SCIENTIFIC-LINUX-USERS Archives

May 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: is this a this virus or an error
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Tue, 28 May 2013 14:36:10 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (162 lines) 
On 05/28/2013 02:08 PM, Yasha Karant wrote:
> The latest ClamAV that I can find pre-ported fro SL6 x86-64 is
>
> http://pkgs.repoforge.org/clamav/clamd-0.97.7-1.el6.rf.x86_64.rpm

EPEL has a slightly newer version of this package:

http://koji.fedoraproject.org/koji/buildinfo?buildID=413926

>
> Will this RPM "override" dependencies in the "stock" SL distribution? EL 
> (and Linux in general) does not seem to have reliable polymorphism -- the 
> default for these sorts of dependencies generally does not seem to install a 
> different executable/library sub-tree independent of the stock distribution 
> except in so far as the same files (e.g., libraries) are used.
>
> However, ClamAV still appears to be pre-production (0.x, not 1.x).  Is it 
> stable and useful?
>
> Yasha Karant
>
> On 05/24/2013 03:01 PM, Clint Bowman wrote:
>> ClamAV seems to have a good pedigree--SANS has mentioned it frequently.
>>
>> Clint Bowman            INTERNET:    [log in to unmask]
>> Air Quality Modeler        INTERNET:    [log in to unmask]
>> Department of Ecology        VOICE:        (360) 407-6815
>> PO Box 47600            FAX:        (360) 407-7534
>> Olympia, WA 98504-7600
>>
>>          USPS:           PO Box 47600, Olympia, WA 98504-7600
>>          Parcels:        300 Desmond Drive, Lacey, WA 98503-1274
>>
>> On Fri, 24 May 2013, Yasha Karant wrote:
>>
>>> Currently, which are the "best" antivirus programs for SL 6 X86-64?
>>>
>>> I am familiar with several Linux applicable antivirus applications:
>>> Avast, BitDefender, ClamAV, AVG, amongst others,
>>> but have not tested any of these on my current environment.
>>>
>>> Any current recommendations?
>>>
>>> Yasha Karant
>>>
>>> On 05/24/2013 10:34 AM, John Lauro wrote:
>>>> Linux can get viruses too including ones that could cause the
>>>> symptoms
>>> described. Not sure what you mean by oos viruses, but the claim was
>>> blaster like, not the blaster virus. That said, it sounds suspicious
>>> like an attempt to get you to buy something. Anyways, a virus on Linux
>>> is possible, but you can use argus or tcpdump or a ton of other network
>>> monitoring tools on your machine and see if it is spewing out random
>>> connections that it shouldn't be.
>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "g" <[log in to unmask]>
>>>> To: "scientific linux users" <[log in to unmask]>
>>>> Sent: Friday, May 24, 2013 12:50:12 PM
>>>> Subject: is this a this virus or an error
>>>>
>>>> greetings.
>>>>
>>>> last night while reading articles at 'news.yahoo.com' using firefox
>>>> 17.0.6,
>>>> i had 3 pages opened and this message popped up;
>>>>
>>>> +++
>>>> Excessive Sessions Warning
>>>> Error
>>>>
>>>> Your 2701HG-B Gateway has intercepted your web page request to
>>>> provide you
>>>> with this important message. The following devices on your network
>>>> are using
>>>> a large number of simultaneous Internet sessions:
>>>>
>>>> 192.168.1.144
>>>>
>>>> The most likely cause of this issue is a ~blaster~ type virus which has
>>>> infected the device. It is strongly recommended that the devices
>>>> above be
>>>> scanned for potential viruses.
>>>>
>>>> Note that a large number of sessions may occasionally be the result of
>>>> application software or gaming software installed on the device. If you
>>>> believe this is the case, click the ~Do not show me excessive session
>>>> warnings in the future~ to disable this feature.
>>>>
>>>> To access the requested Web page that was intercepted, please close all
>>>> browser windows and then restart your Web browser software.
>>>>
>>>> If you continue to see this page after closing all open Web browser
>>>> windows,
>>>> restart your computer.
>>>>
>>>> [ ] Do not show me excessive session warnings in the future
>>>> +++
>>>>
>>>> i have, at previous times, had 8 to 10 pages opened and not received
>>>> such
>>>> a notice.
>>>>
>>>> curious as to what such a virus infected, i looked up 'blaster' at
>>>> wikipedia.org to find;
>>>>
>>>> +++
>>>> The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a
>>>> computer
>>>> worm that spread on computers running the Microsoft operating
>>>> systems: Windows
>>>> XP and Windows 2000, during August 2003.[1]
>>>>
>>>> The worm was first noticed and started spreading on August 11, 2003.
>>>> The rate
>>>> that it spread increased until the number of infections peaked on
>>>> August 13,
>>>> 2003. Filtering by ISPs and widespread publicity about the worm
>>>> curbed the
>>>> spread of Blaster.
>>>> +++
>>>>
>>>> i contacted bellsouth and the rep insisted that i had a virus that was
>>>> causing message.
>>>>
>>>> when i told her that i had doubt that it was a virus, because i run
>>>> linux
>>>> and oos viruses do not effect linux.
>>>>
>>>> she insisted that "viruses have a way of creeping into a system" and
>>>> that
>>>> for $100, i could have an online scan run to check my system.
>>>>
>>>> when i mentioned that notice stated;
>>>>
>>>>    It is strongly recommended that the devices above be scanned for
>>>> potential
>>>>    viruses.
>>>>
>>>> rep insisted that meant my computer and not the dsl modem.
>>>>
>>>> needless to say, if she did not understand what i was trying to explain
>>>> to her that i was not using oos, she has little understanding about any
>>>> virus problem.
>>>>
>>>> so, have any readers run across above notice or know of any virus
>>>> that can
>>>> enter a linux system to cause such a message to appear?
>>>>
>>>> tia.
>>>>
>>>


-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

ATOM RSS1 RSS2