Hi there, The answer to the question in the subject line is
"No, please read the FAQ at http://www.clamav.org/support/faq/"; but read on... On Sun, 2 Sep 2007 [EMAIL PROTECTED] wrote: > I am a Fedora 7 user running ClamAV to protect my data on my PC > (though they're extremely rare). However today I ran into problems. > My girlfriend uses a WinXP system, which became severely infected by > viruses. Now she is going to make a system clean-up. The plan is: > > S1. Copy all her important data to a portable media; > S2. Re-format her entire file system (thus destroying everything) and > re-install WinXP; > S3. While she's doing 2, I scan the portable media using ClamAV on my > computer, and (possibly) remove the viruses which might have been > 'backed-up' along with her regular files; > S4. Copy the (possible) ClamAV-scanned data back to her computer. > > The problem is that whether Step 3 can be realized. I don't know > whether ClamAV is able to detect Win32 PE viruses. That depends on which virus. There are many that you could be talking about, the famous 'Klez' worm being one of them for example. You are asking two questions here, although you might not know it. The first question was "Can ClamAV remove the viruses?". The answer to that is "No, ClamAV doesn't do that." The second and rather different question is "Can ClamAV detect the viruses?" to which the answer is "Probably". ClamAV detects over 160,000 viruses at the moment, and it can detect PE viruses even if they're compressed. See for example http://www.clamav.org/doc/latest/signatures.pdf for more information about the virus database. After that you have to take the action that you think is most appropriate, given that ClamAV has told you that there's a problem. If I were suspicious, I would usually delete the file(s). However I would recommend that you use several virus scanners to scan your data, as no package is ever 100% effective against all viruses, and of course you don't know what's infected your girlfriend's PC. Can you not find two or three more free virus scanners for your Linux box in addition to ClamAV? Do you not have a friend who will allow you to scan a few files on his PC? Or maybe he/she will do it for you, if he/she doesn't trust the files? (Or doesn't trust you?:) > I'm fairly confident that the PE viruses could not infect my system > but I'm not sure whether I can detect them. Your Linux box cannot be infected by a Win32 PE virus since it does not use Windows Portable Executables. Perhaps if you were running a Windows emulator... > I know the above procedure is rather absurd... However I haven't > came up with other ideas. It sounds like you have little choice, as the alternative would be a massive cleanup exercise on your girlfriend's PC (assuming that we are talking about two PCs here). That might take a long time, and it might also be ineffective. You only have to miss one thing and you're back to where you started. I don't think it's absurd, unless it's absurd that you haven't yet taught your girlfriend to use Linux. :) > The situation is that she will stick to WinXP and I cannot afford a > Win32 antivirus software and worst I'm not familiar with Windows. You can afford ClamWin - it's FREE! But you MUST have the up-to-date Microsoft patches and firewalling on any Windows PC which is connected to the Internet, otherwise it can be infected within minutes. After a fresh Windows install you MUST have a firewall on the box or, better, between it and the Internet before you start to download all the patches. Otherwise it is quite likely to be infected before you have finished downloading the patches! If you're familiar enough with Linux, then you could set up your Linux box as a firewall router. All you need do is install another network card in the Linux box, enable packet forwarding, and set up iptables as needed. Then your girlfriend's PC can be connected to the second network card in your PC, which will provide adequate protection from malware which attacks the machine directly. Of course if she surfs the Internet irresponsibly or opens dangerous emails, especially with certain Microsoft products, then all your work will be for nothing. Why not find an old PC from someplace (nowadays a lot of people are giving them away because otherwise they have to pay for disposal) and put a firewall Linux distribution on it? There are many to choose from, IPCop, SmoothWall, pfSense, m0n0wall... I use both IPCop and Smoothwall and I'm very happy with them. They all have good support through mailing lists. > PS. If you find my English bad, please pardon me --- I'm not a native > Englihs speaker. Thank you for your patience. Your Englihs is fine. I know English people who can't spell as well as you do. :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
