On Tue, 6 Aug 2024, Philip Rhoades via clamav-users wrote:
People,
I have been using Linux since the 0.9 kernel days and had to deal with the
first worm to an infect a Linux system many years ago. I haven't allowed
remote ssh access to any of my LANs for a long time now but of course crap
still comes in via email - mostly spam but also from infected computers of
friends, family and colleagues.
Periodically I have installed CAV and then quarantined nasties etc but I have
always wondered: Is it possible to (incrementally?) install anti-malware to
an infected machine and gradually clean up all the file systems? - or does it
require booting from a live, clean USB system and scanning the mounted HD
file systems to be more confident that the system will be cleaned properly?
I always imagined that really smart malware would not just have mechanisms
for avoiding detection but would also be able to actively thwart / disable
any anti-malware setup that was installed on an already-infected system?
Thanks for any feedback or links to info on this sort of stuff! It is major
PITA that we have to deal with this crap at all - but that is the state of
affairs I guess . .
AIUI, ClamAV is a malware detection tool, not a malware removal tool.
It can remove or quarantine a file when something is detected,
but false-positives exist and even quarantining a system file could break
the machine.
What you should do it ClamAV finds something depends on what was found,
how
it was found and possibly even what sort of system it is.
If certain Windows malware is found already on a Windows machine,
wiping the disk and reinstalling may be the only safe thing to do.
On the other hand, if a Linux mail server rejected an incoming external
mail
because some Windows malware was detected, it might not be necessary to do
anything at all at your end, just polite to warn the sender's IT team.
But yes, even on Unix, malware exists that can only be cleaned by reboot
from a different clean boot medium, or equivalently moving the system disk
to another machine ...
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
