OS is Ubuntu 7.04, no windows installed. Have found a DSME family virus screenshot attached (I hope).
Restored from chest and found in same file again. Is anyone familiar with this? Is this a false positive?
Thanks.
The only way to check for an FP is to use other scanners and the best for this are the multi-engine scanners where you upload the suspect file.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
Sorry I don’t use the unix/linux version, but I assume the providers, etc. are the same for exclusions.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
See here:
http://ubuntuforums.org/showthread.php?p=3320649
I couldn’t view the attachment but I suspect it may be the same thing.
EDIT: Duh! Sorry chrisb40, didn’t notice it was you posting there too.
I agree with what p_quarles wrote there.
I thought Linux couldn’t get a virus, that’s weird. I guess even a Mac OS X is capable of getting a virus. I would take David’s advise and try VirusTotal.
Any OS can get a virus. It is the ones that are more popular that get most of them because that is where the most damage can be done by the damn fools. As Linux gets more popilar, you will begin to see more malicious attacks on that OS.
I thought Linux couldn't get a virus, that's weird.
Well, Linux certainly can’t catch a Widows virus, which is why this looks like a false positive. A virus can sit on a Linux disc even if inactive and impossible to activate, but the name and location of this file suggest it is a legitimate log file and not malicious.
@chrisb40
I forgot to mention, you can send the file to virus[at]avast.com with a note that it is probably a false positive: mention the name and location of the detected fille.
Please,
could you pack this file (zip it with password-encryption), and send it to me? (cimbal@avast.com).
It’s probably regular wtmp log, maintained by login process - but there’s some chunk of data that we detect. Question is, whether it’s our bad signature, or something else…
regards,
pc
...zip it with password-encryption...
I’ve found this to be difficult in Ubuntu: p7Zip will do it in a Terminal, I think, but is there anything with a GUI that’ll do it? PeaZip claims to, but the GIU is buggy and the password encrypted ZIP I created and mailed to myself was unopenable with ZipGenius in Windows.
Is it possible to send it from the avast chest in the unix/linux version as that doesn’t require zip and password as avast encrypts the attachment.
I don’t think so: the option doesn’t seem to exist, but I’m a n00b in Linux.
So assuming that you have a suspect file in the chest there is no right click option to email to Alwil ?
Boy that image is butt ugly when compared to the windows version and not many options.
No option to e-mail to avast.
And the GUI does look a bit dated.
Bum*er, looks like a hard task to zip and send.
- Rapidshare file upload - Host your files with RapidShare FOR FREE! http://rapidshare.com useful if you haven’t got an email client.
- Or 4shared.com - free file sharing and storage - http://www.4shared.com/
If it is uploaded here one of us with a windows OS could send it to avast.
OK, I found a nice file archiver that will password encrypt:
Xarchiver, available via Synaptic package manager in Ubuntu.
Hopefully chrisb40 will be able to use this and we haven’t lost him along the way from his initial post.
Many thanks for your replies. New to Ubuntu so the suggestions made I’ll have a go at. Interesting that AVG doesn’t seem to detect it.
Liked the comment about the “butt ugly”, made me smile!
No problem, welcome to the forums.
Let us know how you get on.
Hm,
what’s wrong with terminal? Simply start one, and type: cd /var/log; zip -9 -e ~/virus.zip wtmp
it will ask You for password twice, and then you’ll have the file ready in you home directory.
offtopic whining:
Terminal-oriented apps can be scripted, can be easily run on remote machine, their output can be easily redirected/duplicated to logfile or piped to another application, they can be easily batch-processed, they don’t pollute address space with crappy gui-libraries that consume lots of machine time… so what’s wrong with them? GUI has no such advantages :).
Sometimes I think people want to save resources for nothing… isn’t the machine time a resource to use and not to save…? I can’t believe people defend that much the terminal without GUI…
Vasting resources for something that’s less usable is better? 