Originally posted by claydoh
View Post
-
I find it interesting, if I am guessing some of the file paths correctly (~/.local/share/akonadi/), that it is finding some of these in the akonadi database, but not in an actual email. If akonadi indexed some malware code, it would also be present in the message itself and seen by the scanner, right?Leave a comment:
-
That's a Windows Trojan.
http://www.symantec.com/security_res...011016-3514-99
Do you have installed WINE on your Linux partition?
If not the exe file cannot be executed. Perhaps a Java applet on a website you visited saved it but couldn't execute it.
What at about the possibility that Comodo is "salting the mine"?Last edited by GreyGeek; May 25, 2015, 03:06 PM.Leave a comment:
-
Sure. Here's the list of threats Comodo identified:
First time, Comodo found nine, this time six. None since then. Not really sure what that means except that I'm not running Windoze, in which case, there would be about 35 per day!Last edited by markslaw; May 25, 2015, 12:24 PM.Leave a comment:
-
Modern AV software like Comodo usually includes "heuristic" routines that look for other clues beside just signature strings.Originally posted by GreyGeek View Post
I'd be curious to see the list of "threats" as well, markslaw.Comodo AntiVirus employs various heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then the application deletes the file or recommends it for quarantine. Heuristics is about detecting virus-like behavior or attributes rather than looking for a precise virus signature that matches a signature on the virus blacklist.Leave a comment:
-
I agree. It has to be configuration. I've uninstalled flast, uninstalled firefox, disabled flash in chromium in the tools menu and it still sits there churning away. I'm almost ready to throw the thig against the wall! What are some possibilities besides flash being the culprit? What could I tweak that I haven't thought of yet?
Originally posted by TeunisLeave a comment:
-
These tools aren't don't protect against viruses.Originally posted by GreyGeek View Post
rkhunter:
chrootkit:scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Essentially, these tools look for deviations from known good defaults, with a little bit of preprogrammed awareness of certain malicious patterns.a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.Leave a comment:
-
Can an any AV detect what they don't have a signature for? I.E., if the malware' sig is not in the vaccine file.Originally posted by SteveRiley View Post
http://www.rackspace.com/knowledge_c...-with-rkhunter
I use both, running as a crib job, to verify a possible infection. I've never found an infection. Since I started using Linux in 1998 I've never been infected or hacked, although several have tried. If I even suspected an infection I would wipe the drive and re-install.Neither rkhunter nor chkrootkit are necessarily better than the other and can easily be run at the same time, giving added defence measures and peace of mind.
As with chkrootkit, rkhunter is not an active defence method. It does not prevent exploits being placed on your Server but it will inform you if there is a suspected exploit. Again, as with chkrootkit, if you have been exploited then the only real option is to reinstall with a fresh image.Last edited by GreyGeek; May 21, 2015, 03:09 PM.Leave a comment:
-
You can, but then they're running only in signature scanning mode, which means they will discover only what they already can detect. They won't be able to flag unknown but suspicious behavior.Originally posted by SecretCode View PostLeave a comment:
-
Can you run these tools from a live USB and bypass the "hiding"? Or is that not going to help?Originally posted by SteveRiley View PostLeave a comment:
-
Yes, do please provide more details. If you really do have some infections, that would be of great interest (my background is infosec).Originally posted by markslaw View Post
Installing these on an infected system is likely to be less than useful -- rootkits can hide from detectors. These tools work best when installed on a known clean machine since they look for deviations from the baseline, and the baseline can only be measured in a known clean state.Originally posted by GreyGeek View PostLeave a comment:
-
Install rkhunter and chkrootkit from the repository and run them on your machine. (Ignore the Suckit false positive). Do they see the 9 infections?Leave a comment:
Leave a comment: