I recently downloaded and installed avast4workstation1.0.6-1 rpm on my FC6 box. I ran a scan and found a Nutcracker virus in the file /usr/share/locale/pa/LC_MESSAGES/redhat-artwork.mo. I did a little searching on the net and found that there had been some false alarms regarding a nutcracker virus. So, I let the scan continue and at the file /sys/devices/pci0000:00/0000:00:1c.1/config the scan locked up. It locked up the entire machine. ^C wouldn’t kill it and ^D wouldn’t kill the shell. I have 3 questions:
(1) is it true that virus detections should be taken with a grain of salt since there are sometime false alarms?
(2) What is going on with the scan locking up?
(3) Is there a way to avoid it from locking up?
Sorry for any ignorance on my part. I am new to linux and new to avast.
Well, to know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
It shouldn’t lock up… What happens if you run avast as root?
As a workaround, you can add these files to the Exclusion list into the program settings.
You don’t have to be sorry. We’re all learning here
Thanks for the quick response. I will send the file to VirusTotal and let you know.
I am running the avast as root when it locks up. I have tried it several times and it locks up in the GUI enviorment and the command line at the same point.
I think that you should add /sys/* into exlusions from scan. Same for /dev/* and /proc/* as these directories are not real files/directories but interfaces for communication with linux kernel/devices.
It’s a bug in the avast! engine library. It has been fixed.
We will release a newer version of avast4workstation package after New Year’s Eve. Please, add /sys directory into exclusions list.