ClamAV: Free/opensource virus scanner

iago · December 07, 2004, 08:25 PM

Quoteiago@Slayer:~/downloads/viruses$ ~/clamav/bin/clamscan
/usr/local/home/iago/downloads/viruses/Your_money.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Counter_strike.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Document.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/price.scr: Worm.Bagle.AU FOUND
/usr/local/home/iago/downloads/viruses/mp3music.pif: Worm.SomeFool.I FOUND
/usr/local/home/iago/downloads/viruses/Garry.exe: Worm.Bagle.AG FOUND
/usr/local/home/iago/downloads/viruses/Dog.exe: Worm.Bagle.AG FOUND
/usr/local/home/iago/downloads/viruses/Price.exe: Worm.Bagle.AT FOUND
/usr/local/home/iago/downloads/viruses/Joke.scr: Worm.Bagle.AT FOUND
/usr/local/home/iago/downloads/viruses/MsgInfo.zip: Worm.Bagle.Gen-zippwd FOUND
/usr/local/home/iago/downloads/viruses/price.com: Worm.Bagle.AT FOUND
/usr/local/home/iago/downloads/viruses/text_document.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Your_complaint.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/I_search_for_you.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Joke.exe: Worm.Bagle.AU FOUND
/usr/local/home/iago/downloads/viruses/Bill.txt.exe: Worm.SomeFool.AA-2 FOUND
/usr/local/home/iago/downloads/viruses/2-Joke.exe: Worm.Bagle.AU FOUND
/usr/local/home/iago/downloads/viruses/Message.cpl: Worm.Bagle.AC FOUND

----------- SCAN SUMMARY -----------
Known viruses: 28160
Scanned directories: 1
Scanned files: 18
Infected files: 18
Data scanned: 0.34 MB
I/O buffer size: 131072 bytes
Time: 0.776 sec (0 m 0 s)
iago@Slayer:~/downloads/viruses$

www.clamav.net -- it passed my test. This is a really cool project, virus scanners are so big and commercialized that a free one, if it has the right features (stuff like realtime scan and whatnot -- I haven't got a clue if it does or not), it can do well.

Just thought people might be interested in the free alternative

Stealth · December 07, 2004, 09:16 PM

Neat! I wonder how it compares to other free offerings like my personal favorite Avast! or AVG?

iago · December 07, 2004, 09:38 PM

I've never heard of nor tried those. I like that this compiled/ran on Linux

EpicOfTimeWasted · December 07, 2004, 10:07 PM

No, clamav doesn't have realtime scanning (I'm assuming you're talking about scanning files as they're accessed). It's an excellent virus scanner though. I've ran it on my (relatively low traffic) mail server for about six months now, and it hasn't missed a beat yet. It's even caught some trojans, which even some commercial virus scanners can't always claim to do.

iago · December 07, 2004, 10:09 PM

Quote from: EpicOfTimeWasted on December 07, 2004, 10:07 PM
No, clamav doesn't have realtime scanning

Somebody should write it, then. I wonder how hard it would be to add that kind of functionality.

Newby · December 07, 2004, 11:00 PM

Giving it a run in Windows. I'll see how it fares.

Well, *refrains from swearing* it's a great way to lock your computer up.

hismajesty · December 08, 2004, 05:27 AM

<3Avast
<3Stealth

Falcon[anti-yL] · December 08, 2004, 07:02 AM

I like my McAfee Virusscan

iago · December 08, 2004, 07:31 AM

McAfee is welfare. We got their IPS system at work for a pilot, and their software doesn't even work, so they got us to send them an error log, and they gave us an email address which doesn't work. So we've gone for over two weeks without being able to get it to work. This doesn't reflect well on McAfee as a whole

EpicOfTimeWasted · January 29, 2005, 12:33 PM

Yeah, I'm bringing up a dead thread, but clamav is worth it. I checked my spam catch mailbox today, and found a phishing e-mail in it. Checked the full headers for the e-mail, and saw:

QuoteX-Amavis-Alert: INFECTED, message contains virus: HTML.Phishing.Bank-91

That's pretty damned neat when it can detect phishing attempts.

iago · January 29, 2005, 12:48 PM

Quote
iago@Slayer:~/downloads/viruses$ ~/clamav/bin/clamscan
/usr/local/home/iago/downloads/viruses/Your_money.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Counter_strike.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Document.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/price.scr: Worm.Bagle.AU FOUND
/usr/local/home/iago/downloads/viruses/mp3music.pif: Worm.SomeFool.I FOUND
/usr/local/home/iago/downloads/viruses/Garry.exe: Worm.Bagle.AG FOUND
/usr/local/home/iago/downloads/viruses/Dog.exe: Worm.Bagle.AG FOUND
/usr/local/home/iago/downloads/viruses/Price.exe: Worm.Bagle.AT FOUND
/usr/local/home/iago/downloads/viruses/Joke.scr: Worm.Bagle.AT FOUND
/usr/local/home/iago/downloads/viruses/MsgInfo.zip: Worm.Bagle.Gen-zippwd FOUND
/usr/local/home/iago/downloads/viruses/price.com: Worm.Bagle.AT FOUND
/usr/local/home/iago/downloads/viruses/text_document.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Your_complaint.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/I_search_for_you.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Joke.exe: Worm.Bagle.AU FOUND
/usr/local/home/iago/downloads/viruses/Bill.txt.exe: Worm.SomeFool.AA-2 FOUND
/usr/local/home/iago/downloads/viruses/2-Joke.exe: Worm.Bagle.AU FOUND
/usr/local/home/iago/downloads/viruses/Message.cpl: Worm.Bagle.AC FOUND
/usr/local/home/iago/downloads/viruses/Your_complaint.vbs: Worm.Bagle.Gen-vbs FOUND
/usr/local/home/iago/downloads/viruses/PlayGirls_2.exe: Worm.Maslan.B FOUND
/usr/local/home/iago/downloads/viruses/You_are_dismissed.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Alive_condom.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/loadadv407.exe: Trojan.Qhost.O FOUND
/usr/local/home/iago/downloads/viruses/You_will_answer_to_me.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/pwd02.txt.scr: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/part6.zip: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/word_doc.zip: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/letter43.txt .scr: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/You_are_dismissed.cpl: Worm.Bagle.AC FOUND
/usr/local/home/iago/downloads/viruses/PlayGirls_2-2.exe: Worm.Maslan.B FOUND
/usr/local/home/iago/downloads/viruses/Smoke.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/the_message.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Information.scr: Worm.Bagle.AF FOUND
/usr/local/home/iago/downloads/viruses/text_document-2.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Toy.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/document.zip: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/data_full-disclosure.zip: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/I_search_for_you.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/private_01_full-disclosure.zip: Worm.SomeFool.P FOUND
/usr/local/home/iago/downloads/viruses/text_document.cpl: Worm.Bagle.AC FOUND
/usr/local/home/iago/downloads/viruses/AGen1.03.exe: Worm.Plexus.B FOUND
/usr/local/home/iago/downloads/viruses/demo.exe: Worm.Plexus.B FOUND
/usr/local/home/iago/downloads/viruses/Readme.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/MoreInfo.scr: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Attach.zip: Empty file.
/usr/local/home/iago/downloads/viruses/the_message-2.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/Smoke.com: Worm.Bagle.Z FOUND
/usr/local/home/iago/downloads/viruses/upd02.cpl: Empty file.
/usr/local/home/iago/downloads/viruses/Information.cpl: Worm.Bagle.AF FOUND
/usr/local/home/iago/downloads/viruses/ALL D2JSP Scripts - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/AutoHit.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/Autotele - Wizard Setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/Colour Game Spam - Wizard.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/Cracked D2JSP - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/D2Mousepads Maphack v6.1 - Auto-setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/HC Hack.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/JHJ Anti-Detection No D2Loader - Setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/JHJ English - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/MM.Bot - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/PvP Buddy - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/SpamBot - Wizard install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/TPPK - Auto.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/WPPK - Auto.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/ZoiD's Pickit - No D2Loader Ver2.exe: Trojan.Prorat.O FOUND

----------- SCAN SUMMARY -----------
Known viruses: 28160
Scanned directories: 1
Scanned files: 62
Infected files: 62
Data scanned: 2.96 MB
I/O buffer size: 131072 bytes
Time: 0.837 sec (0 m 0 s)

:-)

Joe[x86] · January 30, 2005, 10:06 AM

iago, you have a collection of viruses you just leave there? Do you have an anti-virus that makes it so they can't do any spreading or something?

Falcon[anti-yL] · January 30, 2005, 11:49 AM

*hint* look at the topic name

Kp · January 30, 2005, 11:51 AM

First, that's a Linux system he's running on and those're Windows viruses, so they couldn't infect that system even if he did try to run them. Second, it's quite safe to have a virus on disk as long as you don't run it.

iago · January 30, 2005, 05:25 PM

Quote from: Kp on January 30, 2005, 11:51 AM
First, that's a Linux system he's running on and those're Windows viruses, so they couldn't infect that system even if he did try to run them. Second, it's quite safe to have a virus on disk as long as you don't run it.

That's correct.

I save all the viruses I find in my email/otherwise for no good reason. Although if I ever need to test a virus scanner, I can very easily. Who needs Eicar?

ClamAV: Free/opensource virus scanner

hismajesty