Topic: Clam Antivirus Scan Results

[rexgaylord]

I followed the the pagefault howto for installing Clamavand and have the option of doing a daily scan enabled.  After initail testing and gave a few viruses caught, the daily scans started showing infected files in directories that don't seem to exist.  An example of the last e-mail below:

***********************
//var/spool/squid/00/04/0000042A: Trojan.JS.Startpage.C FOUND
/tmp/clamav-7e6c027d4c978fa2/usr/lib/libpavdll.so.3.6.0.1: W32.GriYo FOUND
/tmp/clamav-e180bb86ba8ccdcb/bin/exe/libpavdll_qm.so.3.2.1.8: W32.GriYo FOUND
/tmp/clamav-e180bb86ba8ccdcb/bin/update/download_sf.sh: Eicar-Test-Signature FOUND
/tmp/clamav-e180bb86ba8ccdcb/bin/update/test_sf.sh: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 21694
Scanned directories: 10611
Scanned files: 76414
Infected files: 5
Data scanned: 13426.26 MB
I/O buffer size: 131072 bytes
Time: 5617.092 sec (93 m 37 s)
*******************

/tmp/clamav* doesn't exist anyplace that I can find.  I'm going to clear the squid cache and see if the makes a difference on the next one, but if anybody has any suggestions I would appreciate them.

[rexgaylord]

The trojan quit showing up after clearing squid, but the two test virues and GriYo still show up in non-existent directories.  From what I can find, GriYo don't even seem to be a virus, but the nickname of a virus author.  Anybody have any ideas how to get rid of what appears to be a glitch.

/tmp/clamav-7c35688101633958/usr/lib/libpavdll.so.3.6.0.1: W32.GriYo FOUND
/tmp/clamav-2de0cc3f61ff980f/bin/exe/libpavdll_qm.so.3.2.1.8: W32.GriYo FOUND
/tmp/clamav-2de0cc3f61ff980f/bin/update/download_sf.sh: Eicar-Test-Signature FOUND
/tmp/clamav-2de0cc3f61ff980f/bin/update/test_sf.sh: Eicar-Test-Signature FOUND

[shaneL]

I also have this same problem