| Main Archive Page > Month Archives > clamav-users archives |
Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
From: Jean-Paul natola <jnatola_at_nospam>Date: Fri May 14 2010 - 16:58:24 GMT
To: <clamav-users@lists.clamav.net>
correction: I DO NOT ALLOW any mass storage devices on our windows machines
> From: jnatola@hotmail.com
> To: clamav-users@lists.clamav.net
> Date: Fri, 14 May 2010 12:54:33 -0400
> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
>
>
> I will install it now, i created this box for the sole purpose of scan usb drives, I do ALLOW any storage devices to be used on our windows machines.
>
>
>
> If i can just find a way to automate it so that I dont have to mount and run the scans manually
>
>
>
>
>
> > From: hughmac@wharton.upenn.edu
> > To: clamav-users@lists.clamav.net
> > Date: Fri, 14 May 2010 12:23:38 -0400
> > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
> >
> > And you CAN submit with a text-based browser like lynx -- assuming you're allowed to install one on that box. They work fine for the submission program: http://cgi.clamav.net/sendvirus.cgi
> >
> > -Hugh
> >
> > -----Original Message-----
> > From: clamav-users-bounces@lists.clamav.net [mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Alain Zidouemba
> > Sent: Friday, May 14, 2010 12:20 PM
> > To: ClamAV users ML
> > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
> >
> > If you can, please generate the MD5 checksum for that file and paste it here.
> >
> > Thanks,
> >
> > -Alain
> >
> > On Fri, May 14, 2010 at 12:13 PM, Jean-Paul natola <jnatola@hotmail.com> wrote:
> > >
> > > yes it is, see link
> > >
> > > http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn
> > >
> > >
> > >
> > > unfortunatley the bsd box has no web browser so I cannot get to the submission page
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >> Date: Fri, 14 May 2010 11:14:49 -0400
> > >> From: azidouemba@sourcefire.com
> > >> To: clamav-users@lists.clamav.net
> > >> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
> > >>
> > >> type the following at the command line: clamscan --help
> > >>
> > >> It will show you some of the options you have for quarantining file:
> > >>
> > >> clamscan --remove[=yes/no(*)] Remove infected files. Be careful!
> > >> clamscan --move=DIRECTORY Move infected files into DIRECTORY
> > >> clamscan --copy=DIRECTORY Copy infected files into DIRECTORY
> > >>
> > >> What about menekrug.exe? Do you believe it is malware and should have
> > >> been detected? If so, please submit to:
> > >> http://www.clamav.net/lang/en/sendvirus/
> > >>
> > >> -Alain
> > >>
> > >> On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola <jnatola@hotmail.com> wrote:
> > >> >
> > >> > Hi all,
> > >> >
> > >> >
> > >> >
> > >> > I am running clamav on a bsd box to scan USB drives, I have two questions, now that it found the virus is there a way to "clean or quarentine " the infected file"?
> > >> >
> > >> >
> > >> >
> > >> > also it gave an "OK" result to menekrug.exe see below
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND
> > >> > /mnt/usb/ISPRED/menekrug.exe: OK
> > >> > /mnt/usb/StarrsAnnLHREWR72.pdf: OK
> > >> > /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND
> > >> > /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > _________________________________________________________________
> > >> > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
> > >> > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
> > >> > _______________________________________________
> > >> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > >> > http://www.clamav.net/support/ml
> > >> >
> > >> _______________________________________________
> > >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > >> http://www.clamav.net/support/ml
> > >
> > > _________________________________________________________________
> > > The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
> > > http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
> > > _______________________________________________
> > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > > http://www.clamav.net/support/ml
> > >
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > http://www.clamav.net/support/ml
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > http://www.clamav.net/support/ml
>
> _________________________________________________________________
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml