SCIENTIFIC-LINUX-USERS Archives

May 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: is this a this virus or an error
From:
Yasha Karant <[log in to unmask]>
Reply To:
Yasha Karant <[log in to unmask]>
Date:
Tue, 28 May 2013 12:08:58 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (149 lines) 
The latest ClamAV that I can find pre-ported fro SL6 x86-64 is

http://pkgs.repoforge.org/clamav/clamd-0.97.7-1.el6.rf.x86_64.rpm

Will this RPM "override" dependencies in the "stock" SL distribution? 
EL (and Linux in general) does not seem to have reliable polymorphism -- 
the default for these sorts of dependencies generally does not seem to 
install a different executable/library sub-tree independent of the stock 
distribution except in so far as the same files (e.g., libraries) are used.

However, ClamAV still appears to be pre-production (0.x, not 1.x).  Is 
it stable and useful?

Yasha Karant

On 05/24/2013 03:01 PM, Clint Bowman wrote:
> ClamAV seems to have a good pedigree--SANS has mentioned it frequently.
>
> Clint Bowman            INTERNET:    [log in to unmask]
> Air Quality Modeler        INTERNET:    [log in to unmask]
> Department of Ecology        VOICE:        (360) 407-6815
> PO Box 47600            FAX:        (360) 407-7534
> Olympia, WA 98504-7600
>
>          USPS:           PO Box 47600, Olympia, WA 98504-7600
>          Parcels:        300 Desmond Drive, Lacey, WA 98503-1274
>
> On Fri, 24 May 2013, Yasha Karant wrote:
>
>> Currently, which are the "best" antivirus programs for SL 6 X86-64?
>>
>> I am familiar with several Linux applicable antivirus applications:
>> Avast, BitDefender, ClamAV, AVG, amongst others,
>> but have not tested any of these on my current environment.
>>
>> Any current recommendations?
>>
>> Yasha Karant
>>
>> On 05/24/2013 10:34 AM, John Lauro wrote:
>>> Linux can get viruses too including ones that could cause the
>>> symptoms
>> described. Not sure what you mean by oos viruses, but the claim was
>> blaster like, not the blaster virus. That said, it sounds suspicious
>> like an attempt to get you to buy something. Anyways, a virus on Linux
>> is possible, but you can use argus or tcpdump or a ton of other network
>> monitoring tools on your machine and see if it is spewing out random
>> connections that it shouldn't be.
>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "g" <[log in to unmask]>
>>> To: "scientific linux users" <[log in to unmask]>
>>> Sent: Friday, May 24, 2013 12:50:12 PM
>>> Subject: is this a this virus or an error
>>>
>>> greetings.
>>>
>>> last night while reading articles at 'news.yahoo.com' using firefox
>>> 17.0.6,
>>> i had 3 pages opened and this message popped up;
>>>
>>> +++
>>> Excessive Sessions Warning
>>> Error
>>>
>>> Your 2701HG-B Gateway has intercepted your web page request to
>>> provide you
>>> with this important message. The following devices on your network
>>> are using
>>> a large number of simultaneous Internet sessions:
>>>
>>> 192.168.1.144
>>>
>>> The most likely cause of this issue is a ~blaster~ type virus which has
>>> infected the device. It is strongly recommended that the devices
>>> above be
>>> scanned for potential viruses.
>>>
>>> Note that a large number of sessions may occasionally be the result of
>>> application software or gaming software installed on the device. If you
>>> believe this is the case, click the ~Do not show me excessive session
>>> warnings in the future~ to disable this feature.
>>>
>>> To access the requested Web page that was intercepted, please close all
>>> browser windows and then restart your Web browser software.
>>>
>>> If you continue to see this page after closing all open Web browser
>>> windows,
>>> restart your computer.
>>>
>>> [ ] Do not show me excessive session warnings in the future
>>> +++
>>>
>>> i have, at previous times, had 8 to 10 pages opened and not received
>>> such
>>> a notice.
>>>
>>> curious as to what such a virus infected, i looked up 'blaster' at
>>> wikipedia.org to find;
>>>
>>> +++
>>> The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a
>>> computer
>>> worm that spread on computers running the Microsoft operating
>>> systems: Windows
>>> XP and Windows 2000, during August 2003.[1]
>>>
>>> The worm was first noticed and started spreading on August 11, 2003.
>>> The rate
>>> that it spread increased until the number of infections peaked on
>>> August 13,
>>> 2003. Filtering by ISPs and widespread publicity about the worm
>>> curbed the
>>> spread of Blaster.
>>> +++
>>>
>>> i contacted bellsouth and the rep insisted that i had a virus that was
>>> causing message.
>>>
>>> when i told her that i had doubt that it was a virus, because i run
>>> linux
>>> and oos viruses do not effect linux.
>>>
>>> she insisted that "viruses have a way of creeping into a system" and
>>> that
>>> for $100, i could have an online scan run to check my system.
>>>
>>> when i mentioned that notice stated;
>>>
>>>    It is strongly recommended that the devices above be scanned for
>>> potential
>>>    viruses.
>>>
>>> rep insisted that meant my computer and not the dsl modem.
>>>
>>> needless to say, if she did not understand what i was trying to explain
>>> to her that i was not using oos, she has little understanding about any
>>> virus problem.
>>>
>>> so, have any readers run across above notice or know of any virus
>>> that can
>>> enter a linux system to cause such a message to appear?
>>>
>>> tia.
>>>
>>

ATOM RSS1 RSS2