Do not run clamscan over your entire filesystem.
It's a bad idea.
In your case clamscan found something looking like a virus in its own
signatures, which is hardly surprising and certainly not a sign of an
infection.
Am 04.01.19 um 13:28 schrieb Kaushal Shriyan:
>
> when i am running clamscan
>
> #clamscan --infected --recursive /
> /var/lib/clamav/rfxn.hdb:
> YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
> /var/lib/clamav/rfxn.ndb:
> YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
> /var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND
>
> [root@ clamav]# pwd
> /var/lib/clamav
> [root@ clamav]# ls -ltrh
> total 268M
> -rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd
> -rw-r--r--. 1 clamupdate clamupdate 990K Jan 2 18:00 bytecode.cld
> -rw-r--r--. 1 root root 441K Jan 4 03:52 rfxn.ndb
> -rw-r--r--. 1 root root 828K Jan 4 03:52 rfxn.hdb
> -rw-r--r--. 1 root root 400K Jan 4 03:52 rfxn.yara
> -rw-r--r--. 1 clamupdate clamupdate 153M Jan 4 09:00 daily.cld
> -rw-------. 1 clamupdate clamupdate 520 Jan 4 12:21 mirrors.dat
> [root@ clamav]#
>
> Is the CentOS Linux release 7.3.1611 (Core) server infected with
> Malware? Please suggest. Thanks in Advance.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
