[Clamav-users] Don't know what to do with infected files

Mon, 12 Mar 2007 02:39:27 -0800 

Hi there,
sorry to bother you but I am new to ClamAV (on fedora core 6). I ran clamscan on my laptop and got a message telling me that I have 3 files infected. One is in my mail . I browed the FAQ and find a way supposed (by using the --debug option) to tell the number of the infected message so that I could get rid of it. First : I ran the clamscan --debug -l fich -r /.... command in a console. Where should I find the line telling me which of my messages is infected ? In the console or ine the fich file given in the command ? But maybe it does not work with thunderbird. If it is in the console, then I have another problem because during the debug process there are a bunch of info scroling down the screeen at incredible speed, and after a moment I don't know why but the characters go wild (except numbers) so that I cannot read anything on the screen. Of course I could delete the entire content of the mail box (by the way would it be enough action taken ? because nowhere in the manual it is said how to handle infected files (although in the FAQ it is hinted that desinfecting such files would be mainly a waste of energy...) ). This would waste me a lot of valuable messages that I keep, but more I would not know where the infected message comes from (for future precaution). The second file infected is in my windows partition under the root directory (I got this result :media/hda2/pagefile.sys: Exploit.HTML.MHTRedir-8 FOUND). hda2 is my windows partition. This file is 1.3G large (from what nautilus sees/says). Again is simply deleting enough ? I s it usually a windows file ? The third one is more confusing to me since it is a zipped file that I donwloaded from the US Samsung site when I tried to upgrade my Yepp 920 studio and firmware (mp3 player interface). The scan tells me that it is an oversized archive. Is there a way for clamAV to be sure of that (I mean in a MD5 sum sort of way) ? Because it is only 50Mo. 

Thank you for your responses and advices.

--
Laboratoire de Pharmacologie - Physiologie CERMN
UFR des Sciences Pharmaceutiques
Université de Caen Basse Normandie
5 rue Vaubénard
14032 Caen cedex
Tél/fax (33) 02 31 94 72 55


        

        
                

___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.

http://fr.mail.yahoo.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html






















					Reply via email to