Hi there, On Tue, 23 Jun 2009 off...@jimrailton.com wrote:
> The virus is : OF97/Tristate-C I'm afraid we geeks haven't been particularly helpful so far, so I think taking a couple of steps back and looking at the bigger picture might help you. First, ClamAV isn't your typical anti-virus package ? la AVG, McAfee, Norton, Sophos, or whatever. Clamav is designed primarily to run on a mail server, to scan email incoming to that server. Apparently you don't run a mailserver at your place of business - otherwise you would most likely be asking your questions of the people who run it, and not us - you probably use a mail server provided by your ISP. That's OK, but to some extent it limits what you could do with your incoming mail had you the skills. You don't have the skills. That's OK too. Second, ClamAV is available in the form of 'source code' which was written by the original authors. Loosely speaking you 'compile' the source code so that it can run on whatever machine you happen to have, whether it be a Mac, A Windows machine, a Linux box or even an IBM mainframe if people still use those things. To do this you need some computer skills and you have to do quite a bit of work. Forget it. You can get 'pre-compiled binaries' which somebody has built for your particular machine if you want to (when you buy practically any boxed software, what you're actually buying is pre-compiled binaries for your particular machine). In the case of ClamAV, I don't think you do want to. Third, ClamAV _can_ be used to scan files on a machine. But that's all it really does, it scans them and tells you if it thinks any of them might be infected. That doesn't sound to me like what you want. I think you want something that will 'disinfect' them. ClamAV doesn't do that. It might tell you that a file is infected (it might even be right about that:) but it would then be up to you to decide what to do about it. Now if you're scanning incoming mail, the decision is easy. You drop the mail and maybe send a message to the administrator of the system that is scanning the mail (NOT to the sender of the mail if you have any sense, because the address was most likely forged). When you scan files on a computer, things are a little more complicated. If a file is flagged as infected that might indeed mean that it's infected. You might then think that you have to do something to the file, to disinfect it. Or maybe just delete it. But it could also mean that it's an important system file that just happens to look like it's infected. This would be what we call a 'false positive'. You need to be able to make an educated guess (er, decision) about these things, to distinguish between genuine infections and false positives, because if you just romp around your operating system deleting all the files which trigger ClamAV (or any other virus scanner) you might find that you've done more damage to the operating system than the virus would ever have done. > ... we just need to make these machines limp along for a couple more > months until our new database system for filemaker 9 is written. Hohohohohohohohoho... > My main worry, as this is apparently a 'low threat virus' and isn't > really affecting us, but when I send a word doc to someone it is > either erased, or says it has a virus. Please don't knowing send viruses to people. You really do need to become a more responsible computer user. > As I was going to do some work from home and needed to take files > from the affected machine, I didn't want to infect my brand new mac > book pro! But you don't mind infecting everyone else to whom you send mail? > So I was just trying to see whether I could kill the virus on these > machines before moving any files. Yes, you can do that. But not with ClamAV. You can get things for free on the Internet which will do what you want, but be careful about what you believe. Stick with well-known products which have been recommended by people with good knowledge. Look at the reviews in the magazines. Read the Web sites of the well-known purveyors of anti-virus products, in particular what they have to say about your virus infection and how their product handles it. > I suppose once they are on my mac book pro they can be killed, but I > hate the thought of deliberately introducing a virus to my lovely > new machine. Machines aren't lovely. Woodpeckers are lovely (there are two young ones on the peanut feeders just outside my window). Machines are just machines. And you need to re-think your priorities. -- 73, Ged.
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
