

...

...
Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

Install clamav, then activate system service "freshclam" to keep it updated. Then run "clamav /" and let it run.

Clamav doesn't have a great hit ratio. You can also install "antivir", which is gratis for personal use, but not free, update it manually (antivir --update), then scan from root.

Both work on a terminal. Forget GUIs.

There are also free Linux versions of quite popular AVG and AVIRA (I used only MS-Windows versions of these anti-viruses): http://en.kioskea.net/download/download-110-avira-antivir-personal-free-for-... http://free.avg.com/us-en/download.prd-alf -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Carlos E. R.

13:01

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2010-10-22 at 13:35 +0200, Mark Goldstein wrote:

...

On Fri, Oct 22, 2010 at 1:18 PM, Carlos E. R. <> wrote:

...

...
That's probably just the copy-pasted stock advise.

I agree with Carlos. They most probable have a problem themselves. In cases when such a message also contains suggestion to scan your computer with their on-line scanner or install their scanner, it is most probable an attack.

AH, yes! I forgot to mention that often those messages are forged, and are in fact a phising atack themselves. Real messages from providers and institutions should be cryptographically signed. I haven't ever seen one such. :-( - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzBixEACgkQtTMYHG2NR9W7BQCfTujXRVYOplkEaFUNZ7H5MS4X zPgAmwXdzrzMkb8XvHs/P3qLSchrA1iC =t4tS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Stan Goodman

17:21

At 13:35:56 on Friday Friday 22 October 2010, Mark Goldstein wrote:

...

On Fri, Oct 22, 2010 at 1:18 PM, Carlos E. R.

wrote:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Friday, 2010-10-22 at 12:45 +0200, Stan Goodman wrote:

...
I have received a message from my hosting service informing me that they have found that my FTP password has been compromised by an intruder or a trojan, and that they have cleaned it of malicious software and given it a temporary password. They urge me to perform a "full anti-viral scan on your local PC (using an in-depth scanner)".

That's probably just the copy-pasted stock advise.

I agree with Carlos. They most probable have a problem themselves. In cases when such a message also contains suggestion to scan your computer with their on-line scanner or install their scanner, it is most probable an attack.

...
...
Through YaST I have searched the usual repos plus Packman to find software to make such a scan, but there is little there, and all of it seems to be for mail gateways or proxies, which I think are not relative. I've also searched the Web. especially openSuSE pages, for helpful information, but so far have not recognized any.

I would appreciate advice on how to proceed and what tool(s) to use for this.

Install clamav, then activate system service "freshclam" to keep it updated. Then run "clamav /" and let it run.

Clamav doesn't have a great hit ratio. You can also install "antivir", which is gratis for personal use, but not free, update it manually (antivir --update), then scan from root.

Both work on a terminal. Forget GUIs.

There are also free Linux versions of quite popular AVG and AVIRA (I used only MS-Windows versions of these anti-viruses): http://en.kioskea.net/download/download-110-avira-antivir-personal-free -for-linux-freebsd-openbsd-solaris http://free.avg.com/us-en/download.prd-alf

Thanks for the advice and the information, Carlos and Mark... -- Stan Goodman Qiryat Tiv'on Israel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

23 Oct 23 Oct

00:02

On 10/22/2010 06:18 AM, Carlos E. R. wrote:

...

The real problem is the security setup on your hosting service. It is they who have a problem. FTP passwords are usually not encrypted, they can be sniffed. Or they were subject to a dictionary attack. Or somebody just guessed your password.

Dunno if they offer it, but 'sftp' or 'rsync -e ssh' can solve this problem. (I know 90% of you know, but just for sake of completeness) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Stan Goodman

24 Oct 24 Oct

19:20

At 02:02:25 on Saturday Saturday 23 October 2010, "David C. Rankin" wrote:

...

On 10/22/2010 06:18 AM, Carlos E. R. wrote:

...
The real problem is the security setup on your hosting service. It is they who have a problem. FTP passwords are usually not encrypted, they can be sniffed. Or they were subject to a dictionary attack. Or somebody just guessed your password.

Dunno if they offer it, but 'sftp' or 'rsync -e ssh' can solve this problem.

(I know 90% of you know, but just for sake of completeness)

It's moot. Neither of the above are offered. -- Stan Goodman Qiryat Tiv'on Israel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Harrie Baken

22:26

Hallo Stan Goodman, op 2010-10-24 21:20 schreef je:

...

...
...
Dunno if they offer it, but 'sftp' or 'rsync -e ssh' can solve this problem.

(I know 90% of you know, but just for sake of completeness) It's moot. Neither of the above are offered.

Demand it. (Well, at least give it a try..) Last April someone was ftp'ing php stuff to 'my' webserver. I asked for ssh access. My provider: 'We don't allow ssh, it's dangerous.' and: 'Those crooks do password sniffing, with Gumblar e.g., so you have a virus on your computer.' WTF, I said in Dutch, and I proved that this was impossible. It took a few mails and phone calls, but finally they had to admit that something was wrong with their security. I got ssh access. -- Harrie Baken | Tekstbureau TekstBaken http://www.tekstbaken.nl/ IRCNet #TekstBaken | Skype: harricot Geregistreerd Linuxgebruiker #366560 | openSUSE 11.3 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

4941

Age (days ago)

4943

Last active (days ago)

List overview

Download

15 comments

9 participants

participants (9)

Bogdan Cristea
Carlos E. R.
Chuck Payne
David C. Rankin
Harrie Baken
Mark Goldstein
Mark Misulich
Michael S. Dunsavage
Stan Goodman