Portal Home > Knowledgebase > Articles Database > clamscan -r /home says I have infected files


clamscan -r /home says I have infected files




Posted by psalm91, 08-21-2013, 01:15 PM
I have about 69 infected files after I scan clamscan -r /home But how to disinfect ? Don't want to just remove isn't there quarantine option?

Posted by devonblzx, 08-21-2013, 01:55 PM
http://askubuntu.com/questions/17144...te-with-clamav

Posted by psalm91, 08-21-2013, 02:38 PM
My brain recently not working well more easy way? straight commands in here

Posted by SPINIKR-RO, 08-21-2013, 03:06 PM
Clamscan -r /home will scan into directories past /home "But how to disinfect ? Don't want to just remove isn't there quarantine option?" Several things here, You need to probably shed light on where these files are located since you are -r. It depends on what type of infection and where it is. Like a busted Wordpress site in a jailed account then the best course of action would be to remove that directory and reinstall. But honestly with the information provided there is no way to help you in your next course of action. You could do something like #clamscan -ri move=/tmp/scan/ /home This would output only the file and path to which is infected and move them to /tmp/scan/ - though again just removing something does not mean the exploit is patched and system secure.

Posted by psalm91, 08-21-2013, 09:37 PM
Thanks Where can I see the details of the scan report?

Posted by Kailash12, 08-22-2013, 02:29 AM
Run clamscan -ri /home This will show only the list of infected files. If you do not want to remove them, you will need to find the offending codes from the infected files.

Posted by tnhadmin, 08-22-2013, 11:50 AM
You can use following website too. http://sitecheck.sucuri.net/scanner/

Posted by dragonvps, 08-23-2013, 04:46 AM
I never use clamav for quarantine nor delete. clamav is very usefull for scanning the malware but sometimes it reported false positive when scan script encoded by base64. You need to check the reported files one by one and delete the infected lines.

Posted by psalm91, 08-26-2013, 12:25 PM
when I scan I see a lot of /usr/local/cpanel/modules-install/clamavconnector-Linux-x86_64/clamav-0.97.8/test/clam_cache_emax.tgz: ClamAV-Test-File FOUND so many I suppose they are false positive? How can I disclude these?

Posted by dragonvps, 08-26-2013, 08:12 PM
please paste 1 infected file here so other can check the file



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read